Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection "extension.citypage" plus can't run anti-malware progs


  • This topic is locked This topic is locked
10 replies to this topic

#1 scorcher64

scorcher64

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 February 2018 - 05:18 PM

I first noticed I had a problem when I was doing Google searches and kept getting redirected to Bing. While paying attention to the URL, for a brief moment I noticed some site saying "extension.citypage". Right away I suspected some adware/malware infection. First thing I did was a scan using Malwarebytes. Cleaned up whatever it found and rebooted my PC. Tried doing another Google search and the redirect issue remained. Next, I tried doing manual removal methods that were suggested but none of the registry entries seem to exist for me nor can I force-terminate suspicious processes. Looking to see where those processes came from, I noticed it came from directories I can't seem to even access, not even in safe mode despite using an admin acct. The two folder names are "spevnth" and "wdrpklg" and they're located in C:\Users\<username>\AppData\Local\.

 

I tried doing smart scans with my other anti-malware progs: Windows Defender, ADWCleaner, Emsisoft Emergency Kit, HitmanPro, and Avast AV and they picked up nothing. I tried using additional malware programs for more serious infections and noticed another underlying issue. Whatever infection keeps disabling Malwarebytes Live Protection as well as a few other things: 

 

I could not run or install other anti-malware programs... not even in minimal safe mode. These are the ones I tried:

Comodo Internet Security Suite (couldn't install)

HijackThis (couldn't run)

Junkware Removal Tool (gets stuck at scanning browsers)

Spybot S&D (v1.6.2 couldn't install; v2.6 can install but couldn't update definitions - update service couldn't run)

SpyHunter (couldn't install)

Zemana (can install, but can't update definitions and crashes when trying to run)

Sophos AV and anti-rootkit (couldn't install)

 

Since this has started I've also been getting a "FLTMGR File System" blue screen error if I try to log into Windows too fast; have to wait like 5-10 secs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Blade (administrator) on BLADE-PC (06-02-2018 16:09:46)
Running from D:\Downloads\virus-ad-mal remover
Loaded Profiles: Blade (Available Profiles: Blade & Kaze & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\dsarcumsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.19\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
() D:\Program Files (x86)\No-IP\ducservice.exe
(SoftwareForMe Inc) D:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Scarlet.Crush Productions) D:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(DEVGURU Co., LTD.) D:\USB Drivers\25_escape\conn\ss_conn_service.exe
(Fitbit, Inc.) D:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(AOMEI Tech Co., Ltd.) D:\Program Files (x86)\AOMEI Backupper\ABService.exe
(SoftwareForMe Inc) D:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Copyright 2017.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(EVGA Corp.) D:\Program Files (x86)\EVGA\Precision XOC\PrecisionX_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics Co. Ltd.) D:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
() D:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
(Valve Corporation) D:\Program Files (x86)\Valve\Steam\Steam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
() D:\Program Files (x86)\No-IP\DUC40.exe
(Samsung) D:\Kies\Kies.exe
(Samsung) D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Fitbit, Inc.) D:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Blizzard Entertainment) D:\Program Files (x86)\Battle.net\Battle.net.exe
(LAN Messenger) D:\Program Files (x86)\LAN Messenger\lmc.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\old_39194_Overwolf.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.109.2.16\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.109.2.16\OverwolfBrowser.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Scarlet.Crush Productions) D:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.109.2.16\Purplizer\Purplizer.exe
(Nullsoft, Inc.) D:\Program Files (x86)\Winamp\winampa.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.109.2.16\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.109.2.16\OverwolfHelper64.exe
(Curse) C:\Users\Blade\AppData\Local\Apps\2.0\1OKZC47L.W3M\7K2DVHXM.YG1\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) D:\Kies\KiesTrayAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Twitch Interactive, Inc.) C:\Users\Blade\AppData\Roaming\Curse Client\Bin\Twitch.exe
(Twitch Interactive, Inc.) C:\Users\Blade\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Blade\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Blade\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Blade\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
() D:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(MobiSystems Inc.) D:\Program Files (x86)\MobiSystems\OfficeSuite\OfficeSuite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.6017\Agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Blade\AppData\Local\spevnth\atbzmhx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Blizzard Entertainment) D:\Program Files (x86)\Battle.net\Battle.net.9799\Battle.net Helper.exe
(Valve Corporation) D:\Program Files (x86)\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Tweaking.com) D:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Program Files (x86)\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1712.3351.0_x64__8wekyb3d8bbwe\Calculator.exe
(Blizzard Entertainment) D:\Program Files (x86)\Battle.net\Battle.net.9799\Battle.net Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Blade\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Blade\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Perfect World Entertainment Inc) D:\Program Files (x86)\Perfect World Entertainment\Arc\Arc.exe
(Perfect World Entertainment Inc) D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcChat.exe
() D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcOSBrowser.exe
() D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcOSBrowser.exe
() D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcOSBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(VS Revo Group) D:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17662072 2017-07-10] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-26] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM\...\Run: [ZAM] => D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [WinampAgent] => D:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-25] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => d:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-26] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-01-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [DivXMediaServer] => d:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1057240 2017-11-17] (DivX, LLC)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [555832 2014-03-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Arc] => D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [414744 2017-09-27] (Perfect World Entertainment)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => D:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
HKLM-x32\...\Run: [OfficeSuite] => D:\Program Files (x86)\MobiSystems\OfficeSuite\OfficeSuite.exe [402088 2018-01-10] (MobiSystems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Blade\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [uTorrent] => C:\Users\Blade\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-31] (BitTorrent Inc.)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [TSMApplication] => D:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2017-12-02] ()
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Steam] => D:\Program Files (x86)\Valve\Steam\steam.exe [3190048 2018-01-25] (Valve Corporation)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [OpenHardwareMonitor] => D:\Program Files (x86)\GPU Temp\GPUTemp.exe [1032192 2011-10-01] (gputemp.com)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [NoIPDUCv4] => D:\Program Files (x86)\No-IP\DUC40.exe [270336 2013-01-24] ()
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [KiesPreload] => D:\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [KiesPDLR.exe] => D:\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Google Update] => C:\Users\Blade\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Fitbit Connect] => D:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Battle.net] => D:\Program Files (x86)\Battle.net\Battle.net.exe [1069032 2018-02-01] (Blizzard Entertainment)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [AirDroid 3] => D:\Program Files (x86)\AirDroid\AirDroid.exe [11456120 2017-11-23] (Sand Studio)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1053000 2018-01-30] ()
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Clipdiary] => d:\Program Files (x86)\Clipdiary\clipdiary.exe [6580224 2017-07-23] ()
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [Chromatics] => D:\Program Files (x86)\Chromatics\Chromatics.exe [849408 2017-07-13] ()
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [LAN Messenger] => D:\Program Files (x86)\LAN Messenger\lmc.exe [1721344 2012-07-24] (LAN Messenger)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [XIV-Hunt] => D:\Downloads\XIV-Hunt (3).exe [5308416 2018-01-30] ()
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Run: [SUPERAntiSpyware] => D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2017-05-08]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> D:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2017-02-18] ()
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe [2010-05-28] (Hewlett-Packard Co.)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-20]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610.lnk [2018-02-06]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-07-24]
ShortcutTarget: Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-16]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-11]
ShortcutTarget: Twitch.lnk -> C:\Users\Blade\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
BootExecute: autocheck autochk * bootdeletesdnclean64.exePartizan
GroupPolicyScripts-x32: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3d987f5a-21ed-49fe-b367-ed3b1ff33a7f}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7c33f1e7-d8fa-4834-9a41-6a4b08672a3c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d06ac285-1583-4c7d-90d8-4d035658303b}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131613024390878174&GUID=DCF7A08E-3819-4D4F-AFA5-30454DDFACF7
URLSearchHook: HKLM-x32 - (No Name) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - No File
URLSearchHook: HKLM-x32 - (No Name) - {d3f4b70a-92e0-4393-a0f3-976d03b1ebf5} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-1030573958-117225573-3337015165-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-1030573958-117225573-3337015165-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll [2017-09-27] (Perfect World Entertainment Inc)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D3F4B70A-92E0-4393-A0F3-976D03B1EBF5} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1030573958-117225573-3337015165-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1030573958-117225573-3337015165-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
IE Session Restore: HKU\S-1-5-21-1030573958-117225573-3337015165-1001 -> is enabled.
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38} 
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {20D5FC56-9F89-4966-94E1-122DDA4FA5E7} hxxp://ro2.game.gnjoy.com/cab/GSystemInfo.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4ABB12B3-8A8B-481D-874A-93E16F930A8B} hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: HKLM-x32 {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {89F434A7-4A49-4394-AC02-007480331AE2} hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {D915AE88-270D-479D-8AC1-B3CDD62DBCBF} hxxp://www.cosmicbreak.com/start/cswebgamelauncher.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vu9mi8tn.default-1454372512006 [2018-02-04]
FF Homepage: Mozilla\Firefox\Profiles\vu9mi8tn.default-1454372512006 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\vu9mi8tn.default-1454372512006 -> about:newtab
FF Extension: (TubeCast) - C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vu9mi8tn.default-1454372512006\Extensions\@tubecast.xpi [2017-11-03] [Legacy]
FF Extension: (Ant.com addon) - C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vu9mi8tn.default-1454372512006\Extensions\antmark@ant.com.xpi [2017-12-22]
FF Extension: (S3.Translator) - C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vu9mi8tn.default-1454372512006\Extensions\s3google@translator.xpi [2018-01-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-1030573958-117225573-3337015165-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2016-03-17] (Nexon)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> d:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2017-09-27] (Perfect World Entertainment Inc)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Blade\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-1030573958-117225573-3337015165-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Blade\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1030573958-117225573-3337015165-1001: @talk.google.com/O1DPlugin -> C:\Users\Blade\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1030573958-117225573-3337015165-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Blade\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1030573958-117225573-3337015165-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Blade\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1030573958-117225573-3337015165-1001: ubisoft.com/uplaypc -> d:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2018-01-10] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Blade\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Blade\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default [2018-02-06]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2018-02-01]
CHR Extension: (Google Drive) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-27]
CHR Extension: (Sad Panda) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2018-01-24]
CHR Extension: (Pushbullet) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-10-08]
CHR Extension: (Bypass Surveys) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg [2016-06-16]
CHR Extension: (Tampermonkey) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-14]
CHR Extension: (Dropbox for Gmail) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-07-04]
CHR Extension: (Session Buddy) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Picture Downloader Professional) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodejnpnekkneapkicljnillpeodnlak [2018-02-01]
CHR Extension: (zzllrr Imager Geek) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjhimhkjmipphnaminnnnjpnlneeplk [2018-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-01]
CHR Extension: (GeForce Experience Stream Client) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjljknijpnfibppaijefibndmiabonep [2017-04-21]
CHR Extension: (Avast Online Security) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-02-01]
CHR Extension: (Mailto:) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf [2017-09-18]
CHR Extension: (Search Incognito) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcgjkbdmlnfmelambncafejbemlfodl [2018-01-31]
CHR Extension: (Tumblr Video Download) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphamkdkckkedfndpaghapgghlljmjhm [2017-02-02]
CHR Extension: (Chrome to Mobile) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2016-01-31]
CHR Extension: (InstaG Downloader) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-02-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-02-03]
CHR Extension: (__MSG_name__) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lamfengpphafgjdgacmmnpakdphmjlji [2017-09-14]
CHR Extension: (Skype) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-23]
CHR Extension: (Video DownloadHelper) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-22]
CHR Extension: (Google Hangouts) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Recently Closed Tabs) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc [2015-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-30]
CHR Profile: C:\Users\Blade\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-30]
CHR HKLM\...\Chrome\Extension: [oggihoncmelambjaefiboekididcaffe] - C:\Users\Blade\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe.crx <not found>
CHR HKU\S-1-5-21-1030573958-117225573-3337015165-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\gwtxeb <==== ATTENTION (Rootkit!)
 
R2 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S3 ArcService; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [87064 2017-09-27] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2017-07-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-04-24] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.19\AsusFanControlService.exe [396088 2015-04-19] (ASUSTeK Computer Inc.)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-26] (AVAST Software)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-26] (AVAST Software)
R2 Backupper Service; D:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-01-22] (Dropbox, Inc.)
R2 Ds3Service; D:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
R2 EaseUS Agent; D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40128 2017-06-19] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Fitbit Connect; D:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) [File not signed]
S3 Futuremark SystemInfo Service; D:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
S4 HTCMonitorService; D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2014-01-24] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S3 jswpsapi; D:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2013-01-22] (Wireless) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-07-10] (Logitech Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3878728 2017-02-25] (Paramount Software UK Ltd)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mi-raysat_3dsmax2014_64; D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NGS; C:\WINDOWS\NGService.exe [2466888 2017-07-15] (NEXON Korea Corporation)
R2 NoIPDUCService4; D:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-05] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-05] (NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-10-03] (The OpenVPN Project)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1452360 2018-01-30] (Overwolf LTD)
R2 PhoneMyPC_Helper; D:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [31232 2011-07-15] (SoftwareForMe Inc) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe [10979416 2017-04-24] (Paessler AG)
R2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [11374168 2017-04-24] (Paessler AG)
S3 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\RpcAgentSrv.exe [73200 2014-12-17] (SiSoftware) [File not signed]
R2 SDScannerService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 ss_conn_service; D:\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 updater; D:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 ZAMSvc; D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-07-03] ()
R0 asstahci64; C:\WINDOWS\System32\drivers\asstahci64.sys [89960 2017-07-25] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-01-26] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-26] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-26] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-26] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-26] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-01-26] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-01-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-01-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-01-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-01-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-30] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-01-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-01-26] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4320176 2017-10-21] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [33360 2015-10-16] (CrystalIdea Software)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [544744 2017-07-25] (Intel Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2018-02-06] ()
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53240 2016-12-06] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
S3 FlashUSB; C:\WINDOWS\System32\DRIVERS\FlashUSB.sys [19968 2014-12-02] (Intel Mobile Communications) [File not signed]
S3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R1 gfdriver; C:\WINDOWS\System32\drivers\gfdriver.sys [51904 2015-01-14] (Titan ARC Corp.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2018-02-04] ()
R1 HssDRV6; C:\WINDOWS\System32\DRIVERS\hssdrv6.sys [46792 2013-04-24] (AnchorFree Inc.)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S4 IObitUnlocker; D:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-07-02] (ASUSTeK Computer Inc.)
S1 JSWPSLWF; C:\WINDOWS\System32\DRIVERS\jswpslwfx.sys [26624 2013-01-22] (Atheros Communications, Inc.) [File not signed]
S3 Jukebox3_1394_x64; C:\WINDOWS\System32\DRIVERS\ctpdfwx.sys [30336 2005-04-05] (Creative Technology Ltd.) [File not signed]
S3 Jukebox3_x64; C:\WINDOWS\System32\DRIVERS\ctpdusbx.sys [27264 2006-01-19] (Creative Technology Ltd.) [File not signed]
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-07-10] (Logitech Inc.)
S4 lhdoirk; C:\WINDOWS\System32\drivers\bcdukjwy.sys [79064 2018-01-24] (Malwarebytes)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [43456 2011-01-30] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2018-01-17] (hxxp://libusb-win32.sourceforge.net)
R1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-01-26] ()
S3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-06] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-06] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-06] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-01] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-04] (Malwarebytes)
S3 MEMSWEEP2; C:\Windows\system32\6EC2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
S3 MotioninJoyXFilter; C:\WINDOWS\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
S3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31032 2018-01-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-23] (NVIDIA Corporation)
S3 PAC207; C:\WINDOWS\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.) [File not signed]
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-01-31] (Greatis Software)
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [15360 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
S3 pnetmdm; C:\WINDOWS\System32\DRIVERS\pnetmdm64.sys [17920 2007-03-07] (June Fabrics Technology) [File not signed]
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-28] (EldoS Corporation)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) [File not signed]
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) [File not signed]
S3 SANDRA; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2018-02-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SI3112r; C:\WINDOWS\system32\DRIVERS\SI3112r.sys [162144 2010-02-03] (Silicon Image, Inc) [File not signed]
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [22056 2007-12-26] (Silicon Image, Inc)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 staport; C:\Windows\System32\Drivers\staport.sys [45704 2018-01-26] ()
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
S3 taphss6; C:\WINDOWS\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project) [File not signed]
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-09-27] (TENCENT)
R3 TRLNDISMON; C:\WINDOWS\system32\DRIVERS\TRLNDISMON.sys [31392 2017-02-14] (Tarlogic)
R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IMx64.sys [633296 2012-06-04] (Paragon)
R1 Uim_VIM; C:\WINDOWS\System32\Drivers\uim_vimx64.sys [389968 2012-06-04] (Paragon)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 UsbFltr; C:\WINDOWS\System32\Drivers\UsbFltr.sys [12288 2007-04-09] (Waytech Development, Inc.) [File not signed]
S3 VCSVADHWSer; C:\WINDOWS\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2012-08-04] (Acronis)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R2 WinRing0_1_2_0; D:\Program Files (x86)\EVGA\Precision XOC\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-01-28] (Wellbia.com Co., Ltd.)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-02-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-26] (Zemana Ltd.)
S1 adgnetworkwfpdrv; system32\drivers\adgnetworkwfpdrv.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
R3 fjmpsw; system32\drivers\mpswzc.sys [X]
U3 idsvc; no ImagePath
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 JRSUKD25; \??\C:\Windows\system32\JRSUKD25.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-06 05:29 - 2018-02-06 05:29 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-02-06 04:47 - 2018-02-06 04:47 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-06 04:46 - 2018-02-06 04:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-06 04:43 - 2018-02-06 04:43 - 000142672 ____N C:\WINDOWS\system32\Drivers\exneilor.sys
2018-02-06 04:37 - 2018-02-06 04:38 - 000040802 _____ C:\TDSSKiller.3.1.0.16_06.02.2018_04.37.35_log.txt
2018-02-05 08:28 - 2018-02-05 08:28 - 000000000 ____D C:\Users\Blade\AppData\Local\spevnth
2018-02-04 16:36 - 2018-02-04 16:37 - 000000000 ____D C:\Users\Blade\Desktop\FRST-OlderVersion
2018-02-04 14:12 - 2018-02-04 14:12 - 000000832 _____ C:\Users\Blade\Desktop\Devilian.lnk
2018-02-04 13:35 - 2018-02-06 16:09 - 000000000 ____D C:\FRST
2018-02-04 13:09 - 2018-02-04 13:10 - 000000000 ____D C:\rsit
2018-02-04 13:09 - 2018-02-04 13:10 - 000000000 ____D C:\Program Files (x86)\trend micro
2018-02-04 12:50 - 2018-02-04 12:51 - 000000000 ____D C:\Users\Kaze\AppData\Local\exkmuhl
2018-02-04 12:50 - 2018-02-04 12:50 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1030573958-117225573-3337015165-1039
2018-02-04 12:49 - 2018-02-04 12:49 - 000000000 ____D C:\Users\Kaze\AppData\Local\Logitech® Webcam Software
2018-02-04 12:48 - 2018-02-04 12:50 - 000002406 _____ C:\Users\Kaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-04 12:48 - 2018-02-04 12:50 - 000000000 ___RD C:\Users\Kaze\OneDrive
2018-02-04 12:48 - 2018-02-04 12:48 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Intel Corporation
2018-02-04 12:47 - 2018-02-04 12:49 - 000000000 ____D C:\Users\Kaze\AppData\Local\NVIDIA Corporation
2018-02-04 12:47 - 2018-02-04 12:48 - 000000000 ____D C:\Users\Kaze\AppData\Local\Dropbox
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\MobiSystems Inc
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Zemana
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Wondershare
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Publishers
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Mobisystems
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Logitech
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\iSkysoft
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\DBG
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\CrashRpt
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\CrashDumps
2018-02-04 12:47 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\ansel
2018-02-04 12:46 - 2018-02-04 12:47 - 000000000 ___RD C:\Users\Kaze\Virtual Machines
2018-02-04 12:46 - 2018-02-04 12:47 - 000000000 ___RD C:\Users\Kaze\3D Objects
2018-02-04 12:46 - 2018-02-04 12:47 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Adobe
2018-02-04 12:45 - 2018-02-04 12:45 - 000000000 ____D C:\Users\Kaze\AppData\Local\VirtualStore
2018-02-04 12:45 - 2018-02-04 12:45 - 000000000 ____D C:\Users\Kaze\AppData\Local\NVIDIA
2018-02-04 12:45 - 2018-02-04 12:45 - 000000000 ____D C:\Users\Kaze\AppData\Local\ConnectedDevicesPlatform
2018-02-04 12:42 - 2018-02-04 12:42 - 000000000 ____D C:\Users\Blade\AppData\Local\wdrpklg
2018-02-04 12:36 - 2018-02-04 12:36 - 000000933 _____ C:\Users\Blade\Desktop\virus-ad-mal remover - Shortcut.lnk
2018-02-04 11:31 - 2018-02-04 11:31 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\AVAST Software
2018-02-04 11:31 - 2018-02-04 11:31 - 000000000 ____D C:\Users\Kaze\AppData\Local\CEF
2018-02-04 11:27 - 2018-02-04 11:28 - 000041574 _____ C:\TDSSKiller.3.1.0.16_04.02.2018_11.27.39_log.txt
2018-02-04 11:23 - 2018-02-04 11:23 - 000000000 ____D C:\Users\Kaze\AppData\Local\avhltcg
2018-02-04 10:38 - 2018-02-04 10:38 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-02-04 10:38 - 2018-02-04 10:38 - 000000898 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-04 10:38 - 2018-02-04 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-04 10:04 - 2018-02-04 10:06 - 000000000 ____D C:\Users\Blade\Desktop\continent of the ninth seal
2018-02-04 09:25 - 2018-02-04 09:25 - 000001090 _____ C:\Users\Blade\Desktop\DLLSuite.lnk
2018-02-04 09:25 - 2018-02-04 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Suite 9.0
2018-02-04 09:24 - 2018-02-04 09:25 - 000000000 ____D C:\Program Files (x86)\DLL Suite
2018-02-03 23:54 - 2018-02-01 17:29 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180203-235432.backup
2018-02-03 23:50 - 2018-02-01 17:29 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180203-235004.backup
2018-02-03 22:16 - 2018-02-04 12:45 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-02 19:01 - 2018-02-02 19:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1030573958-117225573-3337015165-1001
2018-02-02 18:55 - 2018-02-02 18:55 - 000001593 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-02-02 18:55 - 2018-02-02 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-02-02 18:55 - 2018-02-02 18:55 - 000000000 ____D C:\Program Files\iPod
2018-02-02 18:52 - 2018-02-02 18:52 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-02-02 18:52 - 2018-02-02 18:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-02-02 18:52 - 2018-02-02 18:52 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-02-02 18:43 - 2018-02-02 18:43 - 000000950 _____ C:\Users\Kaze\Desktop\virus-ad-mal remover - Shortcut.lnk
2018-02-02 18:38 - 2018-02-02 18:38 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\SUPERAntiSpyware.com
2018-02-02 18:36 - 2018-02-02 18:36 - 000000000 ____D C:\Users\Kaze\AppData\Local\weoirtm
2018-02-02 18:36 - 2018-02-02 18:36 - 000000000 ____D C:\Users\Kaze\AppData\Local\cohrgun
2018-02-02 18:35 - 2018-02-04 12:49 - 000000000 ____D C:\Users\Kaze\AppData\Local\Packages
2018-02-02 18:34 - 2018-02-04 12:53 - 000000000 ____D C:\Users\Kaze
2018-02-02 18:34 - 2018-02-04 11:22 - 000000000 ____D C:\Users\Kaze\AppData\Local\Google
2018-02-02 18:34 - 2018-02-02 18:34 - 000000020 ___SH C:\Users\Kaze\ntuser.ini
2018-02-02 18:34 - 2017-07-03 18:06 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\TuneUp Software
2018-02-02 18:34 - 2017-07-03 18:06 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Media Center Programs
2018-02-02 18:34 - 2017-07-03 18:06 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Macromedia
2018-02-02 18:34 - 2017-07-03 18:06 - 000000000 ____D C:\Users\Kaze\AppData\Local\Microsoft Help
2018-02-02 18:26 - 2018-02-02 18:27 - 000049496 _____ C:\TDSSKiller.3.1.0.16_02.02.2018_18.26.53_log.txt
2018-02-02 15:48 - 2018-02-06 04:50 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-02-02 08:47 - 2018-02-06 04:50 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-02-01 23:43 - 2018-02-01 23:43 - 000001649 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2018-02-01 23:43 - 2018-02-01 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2018-02-01 19:12 - 2018-02-06 04:50 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-02-01 18:01 - 2018-02-01 18:01 - 000001099 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-02-01 18:01 - 2018-02-01 18:01 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-02-01 18:01 - 2018-02-01 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-02-01 18:01 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-02-01 17:51 - 2018-02-04 09:06 - 000000000 ____D C:\ProgramData\Adguard
2018-02-01 17:51 - 2018-02-01 17:51 - 000000258 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2018-02-01 17:51 - 2018-02-01 17:51 - 000000258 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2018-02-01 17:51 - 2018-02-01 17:51 - 000000258 _____ C:\ProgramData\fontcacheev1.dat
2018-02-01 17:00 - 2018-02-01 17:00 - 000001053 _____ C:\Users\Blade\Desktop\Tweaking.com - Windows Repair.lnk
2018-02-01 17:00 - 2018-02-01 17:00 - 000000574 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-02-01 16:20 - 2018-02-06 04:50 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-01 16:20 - 2018-02-01 18:42 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-01 16:20 - 2018-02-01 16:20 - 000000976 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-01 16:20 - 2018-02-01 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-01 16:20 - 2018-02-01 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-01 16:05 - 2018-02-01 16:14 - 001107444 _____ C:\Users\Blade\Desktop\mb-clean-results.txt
2018-02-01 16:01 - 2018-02-01 16:01 - 000000000 ____D C:\ProgramData\LHService
2018-01-31 23:43 - 2018-01-31 23:45 - 000000000 ____D C:\ProgramData\LockHunter
2018-01-31 23:41 - 2018-01-31 23:41 - 000000000 ____D C:\Users\Blade\AppData\Roaming\LockHunter
2018-01-31 23:41 - 2018-01-31 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-01-31 23:07 - 2018-01-31 23:07 - 000000907 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-01-31 23:07 - 2018-01-31 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-01-31 22:47 - 2018-01-31 22:47 - 000000000 ____D C:\Users\Blade\AppData\Roaming\SUPERAntiSpyware.com
2018-01-31 22:47 - 2018-01-31 22:47 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-01-31 22:41 - 2018-01-31 22:41 - 000000904 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2018-01-31 22:41 - 2018-01-31 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2018-01-31 22:02 - 2018-02-06 04:45 - 000000252 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-01-31 21:44 - 2018-02-01 16:49 - 000000000 ____D C:\@RestoreQuarantine
2018-01-31 21:12 - 2018-01-31 21:12 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2018-01-31 21:12 - 2018-01-31 21:12 - 000000000 ____D C:\ProgramData\RegRun
2018-01-31 21:11 - 2018-02-01 16:45 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-01-31 21:11 - 2018-02-01 16:45 - 000000000 ____D C:\Users\Blade\Documents\RegRun2
2018-01-31 21:11 - 2018-01-31 21:11 - 000000761 _____ C:\Users\Blade\Desktop\UnHackMe.lnk
2018-01-31 21:11 - 2018-01-31 21:11 - 000000418 _____ C:\WINDOWS\Tasks\UnHackMe Task Scheduler.job
2018-01-31 21:11 - 2018-01-31 21:11 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-01-31 21:11 - 2018-01-31 21:11 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-01-31 21:11 - 2018-01-31 21:11 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-01-31 21:11 - 2018-01-31 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-01-31 21:11 - 2018-01-31 13:32 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-01-31 21:11 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-01-31 20:56 - 2018-01-31 20:56 - 000000382 _____ C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job
2018-01-31 20:53 - 2018-01-31 20:53 - 000197058 _____ C:\Users\Blade\GPReport.html
2018-01-30 23:55 - 2017-07-04 14:00 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180130-235503.backup
2018-01-30 23:06 - 2018-01-30 23:06 - 000039928 _____ C:\TDSSKiller.3.1.0.16_30.01.2018_23.06.11_log.txt
2018-01-30 18:31 - 2018-01-30 19:07 - 000000000 ____D C:\Users\Blade\AppData\Roaming\Tera_Awesomium
2018-01-30 08:24 - 2018-01-30 08:26 - 000000000 ____D C:\Users\Blade\Desktop\New folder (2)
2018-01-30 00:17 - 2018-01-30 00:17 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-30 00:02 - 2018-01-30 00:02 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.151729212760902
2018-01-30 00:02 - 2018-01-30 00:02 - 000045704 _____ () C:\WINDOWS\system32\Drivers\staport.sys.151729212881203
2018-01-30 00:01 - 2018-01-26 11:31 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-01-29 23:57 - 2018-01-29 23:57 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-01-29 23:57 - 2018-01-29 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-01-29 23:39 - 2018-01-29 23:39 - 000000000 ____D C:\Users\Blade\AppData\Roaming\LAN Messenger
2018-01-29 23:20 - 2018-01-29 23:20 - 000238012 _____ C:\Users\Blade\Desktop\mb-check-results.zip
2018-01-29 22:59 - 2018-01-29 22:59 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-29 22:59 - 2018-01-23 16:42 - 000137712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-01-29 22:59 - 2017-11-02 14:15 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-29 22:59 - 2017-11-02 14:15 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-29 22:59 - 2017-11-02 14:15 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-29 22:59 - 2017-11-02 14:14 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-29 22:56 - 2018-01-23 18:23 - 040269808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 035180016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 019796336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 013444552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 011026080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 010900248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 004308976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 003709424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001976120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439077.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001673616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439077.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001334808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001134768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001126888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001054704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001049480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000988464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000939832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000740336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000599352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-01-29 22:56 - 2018-01-23 18:23 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-01-29 21:52 - 2018-01-29 21:52 - 000040732 _____ C:\TDSSKiller.3.1.0.16_29.01.2018_21.52.28_log.txt
2018-01-27 17:20 - 2018-01-27 17:20 - 000000000 ____D C:\Users\Blade\Desktop\Laevani
2018-01-27 14:36 - 2018-01-27 14:36 - 000000000 ___HD C:\OneDriveTemp
2018-01-27 11:03 - 2018-01-27 11:03 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-26 12:14 - 2018-01-26 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-01-26 11:34 - 2018-01-26 11:34 - 000000000 _____ C:\WINDOWS\system32\last.dump
2018-01-26 11:32 - 2018-01-30 00:02 - 000001035 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-26 11:32 - 2018-01-30 00:02 - 000001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-26 11:32 - 2018-01-26 11:32 - 000000000 ____D C:\Users\Blade\AppData\Roaming\AVAST Software
2018-01-26 11:31 - 2018-02-02 18:54 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-26 11:31 - 2018-01-30 00:02 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-26 11:31 - 2018-01-30 00:02 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-26 11:31 - 2018-01-30 00:01 - 000457400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151729212864009
2018-01-26 11:31 - 2018-01-30 00:01 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys.151729212864009
2018-01-26 11:31 - 2018-01-26 11:31 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa55307983ece2e95.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5ea55035c1ed5c14.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe77aca6574482be2.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw86773fcba79eab30.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw37b431712c81d9f1.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9b0a6e345cf2bde4.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw627c17f477d1a6ee.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4d3e477c706725f1.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000045704 _____ () C:\WINDOWS\system32\Drivers\staport.sys
2018-01-26 11:31 - 2018-01-26 11:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-01-26 11:31 - 2018-01-26 11:31 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-26 11:31 - 2018-01-26 11:30 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-26 11:31 - 2018-01-26 11:30 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswc4cc8294e30abfb0.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-01-26 11:31 - 2018-01-26 11:30 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8ba6806676092aa5.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-01-26 11:31 - 2018-01-26 11:30 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa9c441ba3a85ef35.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-01-26 11:31 - 2018-01-26 11:30 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa40b6479802dd0b6.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-26 11:31 - 2018-01-26 11:30 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6eeea1b6f895169a.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe2020c1053d5f983.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-01-26 11:28 - 2018-01-26 12:08 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-26 11:18 - 2018-02-06 15:27 - 000154632 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-26 11:18 - 2018-02-06 15:25 - 000105885 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-26 11:18 - 2018-01-26 11:18 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-26 11:17 - 2018-01-26 11:17 - 000000000 ____D C:\Users\Blade\AppData\Local\Zemana
2018-01-26 11:12 - 2018-01-26 11:13 - 000038622 _____ C:\TDSSKiller.3.1.0.16_26.01.2018_11.12.33_log.txt
2018-01-25 12:09 - 2018-02-01 19:40 - 000000000 ____D C:\EEK
2018-01-25 12:09 - 2018-01-25 12:09 - 000000762 _____ C:\Users\Blade\Desktop\Start Emsisoft Emergency Kit.lnk
2018-01-25 11:58 - 2018-02-04 12:41 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-25 11:32 - 2018-02-06 04:38 - 000031724 _____ C:\Users\Blade\Desktop\Rkill.txt
2018-01-25 11:25 - 2018-01-25 11:32 - 000044116 _____ C:\TDSSKiller.3.1.0.16_25.01.2018_11.25.33_log.txt
2018-01-25 11:24 - 2018-01-25 11:24 - 000000366 _____ C:\TDSSKiller.3.1.0.11_25.01.2018_11.24.47_log.txt
2018-01-24 15:57 - 2018-01-24 15:57 - 000003608 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-scorch316@hotmail.com
2018-01-24 15:56 - 2018-01-24 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-24 15:51 - 2018-02-06 04:46 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-24 15:43 - 2018-01-24 15:43 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\bcdukjwy.sys
2018-01-24 15:20 - 2018-01-24 15:58 - 000001298 _____ C:\Users\Blade\Desktop\Google Chrome.lnk
2018-01-24 15:16 - 2018-02-06 04:45 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\dsarcumsvc.exe
2018-01-24 15:16 - 2018-01-24 15:16 - 000000020 _____ C:\WINDOWS\b77337056
2018-01-24 15:16 - 2018-01-24 15:16 - 000000000 ____D C:\WINDOWS\system32\nietgdk
2018-01-24 03:03 - 2018-01-24 03:03 - 000053573 _____ C:\WINDOWS\uninstaller.dat
2018-01-23 22:08 - 2018-01-29 22:58 - 000000000 ____D C:\WINDOWS\LastGood
2018-01-22 12:11 - 2018-01-22 12:11 - 001059826 _____ C:\Users\Blade\Desktop\DesertedShockingAlpineroadguidetigerbeetle.webm
2018-01-22 05:19 - 2018-01-22 05:19 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-01-22 05:19 - 2018-01-22 05:19 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-01-22 05:19 - 2018-01-22 05:19 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-01-20 04:58 - 2018-01-20 04:58 - 000000000 ____D C:\Users\Blade\Desktop\New folder
2018-01-17 10:27 - 2018-01-17 10:27 - 000000000 ____D C:\Users\Blade\AppData\Roaming\DS4Windows
2018-01-17 08:23 - 2018-01-28 22:58 - 000047096 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2018-01-17 08:23 - 2018-01-17 08:23 - 000000000 ____D C:\Users\Blade\AppData\LocalLow\DNF
2018-01-14 23:52 - 2018-01-14 23:52 - 000000023 _____ C:\Users\Blade\Desktop\bonus rolls.txt
2018-01-14 17:36 - 2018-01-30 23:34 - 000000000 ____D C:\Users\Blade\AppData\Local\FFXIV_GameSense
2018-01-14 15:22 - 2018-01-14 15:35 - 164810334 _____ C:\Users\Blade\Desktop\223148.mp4
2018-01-10 15:32 - 2018-01-10 15:34 - 000000000 ____D C:\Users\Blade\Documents\The Crew
2018-01-10 15:32 - 2018-01-10 15:32 - 000000000 ____D C:\Users\Blade\Documents\ProfileCache
2018-01-10 15:32 - 2018-01-10 15:32 - 000000000 ____D C:\Users\Blade\AppData\Local\Ubisoft
2018-01-10 15:27 - 2018-01-10 15:30 - 000000000 ____D C:\Users\Blade\AppData\Local\PAYDAY 2
2018-01-10 15:24 - 2018-01-10 15:27 - 000000000 ____D C:\Users\Blade\Documents\Assassin's Creed IV Black Flag
2018-01-10 15:16 - 2018-01-10 15:17 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-01-10 15:16 - 2018-01-10 15:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-01-10 15:14 - 2018-01-03 19:44 - 001975184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439065.dll
2018-01-10 15:14 - 2018-01-03 19:44 - 001674544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439065.dll
2018-01-10 15:14 - 2018-01-03 19:44 - 000045600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-01-09 23:18 - 2018-01-09 23:19 - 000000000 ____D C:\Users\Blade\Desktop\Red Apple 2
2018-01-08 20:44 - 2018-01-08 20:46 - 000000000 ____D C:\Users\Blade\Desktop\Skysong Engineering
2018-01-08 15:15 - 2018-01-22 05:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-06 16:10 - 2013-10-04 18:03 - 000000000 ____D C:\Users\Blade\AppData\Local\Battle.net
2018-02-06 15:49 - 2017-11-16 00:49 - 000000000 ____D C:\Users\Blade\AppData\Local\Deployment
2018-02-06 14:38 - 2011-11-03 19:12 - 000000000 ____D C:\Users\Blade\AppData\Local\Akamai
2018-02-06 14:35 - 2017-11-16 00:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-06 13:48 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-06 13:48 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-06 13:47 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-06 12:25 - 2017-11-16 15:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-06 09:26 - 2017-07-31 17:08 - 000000000 ____D C:\Users\Blade\AppData\Local\Purplizer
2018-02-06 09:26 - 2017-02-09 15:35 - 000000000 ____D C:\Users\Blade\AppData\Roaming\Curse Client
2018-02-06 08:52 - 2017-07-31 16:46 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-02-06 06:49 - 2013-10-26 23:07 - 000000000 ____D C:\Users\Blade\AppData\Local\CrashDumps
2018-02-06 04:55 - 2017-11-16 00:33 - 002183406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-06 04:54 - 2017-07-04 08:34 - 000000000 ___RD C:\Users\Blade\Dropbox
2018-02-06 04:47 - 2017-12-10 17:12 - 001508864 ___SH C:\Users\Blade\Desktop\Thumbs.db
2018-02-06 04:47 - 2017-05-23 13:07 - 000000000 ___RD C:\Users\Blade\Google Drive
2018-02-06 04:47 - 2012-07-08 18:52 - 000000000 ____D C:\Users\Blade\AppData\Local\Overwolf
2018-02-06 04:46 - 2017-11-16 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-06 04:46 - 2017-07-05 19:57 - 000371429 ____N C:\WINDOWS\Minidump\020618-58359-01.dmp
2018-02-06 04:46 - 2017-04-24 22:41 - 000000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2018-02-06 04:43 - 2017-09-29 02:45 - 022282240 _____ C:\WINDOWS\system32\config\HARDWARE
2018-02-06 04:43 - 2017-09-29 02:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-02-04 14:12 - 2015-09-23 17:47 - 000000000 ____D C:\Users\Blade\AppData\Local\Glyph
2018-02-04 14:12 - 2015-09-23 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2018-02-04 14:12 - 2015-09-23 17:47 - 000000000 ____D C:\ProgramData\Glyph
2018-02-04 12:56 - 2010-02-20 13:28 - 000000000 ____D C:\Users\Blade\AppData\Roaming\uTorrent
2018-02-04 12:56 - 2010-02-20 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-02-04 12:54 - 2017-11-16 00:37 - 000000000 ____D C:\Users\Blade
2018-02-04 12:54 - 2015-07-30 22:10 - 000000000 ____D C:\Users\Public\Documents\CrashDump
2018-02-04 12:50 - 2017-06-08 22:40 - 000000000 ____D C:\Users\Blade\AppData\LocalLow\Mozilla
2018-02-04 12:47 - 2015-09-09 23:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-04 12:44 - 2010-07-06 06:08 - 000000000 ____D C:\WINDOWS\pss
2018-02-04 12:43 - 2010-02-20 14:51 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-02-04 12:41 - 2017-11-16 00:32 - 005004808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-04 11:33 - 2016-10-04 15:58 - 000041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-02-04 11:32 - 2015-11-11 14:52 - 000001480 _____ C:\WINDOWS\system32\.crusader
2018-02-04 11:25 - 2017-11-16 15:11 - 002122790 _____ C:\WINDOWS\ntbtlog.txt
2018-02-04 11:25 - 2013-06-04 11:05 - 000000000 ____D C:\Users\fbwuser
2018-02-04 11:25 - 2013-03-31 11:55 - 000000000 ____D C:\Users\TEMP
2018-02-04 11:25 - 2010-07-02 18:01 - 000000000 ____D C:\Users\Mcx1-BLADE-PC
2018-02-04 11:23 - 2014-07-27 15:34 - 000000000 ____D C:\AdwCleaner
2018-02-04 10:58 - 2010-02-13 16:32 - 000000000 ___RD C:\Users\Blade\Desktop\Shortcuts
2018-02-04 09:07 - 2013-05-31 21:08 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-03 22:18 - 2017-11-16 00:37 - 000000000 ____D C:\Users\DefaultAppPool
2018-02-02 19:03 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-02 18:54 - 2015-06-02 14:32 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-02-02 18:53 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-02 18:46 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-02 18:30 - 2017-06-09 15:09 - 000000000 ____D C:\Users\Blade\AppData\Local\ElevatedDiagnostics
2018-02-01 17:00 - 2017-11-16 18:36 - 000365211 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-02-01 16:29 - 2010-04-24 14:37 - 000000000 ____D C:\!KillBox
2018-02-01 16:26 - 2017-10-21 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2018-01-31 22:41 - 2012-06-09 07:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-31 22:16 - 2016-04-21 17:19 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-31 20:25 - 2017-11-16 00:50 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1030573958-117225573-3337015165-1001
2018-01-31 20:25 - 2017-07-04 01:50 - 000002409 _____ C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 20:25 - 2017-07-04 01:50 - 000000000 __RDL C:\Users\Blade\OneDrive
2018-01-30 23:55 - 2013-04-05 16:45 - 000450600 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_478
2018-01-30 20:51 - 2014-11-25 22:45 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-01-30 12:15 - 2015-05-22 16:38 - 000000000 ____D C:\Users\Blade\AppData\Roaming\avidemux
2018-01-30 00:03 - 2017-11-04 14:17 - 000000000 ____D C:\Users\Blade\AppData\Roaming\FileZilla
2018-01-29 23:40 - 2012-05-02 17:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 23:18 - 2013-09-16 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2018-01-29 23:18 - 2010-11-15 12:09 - 000000000 ____D C:\Users\Blade\AppData\Roaming\DivX
2018-01-29 23:18 - 2010-11-15 12:07 - 000000000 ____D C:\ProgramData\DivX
2018-01-29 23:13 - 2016-01-07 09:19 - 000000781 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk
2018-01-29 23:08 - 2017-06-08 22:40 - 000000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-29 23:00 - 2017-11-16 15:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-29 23:00 - 2012-04-18 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-01-29 23:00 - 2012-01-30 15:32 - 000000000 ____D C:\Temp
2018-01-29 22:59 - 2017-11-16 16:42 - 000000000 ____D C:\Users\Blade\AppData\Local\NVIDIA
2018-01-29 22:23 - 2017-03-02 20:52 - 000000000 ____D C:\Program Files (x86)\KMSPico
2018-01-29 21:25 - 2017-10-20 12:26 - 000000000 ____D C:\Users\Blade\Desktop\school stuff
2018-01-29 18:43 - 2017-12-14 23:05 - 000000000 ____D C:\Users\Blade\Desktop\3dx
2018-01-26 12:14 - 2010-02-20 14:18 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-01-26 12:03 - 2010-02-20 14:18 - 000000000 ____D C:\ProgramData\Skype
2018-01-25 11:43 - 2017-11-16 00:45 - 000003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-01-25 11:36 - 2011-04-17 09:57 - 000000000 ____D C:\ProgramData\ICQ
2018-01-24 15:57 - 2010-02-20 12:27 - 000000000 ____D C:\Users\Blade\AppData\Roaming\Adobe
2018-01-24 15:56 - 2015-09-12 12:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-24 15:50 - 2017-07-05 17:04 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-24 15:43 - 2015-10-12 16:33 - 000000000 ____D C:\WINDOWS\Install
2018-01-24 01:16 - 2010-02-19 20:06 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 22:10 - 2017-02-16 13:53 - 000000000 ____D C:\Users\Blade\ansel
2018-01-23 22:08 - 2017-11-16 00:45 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-11-16 00:45 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-11-16 00:45 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-11-16 00:45 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-11-16 00:45 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-11-16 00:45 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-11-16 00:45 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-11-16 00:45 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 22:08 - 2017-07-05 17:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-23 18:23 - 2017-11-16 16:39 - 003894304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-01-23 18:23 - 2017-11-16 16:39 - 000057928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-01-23 18:23 - 2017-05-19 17:47 - 004580832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-01-23 18:23 - 2017-05-19 14:22 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-01-23 17:11 - 2017-11-16 15:45 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-01-23 16:57 - 2017-11-16 15:45 - 005950024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-01-23 16:57 - 2017-11-16 15:45 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-01-23 16:57 - 2017-11-16 15:45 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-01-23 16:57 - 2017-11-16 15:45 - 000633328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-01-23 16:57 - 2017-11-16 15:45 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-01-23 16:57 - 2017-11-16 15:45 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-01-23 16:57 - 2017-11-16 15:45 - 000082744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-01-21 23:46 - 2017-11-16 15:45 - 007947791 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-01-21 12:39 - 2013-09-24 18:04 - 000000000 ____D C:\Users\Blade\AppData\Roaming\SimulationCraft
2018-01-20 18:22 - 2016-06-14 04:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter
2018-01-19 02:05 - 2015-10-13 15:23 - 000000000 ____D C:\ProgramData\MEGAsync
2018-01-17 13:09 - 2017-05-08 15:00 - 000098400 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusbK.dll
2018-01-17 13:09 - 2017-05-08 15:00 - 000083552 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusbK.dll
2018-01-17 13:09 - 2017-05-08 15:00 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusb0.dll
2018-01-17 13:09 - 2017-05-08 15:00 - 000067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2018-01-17 13:09 - 2017-05-08 15:00 - 000047200 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\Drivers\libusbK.sys
2018-01-17 08:19 - 2013-10-16 16:24 - 000000000 ____D C:\ProgramData\Oracle
2018-01-17 00:56 - 2017-07-04 04:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-17 00:56 - 2013-03-08 17:04 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-17 00:49 - 2017-07-04 04:16 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-15 21:48 - 2010-02-13 16:31 - 000000000 ____D C:\Users\Blade\Desktop\WoW
2018-01-14 23:12 - 2012-11-01 20:10 - 000000000 ____D C:\Users\Blade\AppData\Local\Ubisoft Game Launcher
2018-01-11 11:31 - 2016-07-02 14:55 - 000000000 ____D C:\Users\Blade\AppData\Roaming\discord
2018-01-10 15:35 - 2012-04-22 11:38 - 000000000 ____D C:\Users\Blade\Documents\My Games
2018-01-10 01:25 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-10 01:25 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-10 01:12 - 2013-07-21 12:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 01:07 - 2017-10-11 13:43 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 01:07 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 01:07 - 2016-08-07 20:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-10 01:07 - 2010-02-19 20:44 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 01:05 - 2009-07-13 20:34 - 000000592 _____ C:\WINDOWS\win.ini
2018-01-08 22:57 - 2016-07-02 14:59 - 000000000 ____D C:\Users\Blade\AppData\Local\Discord
2018-01-07 23:24 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2018-02-01 17:51 - 2018-02-01 17:51 - 000000258 _____ () C:\ProgramData\fontcacheev1.dat
2013-10-30 16:06 - 2017-07-03 17:12 - 000090469 _____ () C:\Users\Blade\IP_Log_Data.js
2013-05-03 11:28 - 2017-07-03 17:06 - 000791778 _____ () C:\Users\Blade\Network_Meter_Data.js
2011-09-04 20:35 - 2011-09-04 20:35 - 000000000 _____ () C:\Users\Blade\AppData\Roaming\.NANotifyHere
2012-10-17 15:00 - 2012-10-17 15:00 - 000000132 _____ () C:\Users\Blade\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-09-15 07:47 - 2013-04-07 09:19 - 000000132 _____ () C:\Users\Blade\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-27 08:05 - 2017-04-14 09:48 - 000000132 _____ () C:\Users\Blade\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-11-30 13:42 - 2015-10-11 07:33 - 000000624 _____ () C:\Users\Blade\AppData\Roaming\All CPU MeterV3_Settings.ini
2011-07-05 12:10 - 2012-01-02 16:30 - 000000412 _____ () C:\Users\Blade\AppData\Roaming\All CPU Meter_Settings.ini
2011-02-13 14:01 - 2011-08-06 12:09 - 000001004 _____ () C:\Users\Blade\AppData\Roaming\ConvAPIPlugin.log
2012-06-27 10:48 - 2012-06-27 10:48 - 000000346 _____ () C:\Users\Blade\AppData\Roaming\Digital Clock_Settings.ini
2012-06-22 12:09 - 2012-11-30 13:40 - 000000803 _____ () C:\Users\Blade\AppData\Roaming\Drives Meter_Settings.ini
2011-01-04 16:10 - 2017-11-26 23:29 - 000000000 _____ () C:\Users\Blade\AppData\Roaming\FileIn.cns
2011-01-04 16:10 - 2017-11-26 23:29 - 000000000 _____ () C:\Users\Blade\AppData\Roaming\FileOut.cns
2012-06-22 11:49 - 2017-07-02 20:58 - 000001177 _____ () C:\Users\Blade\AppData\Roaming\Network Meter_Settings.ini
2013-05-03 11:29 - 2017-07-03 17:44 - 000000028 _____ () C:\Users\Blade\AppData\Roaming\Network Meter_Usage.ini
2010-08-10 14:00 - 2011-03-22 19:27 - 000001848 _____ () C:\Users\Blade\AppData\Roaming\Rim.Desktop.Exception.log
2010-08-10 13:48 - 2013-10-07 19:00 - 000003644 _____ () C:\Users\Blade\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-01-30 05:40 - 2015-02-19 09:25 - 014413824 _____ () C:\Users\Blade\AppData\Roaming\Sandra.mdb
2013-08-06 17:08 - 2013-08-06 17:08 - 000000149 _____ () C:\Users\Blade\AppData\Roaming\uninstall.bat
2016-04-09 12:48 - 2016-04-09 12:48 - 000000044 _____ () C:\Users\Blade\AppData\Roaming\WB.CFG
2016-10-04 09:40 - 2016-10-04 09:40 - 000127639 _____ () C:\Users\Blade\AppData\Local\33740398.exe
2013-11-29 12:21 - 2014-04-26 14:37 - 000000346 ___SH () C:\Users\Blade\AppData\Local\70149b02515b3bb20dd492.47983420
2013-06-23 12:44 - 2012-11-23 06:54 - 000196608 _____ () C:\Users\Blade\AppData\Local\common_functions.dll
2012-11-23 06:54 - 2012-11-23 06:54 - 000114688 _____ () C:\Users\Blade\AppData\Local\ie_runner_app.exe
2013-06-23 12:44 - 2012-06-26 04:59 - 000940544 _____ (Apache Software Foundation) C:\Users\Blade\AppData\Local\log4cxx.dll
2015-06-02 15:18 - 2015-06-02 15:18 - 000000600 _____ () C:\Users\Blade\AppData\Local\PUTTY.RND
2013-04-05 15:42 - 2017-02-21 16:22 - 000007594 _____ () C:\Users\Blade\AppData\Local\resmon.resmoncfg
2015-12-03 14:27 - 2015-12-03 14:27 - 000002560 _____ () C:\Users\Blade\AppData\Local\uninstall.exe
 
Some files in TEMP:
====================
2018-02-05 15:34 - 2017-09-29 07:42 - 000594552 _____ (Microsoft Corporation) C:\Users\Blade\AppData\Local\Temp\kernel32.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\exneilor.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-02-05 01:24
 
==================== End of FRST.txt ============================

Edited by scorcher64, 06 February 2018 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 06 February 2018 - 07:25 PM

Hi, scorcher64.

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

The computer seem to be infected with a version of the SmartService Rootkit. This is a very difficult Rootkit to remove.

You will need a non infected secondary system to download FRST64 in a USB drive (Pen Drive), boot the infected computer in the Recovery Environment and run FRST64 at the command prompt. What it is most important is that the USB drive should not be inserted in the infected computer, but until you have reached the command prompt in the Recovery Environment. Here are the instructions.

In a non infected computer, please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. In your case is FRST64.exe.

Boot in the Recovery Environment
  • You are running Windows 10
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
  • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, plug your USB Flash Drive in the infected computer.
  • Type notepad at the prompt and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe64 and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for it to complete
  • A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply
If you successfully run FRST64 in the Recovery Enironment, boot the computer in Normal Mode and follow these steps:

favicon-32x32.png Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
02-malwarebytes-premium-scan-methods.jpg
  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 scorcher64

scorcher64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 February 2018 - 09:19 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by SYSTEM on MININT-QHAV5PD (06-02-2018 20:05:24)
Running from o:\
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17662072 2017-07-10] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-26] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM\...\Run: [ZAM] => D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [WinampAgent] => D:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-25] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => d:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-26] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-01-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [DivXMediaServer] => d:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1057240 2017-11-17] (DivX, LLC)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [555832 2014-03-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Arc] => D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [414744 2017-09-27] (Perfect World Entertainment)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => D:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
HKLM-x32\...\Run: [OfficeSuite] => D:\Program Files (x86)\MobiSystems\OfficeSuite\OfficeSuite.exe [402088 2018-01-10] (MobiSystems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Blade\...\Run: [Akamai NetSession Interface] => C:\Users\Blade\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\Blade\...\Run: [uTorrent] => C:\Users\Blade\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-31] (BitTorrent Inc.)
HKU\Blade\...\Run: [TSMApplication] => D:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2017-12-02] ()
HKU\Blade\...\Run: [Steam] => D:\Program Files (x86)\Valve\Steam\steam.exe [3190048 2018-01-25] (Valve Corporation)
HKU\Blade\...\Run: [OpenHardwareMonitor] => D:\Program Files (x86)\GPU Temp\GPUTemp.exe [1032192 2011-10-01] (gputemp.com)
HKU\Blade\...\Run: [NoIPDUCv4] => D:\Program Files (x86)\No-IP\DUC40.exe [270336 2013-01-24] ()
HKU\Blade\...\Run: [KiesPreload] => D:\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\Blade\...\Run: [KiesPDLR.exe] => D:\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\Blade\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\Blade\...\Run: [Google Update] => C:\Users\Blade\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\Blade\...\Run: [Fitbit Connect] => D:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\Blade\...\Run: [Battle.net] => D:\Program Files (x86)\Battle.net\Battle.net.exe [1069032 2018-02-01] (Blizzard Entertainment)
HKU\Blade\...\Run: [AirDroid 3] => D:\Program Files (x86)\AirDroid\AirDroid.exe [11456120 2017-11-23] (Sand Studio)
HKU\Blade\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1053000 2018-01-30] ()
HKU\Blade\...\Run: [Clipdiary] => d:\Program Files (x86)\Clipdiary\clipdiary.exe [6580224 2017-07-23] ()
HKU\Blade\...\Run: [Chromatics] => D:\Program Files (x86)\Chromatics\Chromatics.exe [849408 2017-07-13] ()
HKU\Blade\...\Run: [LAN Messenger] => D:\Program Files (x86)\LAN Messenger\lmc.exe [1721344 2012-07-24] (LAN Messenger)
HKU\Blade\...\Run: [XIV-Hunt] => D:\Downloads\XIV-Hunt (3).exe [5308416 2018-01-30] ()
HKU\Blade\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\Blade\...\Run: [SUPERAntiSpyware] => D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
HKU\Blade\...\RunOnce: [Application Restart #0] => C:\Windows\System32\msinfo32.exe [369664 2017-09-29] (Microsoft Corporation)
HKU\Blade\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- hxxps://go.microsoft.com/fwlink/?LinkId=517009
HKU\Blade\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Overwolf\Overwolf.exe [55624 2018-01-30] (Overwolf LTD)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\fbwuser\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\fbwuser\...\Run: [MtdAcqu] => "D:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
HKU\fbwuser\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\fbwuser\...\Run: [CTSyncU.exe] => "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
HKU\fbwuser\...\Run: [sla] => C:\Users\fbwuser\AppData\Local\TempImages\chk.exe
HKU\fbwuser\...\Run: [Akamai NetSession Interface] => C:\Users\Blade\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\fbwuser\...\Run: [uTorrent] => "D:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\fbwuser\...\Run: [5574B6CAB37D114058BDEF6599378DB715F45211._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-01-23] (Google Inc.)
HKU\fbwuser\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\fbwuser\...\Run: [Memory Cleaner] => C:\Users\fbwuser\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot
HKU\fbwuser\...\Run: [NoIPDUCv4] => D:\Program Files (x86)\No-IP\DUC40.exe [270336 2013-01-24] ()
HKU\fbwuser\...\Run: [MarbleStation] => D:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe [1009272 2013-04-18] (CJ E&M)
HKU\fbwuser\...\Run: [Consumer Input Update] => C:\Program Files (x86)\Consumer Input\dca-ua.exe
HKU\fbwuser\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-10] (Google Inc.)
HKU\fbwuser\...\Run: [Azureus] => C:\Program Files (x86)\Vuze\Azureus.exe [316360 2012-12-14] (Azureus Software, Inc)
HKU\fbwuser\...\Run: [UDisk] => D:\Program Files (x86)\115\UDown\UDown.exe /m
HKU\fbwuser\...\Run: [Steam] => D:\Program Files (x86)\Valve\Steam\steam.exe [3190048 2018-01-25] (Valve Corporation)
HKU\fbwuser\...\Run: [Spybot-S&D Cleaning] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
HKU\fbwuser\...\Run: [Logitech Vid] => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
HKU\fbwuser\...\Run: [Battle.net] => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
HKU\fbwuser\...\Run: [Aim] => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US /HIDEBL
HKU\fbwuser\...\Run: [Google Update] => C:\Users\Blade\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\fbwuser\...\Run: [GoogleChromeAutoLaunch_B29C8DB8E68EBB6D46D71EBAB5DC6D6E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-01-23] (Google Inc.)
HKU\fbwuser\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
HKU\Kaze\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kaze\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64"
HKU\Kaze\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kaze\AppData\Local\Microsoft\OneDrive\17.3.6816.0313"
HKU\Mcx1-BLADE-PC\...\Run: [DriverMax] => [X]
HKU\Mcx1-BLADE-PC\...\Run: [DriverMax_RESTART] => [X]
HKU\Mcx1-BLADE-PC\...\Run: [uTorrent] => "D:\Program Files (x86)\uTorrent\uTorrent.exe"
HKU\Mcx1-BLADE-PC\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\Mcx1-BLADE-PC\...\Run: [Logitech Vid] => "C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe" -bootmode
HKU\Mcx1-BLADE-PC\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Mcx1-BLADE-PC\...\Run: [ISUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\Mcx1-BLADE-PC\...\Run: [DS3 Tool] => D:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
HKU\Mcx1-BLADE-PC\...\Run: [BitTorrent DNA] => "C:\Users\Blade\Program Files (x86)\DNA\btdna.exe"
HKU\Mcx1-BLADE-PC\...\Run: [Aim] => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US /HIDEBL
HKU\Mcx1-BLADE-PC\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\Mcx1-BLADE-PC\...\Run: [RIMDeviceManager] => "C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
HKU\Mcx1-BLADE-PC\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-10] (Google Inc.)
HKU\Mcx1-BLADE-PC\...\Run: [Steam] => D:\Program Files (x86)\Valve\Steam\steam.exe [3190048 2018-01-25] (Valve Corporation)
HKU\Mcx1-BLADE-PC\...\Run: [Creative MediaSource Go] => "D:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
HKU\Mcx1-BLADE-PC\...\Run: [MtdAcqu] => "D:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
HKU\Mcx1-BLADE-PC\...\Run: [CTSyncU.exe] => "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
HKU\Mcx1-BLADE-PC\...\Run: [UDisk] => D:\Program Files (x86)\115\UDown\UDown.exe /m
HKU\Mcx1-BLADE-PC\...\Run: [AdobeBridge] => [X]
HKU\Mcx1-BLADE-PC\...\Run: [PlayNC Launcher] => [X]
HKU\Mcx1-BLADE-PC\...\Run: [5574B6CAB37D114058BDEF6599378DB715F45211._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-01-23] (Google Inc.)
HKU\Mcx1-BLADE-PC\...\Run: [Pando Media Booster] => null\Pando Networks\Media Booster\PMB.exe
HKU\Mcx1-BLADE-PC\...\Run: [sla] => C:\Users\Mcx1-BLADE-PC\AppData\Local\TempImages\chk.exe
HKU\Mcx1-BLADE-PC\...\Run: [Akamai NetSession Interface] => C:\Users\Blade\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\Mcx1-BLADE-PC\...\Run: [Memory Cleaner] => C:\Users\Mcx1-BLADE-PC\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot
HKU\Mcx1-BLADE-PC\...\Run: [NoIPDUCv4] => D:\Program Files (x86)\No-IP\DUC40.exe [270336 2013-01-24] ()
HKU\Mcx1-BLADE-PC\...\Run: [MarbleStation] => D:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe [1009272 2013-04-18] (CJ E&M)
HKU\Mcx1-BLADE-PC\...\Run: [Azureus] => C:\Program Files (x86)\Vuze\Azureus.exe [316360 2012-12-14] (Azureus Software, Inc)
HKU\Mcx1-BLADE-PC\...\Run: [Spybot-S&D Cleaning] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
HKU\Mcx1-BLADE-PC\...\Run: [Battle.net] => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
HKU\Mcx1-BLADE-PC\...\Run: [Google Update] => C:\Users\Blade\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\Mcx1-BLADE-PC\...\Run: [GoogleChromeAutoLaunch_B29C8DB8E68EBB6D46D71EBAB5DC6D6E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-01-23] (Google Inc.)
HKU\Mcx1-BLADE-PC\...\RunOnce: [HPSoftwareUpdate] => D:\Program Files (x86)\HP\HP Software Update\HPWUCli.exe
HKU\Mcx1-BLADE-PC\...\RunOnce: [spchecker] => "D:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\Mcx1-BLADE-PC\...\Winlogon: [Shell] c:\windows\explorer.exe [3904808 2018-01-01] (Microsoft Corporation) <==== ATTENTION
HKU\TEMP\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\TEMP\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2017-02-18] ()
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe [2010-05-28] (Hewlett-Packard Co.)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-19]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610.lnk [2018-02-06]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-07-24]
ShortcutTarget: Nexon Launcher.lnk -> D:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-16]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-11]
ShortcutTarget: Twitch.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File)
BootExecute: autocheck autochk * bootdeletesdnclean64.exePartizan
GroupPolicyScripts-x32: Restriction <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\gwtxeb" => removed successfully
C:\Windows\System32\drivers\exnvybfi.sys => moved successfully
C:\Users\Blade\AppData\Local\niemiro\7zdec.exe => moved successfully
C:\Users\Blade\AppData\Local\Pando_Temp\PMBInst.exe => moved successfully
C:\Users\Blade\AppData\Local\RLPlatform\RocketLife.exe => moved successfully
C:\Users\Blade\AppData\Local\spevnth\atbzmhx.exe => moved successfully
C:\Users\Kaze\AppData\Local\exkmuhl\seadcpr.exe => moved successfully
S2 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S3 ArcService; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [87064 2017-09-27] (Perfect World Entertainment Inc)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2017-07-03] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-04-24] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-23] ()
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.19\AsusFanControlService.exe [396088 2015-04-19] (ASUSTeK Computer Inc.)
S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-26] (AVAST Software)
S2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-26] (AVAST Software)
S2 Backupper Service; D:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-01-22] (Dropbox, Inc.)
S2 Ds3Service; D:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions)
S2 EaseUS Agent; D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40128 2017-06-19] (CHENGDU YIWO Tech Development Co., Ltd)
S2 Fitbit Connect; D:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S3 Futuremark SystemInfo Service; D:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
S4 HTCMonitorService; D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2014-01-24] (iolo technologies, LLC)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S3 jswpsapi; D:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2013-01-22] (Wireless)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-07-10] (Logitech Inc.)
S2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3878728 2017-02-25] (Paramount Software UK Ltd)
S2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 mi-raysat_3dsmax2014_64; D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] ()
S3 NGS; C:\WINDOWS\NGService.exe [2466888 2017-07-15] (NEXON Korea Corporation)
S2 NoIPDUCService4; D:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] ()
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-23] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-05] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-05] (NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-10-03] (The OpenVPN Project)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1452360 2018-01-30] (Overwolf LTD)
S2 PhoneMyPC_Helper; D:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [31232 2011-07-15] (SoftwareForMe Inc)
S2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe [10979416 2017-04-24] (Paessler AG)
S2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [11374168 2017-04-24] (Paessler AG)
S3 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\RpcAgentSrv.exe [73200 2014-12-17] (SiSoftware)
S2 SDScannerService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S2 ss_conn_service; D:\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
S2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 updater; D:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions)
S2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] ()
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
S2 ZAMSvc; D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] ()
S2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] ()
S2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-07-03] ()
S0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [89960 2017-07-25] (Asmedia Technology)
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-26] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-26] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-26] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-26] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-26] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-26] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-29] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-26] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-26] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-26] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-29] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-26] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-26] (AVAST Software)
S3 athr; C:\Windows\System32\drivers\athw10x.sys [4320176 2017-10-21] (Qualcomm Atheros Communications, Inc.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2015-10-16] (CrystalIdea Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [544744 2017-07-25] (Intel Corporation)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2018-02-06] ()
S0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53240 2016-12-05] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2014-12-02] (Intel Mobile Communications)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S1 gfdriver; C:\Windows\System32\drivers\gfdriver.sys [51904 2015-01-14] (Titan ARC Corp.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2018-02-04] ()
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-04-24] (AnchorFree Inc.)
S4 IObitUnlocker; D:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit)
S4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-07-02] (ASUSTeK Computer Inc.)
S3 Jukebox3_1394_x64; C:\Windows\System32\DRIVERS\ctpdfwx.sys [30336 2005-04-04] (Creative Technology Ltd.)
S3 Jukebox3_x64; C:\Windows\System32\DRIVERS\ctpdusbx.sys [27264 2006-01-19] (Creative Technology Ltd.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-07-10] (Logitech Inc.)
S4 lhdoirk; C:\Windows\System32\drivers\bcdukjwy.sys [79064 2018-01-24] (Malwarebytes)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2011-01-30] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2018-01-17] (hxxp://libusb-win32.sourceforge.net)
S1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-01-26] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-06] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-06] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-06] (Malwarebytes)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-01] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-04] (Malwarebytes)
S3 MEMSWEEP2; C:\Windows\system32\6EC2.tmp [6144 2009-06-18] (Sophos Plc)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31032 2018-01-05] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57928 2018-01-23] (NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-01-31] (Greatis Software)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-28] (EldoS Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SANDRA; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2018-02-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [162144 2010-02-03] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-12-26] (Silicon Image, Inc)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S1 staport; C:\Windows\System32\Drivers\staport.sys [45704 2018-01-26] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-09-27] (TENCENT)
S3 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [31392 2017-02-14] (Tarlogic)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-04] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-04] (Paragon)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-08-04] (Acronis)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
S2 WinRing0_1_2_0; D:\Program Files (x86)\EVGA\Precision XOC\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-01-28] (Wellbia.com Co., Ltd.)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2016-06-14] (SplitmediaLabs Limited)
S1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-02-04] (Zemana Ltd.)
S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-26] (Zemana Ltd.)
S1 adgnetworkwfpdrv; system32\drivers\adgnetworkwfpdrv.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 idsvc; no ImagePath
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 JRSUKD25; \??\C:\Windows\system32\JRSUKD25.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-06 17:54 - 2018-02-06 17:54 - 000000000 ____D C:\Windows\System32\Drivers\wd
2018-02-06 17:54 - 2018-02-06 17:54 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-06 03:29 - 2018-02-06 03:29 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2018-02-06 02:37 - 2018-02-06 02:38 - 000040802 _____ C:\TDSSKiller.3.1.0.16_06.02.2018_04.37.35_log.txt
2018-02-05 06:28 - 2018-02-06 20:05 - 000000000 ____D C:\Users\Blade\AppData\Local\spevnth
2018-02-04 14:36 - 2018-02-04 14:37 - 000000000 ____D C:\Users\Blade\Desktop\FRST-OlderVersion
2018-02-04 12:12 - 2018-02-04 12:12 - 000000832 _____ C:\Users\Blade\Desktop\Devilian.lnk
2018-02-04 11:35 - 2018-02-06 14:11 - 000000000 ____D C:\FRST
2018-02-04 11:09 - 2018-02-04 11:10 - 000000000 ____D C:\rsit
2018-02-04 11:09 - 2018-02-04 11:10 - 000000000 ____D C:\Program Files (x86)\trend micro
2018-02-04 10:50 - 2018-02-06 20:05 - 000000000 ____D C:\Users\Kaze\AppData\Local\exkmuhl
2018-02-04 10:50 - 2018-02-04 10:50 - 000003360 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1030573958-117225573-3337015165-1039
2018-02-04 10:49 - 2018-02-04 10:49 - 000000000 ____D C:\Users\Kaze\AppData\Local\Logitech® Webcam Software
2018-02-04 10:48 - 2018-02-04 10:50 - 000000000 ___RD C:\Users\Kaze\OneDrive
2018-02-04 10:48 - 2018-02-04 10:48 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Intel Corporation
2018-02-04 10:47 - 2018-02-04 10:49 - 000000000 ____D C:\Users\Kaze\AppData\Local\NVIDIA Corporation
2018-02-04 10:47 - 2018-02-04 10:48 - 000000000 ____D C:\Users\Kaze\AppData\Local\Dropbox
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\MobiSystems Inc
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Zemana
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Wondershare
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Publishers
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Mobisystems
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\Logitech
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\iSkysoft
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\DBG
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\CrashRpt
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Local\CrashDumps
2018-02-04 10:47 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\ansel
2018-02-04 10:46 - 2018-02-04 10:47 - 000000000 ___RD C:\Users\Kaze\Virtual Machines
2018-02-04 10:46 - 2018-02-04 10:47 - 000000000 ___RD C:\Users\Kaze\3D Objects
2018-02-04 10:46 - 2018-02-04 10:47 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Adobe
2018-02-04 10:45 - 2018-02-04 10:45 - 000000000 ____D C:\Users\Kaze\AppData\Local\VirtualStore
2018-02-04 10:45 - 2018-02-04 10:45 - 000000000 ____D C:\Users\Kaze\AppData\Local\NVIDIA
2018-02-04 10:45 - 2018-02-04 10:45 - 000000000 ____D C:\Users\Kaze\AppData\Local\ConnectedDevicesPlatform
2018-02-04 10:42 - 2018-02-04 10:42 - 000000000 ____D C:\Users\Blade\AppData\Local\wdrpklg
2018-02-04 10:36 - 2018-02-04 10:36 - 000000933 _____ C:\Users\Blade\Desktop\virus-ad-mal remover - Shortcut.lnk
2018-02-04 09:31 - 2018-02-04 09:31 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\AVAST Software
2018-02-04 09:31 - 2018-02-04 09:31 - 000000000 ____D C:\Users\Kaze\AppData\Local\CEF
2018-02-04 09:27 - 2018-02-04 09:28 - 000041574 _____ C:\TDSSKiller.3.1.0.16_04.02.2018_11.27.39_log.txt
2018-02-04 09:23 - 2018-02-04 09:23 - 000000000 ____D C:\Users\Kaze\AppData\Local\avhltcg
2018-02-04 08:38 - 2018-02-04 08:38 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zam64.sys
2018-02-04 08:38 - 2018-02-04 08:38 - 000000898 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-04 08:04 - 2018-02-04 08:06 - 000000000 ____D C:\Users\Blade\Desktop\continent of the ninth seal
2018-02-04 07:25 - 2018-02-04 07:25 - 000001090 _____ C:\Users\Blade\Desktop\DLLSuite.lnk
2018-02-04 07:24 - 2018-02-04 07:25 - 000000000 ____D C:\Program Files (x86)\DLL Suite
2018-02-03 21:54 - 2018-02-01 15:29 - 000000855 _____ C:\Windows\System32\Drivers\etc\hosts.20180203-235432.backup
2018-02-03 21:50 - 2018-02-01 15:29 - 000000855 _____ C:\Windows\System32\Drivers\etc\hosts.20180203-235004.backup
2018-02-03 20:16 - 2018-02-04 10:45 - 000094144 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-02-02 17:01 - 2018-02-02 17:01 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-1030573958-117225573-3337015165-1001
2018-02-02 16:55 - 2018-02-02 16:55 - 000001593 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-02-02 16:55 - 2018-02-02 16:55 - 000000000 ____D C:\Program Files\iPod
2018-02-02 16:52 - 2018-02-02 16:52 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-02-02 16:52 - 2018-02-02 16:52 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-02-02 16:43 - 2018-02-02 16:43 - 000000950 _____ C:\Users\Kaze\Desktop\virus-ad-mal remover - Shortcut.lnk
2018-02-02 16:38 - 2018-02-02 16:38 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\SUPERAntiSpyware.com
2018-02-02 16:36 - 2018-02-02 16:36 - 000000000 ____D C:\Users\Kaze\AppData\Local\weoirtm
2018-02-02 16:36 - 2018-02-02 16:36 - 000000000 ____D C:\Users\Kaze\AppData\Local\cohrgun
2018-02-02 16:35 - 2018-02-04 10:49 - 000000000 ____D C:\Users\Kaze\AppData\Local\Packages
2018-02-02 16:34 - 2018-02-04 10:53 - 000000000 ____D C:\users\Kaze
2018-02-02 16:34 - 2018-02-04 09:22 - 000000000 ____D C:\Users\Kaze\AppData\Local\Google
2018-02-02 16:34 - 2018-02-02 16:34 - 000000020 ___SH C:\Users\Kaze\ntuser.ini
2018-02-02 16:34 - 2017-07-03 16:06 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\TuneUp Software
2018-02-02 16:34 - 2017-07-03 16:06 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Media Center Programs
2018-02-02 16:34 - 2017-07-03 16:06 - 000000000 ____D C:\Users\Kaze\AppData\Roaming\Macromedia
2018-02-02 16:34 - 2017-07-03 16:06 - 000000000 ____D C:\Users\Kaze\AppData\Local\Microsoft Help
2018-02-02 16:26 - 2018-02-02 16:27 - 000049496 _____ C:\TDSSKiller.3.1.0.16_02.02.2018_18.26.53_log.txt
2018-02-02 13:48 - 2018-02-06 02:50 - 000193968 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-02-02 06:47 - 2018-02-06 17:54 - 000046008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-02-01 21:43 - 2018-02-01 21:43 - 000001649 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2018-02-01 17:12 - 2018-02-06 17:54 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-02-01 16:01 - 2018-02-01 16:01 - 000001099 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-02-01 16:01 - 2017-05-23 07:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\System32\sdnclean64.exe
2018-02-01 15:51 - 2018-02-04 07:06 - 000000000 ____D C:\ProgramData\Adguard
2018-02-01 15:51 - 2018-02-01 15:51 - 000000258 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2018-02-01 15:51 - 2018-02-01 15:51 - 000000258 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2018-02-01 15:51 - 2018-02-01 15:51 - 000000258 _____ C:\ProgramData\fontcacheev1.dat
2018-02-01 15:00 - 2018-02-01 15:00 - 000001053 _____ C:\Users\Blade\Desktop\Tweaking.com - Windows Repair.lnk
2018-02-01 15:00 - 2018-02-01 15:00 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-02-01 14:20 - 2018-02-06 02:50 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-02-01 14:20 - 2018-02-01 16:42 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-02-01 14:20 - 2018-02-01 14:20 - 000000976 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-01 14:20 - 2018-02-01 14:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-01 14:05 - 2018-02-01 14:14 - 001107444 _____ C:\Users\Blade\Desktop\mb-clean-results.txt
2018-02-01 14:01 - 2018-02-01 14:01 - 000000000 ____D C:\ProgramData\LHService
2018-01-31 21:43 - 2018-01-31 21:45 - 000000000 ____D C:\ProgramData\LockHunter
2018-01-31 21:41 - 2018-01-31 21:41 - 000000000 ____D C:\Users\Blade\AppData\Roaming\LockHunter
2018-01-31 21:07 - 2018-01-31 21:07 - 000000907 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-01-31 20:47 - 2018-01-31 20:47 - 000000000 ____D C:\Users\Blade\AppData\Roaming\SUPERAntiSpyware.com
2018-01-31 20:47 - 2018-01-31 20:47 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-01-31 20:41 - 2018-01-31 20:41 - 000000904 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2018-01-31 20:02 - 2018-02-06 17:54 - 000000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2018-01-31 19:44 - 2018-02-01 14:49 - 000000000 ____D C:\@RestoreQuarantine
2018-01-31 19:12 - 2018-01-31 19:12 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2018-01-31 19:12 - 2018-01-31 19:12 - 000000000 ____D C:\ProgramData\RegRun
2018-01-31 19:11 - 2018-02-01 14:45 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-01-31 19:11 - 2018-02-01 14:45 - 000000000 ____D C:\Users\Blade\Documents\RegRun2
2018-01-31 19:11 - 2018-01-31 19:11 - 000000761 _____ C:\Users\Blade\Desktop\UnHackMe.lnk
2018-01-31 19:11 - 2018-01-31 19:11 - 000000418 _____ C:\Windows\Tasks\UnHackMe Task Scheduler.job
2018-01-31 19:11 - 2018-01-31 19:11 - 000000002 RSHOT C:\Windows\winstart.bat
2018-01-31 19:11 - 2018-01-31 19:11 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2018-01-31 19:11 - 2018-01-31 19:11 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2018-01-31 19:11 - 2018-01-31 11:32 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2018-01-31 19:11 - 2015-12-28 09:32 - 000049968 _____ (Greatis Software) C:\Windows\System32\partizan.exe
2018-01-31 18:56 - 2018-01-31 18:56 - 000000382 _____ C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job
2018-01-31 18:53 - 2018-01-31 18:53 - 000197058 _____ C:\Users\Blade\GPReport.html
2018-01-30 21:55 - 2017-07-04 12:00 - 000000855 _____ C:\Windows\System32\Drivers\etc\hosts.20180130-235503.backup
2018-01-30 21:06 - 2018-01-30 21:06 - 000039928 _____ C:\TDSSKiller.3.1.0.16_30.01.2018_23.06.11_log.txt
2018-01-30 16:31 - 2018-01-30 17:07 - 000000000 ____D C:\Users\Blade\AppData\Roaming\Tera_Awesomium
2018-01-30 06:24 - 2018-01-30 06:26 - 000000000 ____D C:\Users\Blade\Desktop\New folder (2)
2018-01-29 22:17 - 2018-01-29 22:17 - 000002856 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-01-29 22:02 - 2018-01-29 22:02 - 000061304 _____ () C:\Windows\System32\Drivers\lpsport.sys.151729212760902
2018-01-29 22:02 - 2018-01-29 22:02 - 000045704 _____ () C:\Windows\System32\Drivers\staport.sys.151729212881203
2018-01-29 22:01 - 2018-01-26 09:31 - 000365680 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2018-01-29 21:57 - 2018-01-29 21:57 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2018-01-29 21:39 - 2018-01-29 21:39 - 000000000 ____D C:\Users\Blade\AppData\Roaming\LAN Messenger
2018-01-29 21:20 - 2018-01-29 21:20 - 000238012 _____ C:\Users\Blade\Desktop\mb-check-results.zip
2018-01-29 20:59 - 2018-01-29 20:59 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-29 20:59 - 2018-01-23 14:42 - 000137712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-01-29 20:59 - 2017-11-02 12:15 - 000928568 _____ C:\Windows\System32\vulkan-1.dll
2018-01-29 20:59 - 2017-11-02 12:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-01-29 20:59 - 2017-11-02 12:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-01-29 20:59 - 2017-11-02 12:14 - 000591672 _____ C:\Windows\System32\vulkaninfo.exe
2018-01-29 20:56 - 2018-01-23 16:23 - 040269808 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 035180016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 019796336 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 016449872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 013444552 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 012843496 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 011026080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 010900248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 004308976 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 003709424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001976120 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6439077.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001673616 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6439077.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001334808 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFThevc.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001325384 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFTH264.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001134768 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001126888 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001054704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001049480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 001043128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000988464 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000939832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000795928 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000740336 _____ (NVIDIA Corporation) C:\Windows\System32\nvDecMFTMjpeg.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000635248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000618928 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000616240 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000599352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-01-29 20:56 - 2018-01-23 16:23 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-01-29 19:52 - 2018-01-29 19:52 - 000040732 _____ C:\TDSSKiller.3.1.0.16_29.01.2018_21.52.28_log.txt
2018-01-27 15:20 - 2018-01-27 15:20 - 000000000 ____D C:\Users\Blade\Desktop\Laevani
2018-01-27 12:36 - 2018-01-27 12:36 - 000000000 ___HD C:\OneDriveTemp
2018-01-27 09:03 - 2018-01-27 09:03 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-26 09:34 - 2018-01-26 09:34 - 000000000 _____ C:\Windows\System32\last.dump
2018-01-26 09:32 - 2018-01-29 22:02 - 000001035 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-26 09:32 - 2018-01-26 09:32 - 000000000 ____D C:\Users\Blade\AppData\Roaming\AVAST Software
2018-01-26 09:31 - 2018-02-02 16:54 - 000004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-26 09:31 - 2018-01-29 22:02 - 000457896 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-01-26 09:31 - 2018-01-29 22:02 - 000146648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-01-26 09:31 - 2018-01-29 22:01 - 000457400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys.151729212864009
2018-01-26 09:31 - 2018-01-29 22:01 - 000146664 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys.151729212864009
2018-01-26 09:31 - 2018-01-26 09:31 - 000457896 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa55307983ece2e95.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000358672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000358672 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5ea55035c1ed5c14.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000204456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000204456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe77aca6574482be2.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000185096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000185096 _____ (AVAST Software) C:\Windows\System32\Drivers\asw86773fcba79eab30.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000146648 _____ (AVAST Software) C:\Windows\System32\Drivers\asw37b431712c81d9f1.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000110336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000110336 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9b0a6e345cf2bde4.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000084384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000084384 _____ (AVAST Software) C:\Windows\System32\Drivers\asw627c17f477d1a6ee.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000061304 _____ () C:\Windows\System32\Drivers\lpsport.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4d3e477c706725f1.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000045704 _____ () C:\Windows\System32\Drivers\staport.sys
2018-01-26 09:31 - 2018-01-26 09:31 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-01-26 09:31 - 2018-01-26 09:31 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-26 09:31 - 2018-01-26 09:30 - 001025176 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-01-26 09:31 - 2018-01-26 09:30 - 001025176 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc4cc8294e30abfb0.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-01-26 09:31 - 2018-01-26 09:30 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\asw8ba6806676092aa5.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-01-26 09:31 - 2018-01-26 09:30 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa9c441ba3a85ef35.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-01-26 09:31 - 2018-01-26 09:30 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa40b6479802dd0b6.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000149344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-01-26 09:31 - 2018-01-26 09:30 - 000149344 _____ (AVAST Software) C:\Windows\System32\Drivers\asw6eeea1b6f895169a.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe2020c1053d5f983.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-01-26 09:28 - 2018-01-26 10:08 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-26 09:18 - 2018-02-06 17:55 - 000074188 _____ C:\Windows\ZAM.krnl.trace
2018-01-26 09:18 - 2018-02-06 17:55 - 000026452 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-26 09:18 - 2018-01-26 09:18 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2018-01-26 09:17 - 2018-01-26 09:17 - 000000000 ____D C:\Users\Blade\AppData\Local\Zemana
2018-01-26 09:12 - 2018-01-26 09:13 - 000038622 _____ C:\TDSSKiller.3.1.0.16_26.01.2018_11.12.33_log.txt
2018-01-25 10:09 - 2018-02-01 17:40 - 000000000 ____D C:\EEK
2018-01-25 10:09 - 2018-01-25 10:09 - 000000762 _____ C:\Users\Blade\Desktop\Start Emsisoft Emergency Kit.lnk
2018-01-25 09:58 - 2018-02-04 10:41 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-25 09:32 - 2018-02-06 02:38 - 000031724 _____ C:\Users\Blade\Desktop\Rkill.txt
2018-01-25 09:25 - 2018-01-25 09:32 - 000044116 _____ C:\TDSSKiller.3.1.0.16_25.01.2018_11.25.33_log.txt
2018-01-25 09:24 - 2018-01-25 09:24 - 000000366 _____ C:\TDSSKiller.3.1.0.11_25.01.2018_11.24.47_log.txt
2018-01-24 13:57 - 2018-01-24 13:57 - 000003608 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-scorch316@hotmail.com
2018-01-24 13:51 - 2018-02-06 17:54 - 000000000 ____D C:\Windows\Minidump
2018-01-24 13:43 - 2018-01-24 13:43 - 000079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\bcdukjwy.sys
2018-01-24 13:20 - 2018-01-24 13:58 - 000001298 _____ C:\Users\Blade\Desktop\Google Chrome.lnk
2018-01-24 13:16 - 2018-02-06 17:54 - 002888704 _____ C:\Windows\System32\dsarcumsvc.exe
2018-01-24 13:16 - 2018-01-24 13:16 - 000000020 _____ C:\Windows\b77337056
2018-01-24 13:16 - 2018-01-24 13:16 - 000000000 ____D C:\Windows\System32\nietgdk
2018-01-24 01:03 - 2018-01-24 01:03 - 000053573 _____ C:\Windows\uninstaller.dat
2018-01-22 10:11 - 2018-01-22 10:11 - 001059826 _____ C:\Users\Blade\Desktop\DesertedShockingAlpineroadguidetigerbeetle.webm
2018-01-22 03:19 - 2018-01-22 03:19 - 000045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2018-01-22 03:19 - 2018-01-22 03:19 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2018-01-22 03:19 - 2018-01-22 03:19 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
2018-01-20 02:58 - 2018-01-20 02:58 - 000000000 ____D C:\Users\Blade\Desktop\New folder
2018-01-17 08:27 - 2018-01-17 08:27 - 000000000 ____D C:\Users\Blade\AppData\Roaming\DS4Windows
2018-01-17 06:23 - 2018-01-28 20:58 - 000047096 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2018-01-17 06:23 - 2018-01-17 06:23 - 000000000 ____D C:\Users\Blade\AppData\LocalLow\DNF
2018-01-14 21:52 - 2018-01-14 21:52 - 000000023 _____ C:\Users\Blade\Desktop\bonus rolls.txt
2018-01-14 15:36 - 2018-01-30 21:34 - 000000000 ____D C:\Users\Blade\AppData\Local\FFXIV_GameSense
2018-01-14 13:22 - 2018-01-14 13:35 - 164810334 _____ C:\Users\Blade\Desktop\223148.mp4
2018-01-10 13:32 - 2018-01-10 13:34 - 000000000 ____D C:\Users\Blade\Documents\The Crew
2018-01-10 13:32 - 2018-01-10 13:32 - 000000000 ____D C:\Users\Blade\Documents\ProfileCache
2018-01-10 13:32 - 2018-01-10 13:32 - 000000000 ____D C:\Users\Blade\AppData\Local\Ubisoft
2018-01-10 13:27 - 2018-01-10 13:30 - 000000000 ____D C:\Users\Blade\AppData\Local\PAYDAY 2
2018-01-10 13:24 - 2018-01-10 13:27 - 000000000 ____D C:\Users\Blade\Documents\Assassin's Creed IV Black Flag
2018-01-10 13:16 - 2018-01-10 13:16 - 000000000 ____D C:\Windows\System32\Drivers\NVIDIA Corporation
2018-01-10 13:14 - 2018-01-03 17:44 - 001975184 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6439065.dll
2018-01-10 13:14 - 2018-01-03 17:44 - 001674544 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6439065.dll
2018-01-10 13:14 - 2018-01-03 17:44 - 000045600 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2018-01-09 21:18 - 2018-01-09 21:19 - 000000000 ____D C:\Users\Blade\Desktop\Red Apple 2
2018-01-08 18:44 - 2018-01-08 18:46 - 000000000 ____D C:\Users\Blade\Desktop\Skysong Engineering
2018-01-08 13:15 - 2018-01-22 03:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-06 20:05 - 2017-03-11 13:22 - 000000000 ____D C:\Users\Blade\AppData\Local\RLPlatform
2018-02-06 20:05 - 2016-03-15 16:53 - 000000000 ____D C:\Users\Blade\AppData\Local\niemiro
2018-02-06 20:05 - 2012-10-12 20:30 - 000000000 ____D C:\Users\Blade\AppData\Local\Pando_Temp
2018-02-06 17:55 - 2017-11-16 13:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-06 17:54 - 2017-11-15 22:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-06 17:54 - 2017-11-15 22:32 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-02-06 17:54 - 2017-07-05 17:57 - 000485517 ____N C:\Windows\Minidump\020618-19984-01.dmp
2018-02-06 17:54 - 2017-04-24 20:41 - 000000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2018-02-06 17:52 - 2017-09-29 00:45 - 022282240 _____ C:\Windows\System32\config\HARDWARE
2018-02-06 17:52 - 2017-09-29 00:45 - 000786432 _____ C:\Windows\System32\config\BBI
2018-02-06 17:52 - 2017-02-09 13:35 - 000000000 ____D C:\Users\Blade\AppData\Roaming\Curse Client
2018-02-06 17:50 - 2017-11-15 22:33 - 002201854 _____ C:\Windows\System32\PerfStringBackup.INI
2018-02-06 17:49 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-02-06 17:48 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-02-06 17:45 - 2013-10-04 16:03 - 000000000 ____D C:\Users\Blade\AppData\Local\Battle.net
2018-02-06 17:44 - 2017-11-15 22:49 - 000000000 ____D C:\Users\Blade\AppData\Local\Deployment
2018-02-06 17:44 - 2017-07-31 15:08 - 000000000 ____D C:\Users\Blade\AppData\Local\Purplizer
2018-02-06 17:44 - 2017-07-31 14:46 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-02-06 17:44 - 2017-05-23 11:07 - 000000000 ___RD C:\Users\Blade\Google Drive
2018-02-06 17:44 - 2013-10-26 21:07 - 000000000 ____D C:\Users\Blade\AppData\Local\CrashDumps
2018-02-06 17:44 - 2012-07-08 16:52 - 000000000 ____D C:\Users\Blade\AppData\Local\Overwolf
2018-02-06 17:39 - 2011-11-03 17:12 - 000000000 ____D C:\Users\Blade\AppData\Local\Akamai
2018-02-06 11:48 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-06 11:48 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-02-06 02:54 - 2017-07-04 06:34 - 000000000 ___RD C:\Users\Blade\Dropbox
2018-02-06 02:47 - 2017-12-10 15:12 - 001508864 ___SH C:\Users\Blade\Desktop\Thumbs.db
2018-02-06 02:46 - 2017-07-05 17:57 - 000371429 ____N C:\Windows\Minidump\020618-58359-01.dmp
2018-02-05 18:49 - 2017-12-13 22:33 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-05 18:49 - 2017-12-13 22:33 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-04 12:12 - 2015-09-23 15:47 - 000000000 ____D C:\Users\Blade\AppData\Local\Glyph
2018-02-04 12:12 - 2015-09-23 15:47 - 000000000 ____D C:\ProgramData\Glyph
2018-02-04 10:56 - 2010-02-20 11:28 - 000000000 ____D C:\Users\Blade\AppData\Roaming\uTorrent
2018-02-04 10:54 - 2017-11-15 22:37 - 000000000 ____D C:\users\Blade
2018-02-04 10:54 - 2015-07-30 20:10 - 000000000 ____D C:\Users\Public\Documents\CrashDump
2018-02-04 10:50 - 2017-06-08 20:40 - 000000000 ____D C:\Users\Blade\AppData\LocalLow\Mozilla
2018-02-04 10:47 - 2015-09-09 21:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-04 10:44 - 2010-07-06 04:08 - 000000000 ____D C:\Windows\pss
2018-02-04 10:43 - 2010-02-20 12:51 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-02-04 10:41 - 2017-11-15 22:32 - 005004808 _____ C:\Windows\System32\FNTCACHE.DAT
2018-02-04 09:33 - 2016-10-04 13:58 - 000041080 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-02-04 09:32 - 2015-11-11 12:52 - 000001480 _____ C:\Windows\System32\.crusader
2018-02-04 09:25 - 2017-11-16 13:11 - 002122790 _____ C:\Windows\ntbtlog.txt
2018-02-04 09:25 - 2013-06-04 09:05 - 000000000 ____D C:\users\fbwuser
2018-02-04 09:25 - 2013-03-31 09:55 - 000000000 ____D C:\users\TEMP
2018-02-04 09:25 - 2010-07-02 16:01 - 000000000 ____D C:\users\Mcx1-BLADE-PC
2018-02-04 09:23 - 2014-07-27 13:34 - 000000000 ____D C:\AdwCleaner
2018-02-04 08:58 - 2010-02-13 14:32 - 000000000 ___RD C:\Users\Blade\Desktop\Shortcuts
2018-02-04 07:07 - 2013-05-31 19:08 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-03 20:18 - 2017-11-15 22:37 - 000000000 ____D C:\users\DefaultAppPool
2018-02-02 17:03 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2018-02-02 16:54 - 2015-06-02 12:32 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-02-02 16:53 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-02-02 16:46 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-02-02 16:30 - 2017-06-09 13:09 - 000000000 ____D C:\Users\Blade\AppData\Local\ElevatedDiagnostics
2018-02-01 15:00 - 2017-11-16 16:36 - 000365211 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-02-01 14:29 - 2010-04-24 12:37 - 000000000 ____D C:\!KillBox
2018-01-31 20:41 - 2012-06-09 05:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-31 20:16 - 2016-04-21 15:19 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-31 18:25 - 2017-11-15 22:50 - 000003362 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1030573958-117225573-3337015165-1001
2018-01-31 18:25 - 2017-07-03 23:50 - 000000000 __RDL C:\Users\Blade\OneDrive
2018-01-30 21:55 - 2013-04-05 14:45 - 000450600 _____ C:\Windows\System32\Drivers\etc\hosts_bak_478
2018-01-30 18:51 - 2014-11-25 20:45 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-01-30 10:15 - 2015-05-22 14:38 - 000000000 ____D C:\Users\Blade\AppData\Roaming\avidemux
2018-01-29 22:03 - 2017-11-04 12:17 - 000000000 ____D C:\Users\Blade\AppData\Roaming\FileZilla
2018-01-29 21:40 - 2012-05-02 15:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 21:18 - 2010-11-15 10:09 - 000000000 ____D C:\Users\Blade\AppData\Roaming\DivX
2018-01-29 21:18 - 2010-11-15 10:07 - 000000000 ____D C:\ProgramData\DivX
2018-01-29 21:00 - 2017-11-16 13:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-29 21:00 - 2012-01-30 13:32 - 000000000 ____D C:\Temp
2018-01-29 20:59 - 2017-11-16 14:42 - 000000000 ____D C:\Users\Blade\AppData\Local\NVIDIA
2018-01-29 20:23 - 2017-03-02 18:52 - 000000000 ____D C:\Program Files (x86)\KMSPico
2018-01-29 19:25 - 2017-10-20 10:26 - 000000000 ____D C:\Users\Blade\Desktop\school stuff
2018-01-29 16:43 - 2017-12-14 21:05 - 000000000 ____D C:\Users\Blade\Desktop\3dx
2018-01-26 10:14 - 2010-02-20 12:18 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-01-26 10:03 - 2010-02-20 12:18 - 000000000 ____D C:\ProgramData\Skype
2018-01-25 09:43 - 2017-11-15 22:45 - 000003642 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-01-25 09:36 - 2011-04-17 07:57 - 000000000 ____D C:\ProgramData\ICQ
2018-01-24 13:57 - 2010-02-20 10:27 - 000000000 ____D C:\Users\Blade\AppData\Roaming\Adobe
2018-01-24 13:56 - 2015-09-12 10:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-24 13:50 - 2017-07-05 15:04 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-24 13:43 - 2015-10-12 14:33 - 000000000 ____D C:\Windows\Install
2018-01-23 23:16 - 2010-02-19 18:06 - 000548000 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2018-01-23 20:10 - 2017-02-16 11:53 - 000000000 ____D C:\Users\Blade\ansel
2018-01-23 20:08 - 2017-11-15 22:45 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-11-15 22:45 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-11-15 22:45 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-11-15 22:45 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-11-15 22:45 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-11-15 22:45 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-11-15 22:45 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-11-15 22:45 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-23 20:08 - 2017-07-05 15:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-23 16:23 - 2017-11-16 14:39 - 003894304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-01-23 16:23 - 2017-11-16 14:39 - 000057928 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2018-01-23 16:23 - 2017-05-19 15:47 - 004580832 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2018-01-23 16:23 - 2017-05-19 12:22 - 000048407 _____ C:\Windows\System32\nvinfo.pb
2018-01-23 15:11 - 2017-11-16 13:45 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-01-23 14:57 - 2017-11-16 13:45 - 005950024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2018-01-23 14:57 - 2017-11-16 13:45 - 002589168 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2018-01-23 14:57 - 2017-11-16 13:45 - 001766288 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2018-01-23 14:57 - 2017-11-16 13:45 - 000633328 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2018-01-23 14:57 - 2017-11-16 13:45 - 000450352 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2018-01-23 14:57 - 2017-11-16 13:45 - 000122768 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2018-01-23 14:57 - 2017-11-16 13:45 - 000082744 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2018-01-21 21:46 - 2017-11-16 13:45 - 007947791 _____ C:\Windows\System32\nvcoproc.bin
2018-01-21 10:39 - 2013-09-24 16:04 - 000000000 ____D C:\Users\Blade\AppData\Roaming\SimulationCraft
2018-01-19 00:05 - 2015-10-13 13:23 - 000000000 ____D C:\ProgramData\MEGAsync
2018-01-17 11:09 - 2017-05-08 13:00 - 000098400 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\System32\libusbK.dll
2018-01-17 11:09 - 2017-05-08 13:00 - 000083552 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll
2018-01-17 11:09 - 2017-05-08 13:00 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\System32\libusb0.dll
2018-01-17 11:09 - 2017-05-08 13:00 - 000067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2018-01-17 11:09 - 2017-05-08 13:00 - 000047200 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\System32\Drivers\libusbK.sys
2018-01-17 06:19 - 2013-10-16 14:24 - 000000000 ____D C:\ProgramData\Oracle
2018-01-16 22:56 - 2013-03-08 15:04 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-16 22:49 - 2017-07-04 02:16 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-15 19:48 - 2010-02-13 14:31 - 000000000 ____D C:\Users\Blade\Desktop\WoW
2018-01-14 21:12 - 2012-11-01 18:10 - 000000000 ____D C:\Users\Blade\AppData\Local\Ubisoft Game Launcher
2018-01-11 09:31 - 2016-07-02 12:55 - 000000000 ____D C:\Users\Blade\AppData\Roaming\discord
2018-01-10 13:35 - 2012-04-22 09:38 - 000000000 ____D C:\Users\Blade\Documents\My Games
2018-01-09 23:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 23:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\Macromed
2018-01-09 23:12 - 2013-07-21 10:24 - 000000000 ____D C:\Windows\System32\MRT
2018-01-09 23:07 - 2017-10-11 11:43 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-01-09 23:07 - 2010-02-19 18:44 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-01-09 23:05 - 2009-07-13 18:34 - 000000592 _____ C:\Windows\win.ini
2018-01-08 20:57 - 2016-07-02 12:59 - 000000000 ____D C:\Users\Blade\AppData\Local\Discord
2018-01-07 21:24 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
 
Some files in TEMP:
====================
2018-02-05 13:34 - 2017-09-29 05:42 - 000594552 _____ (Microsoft Corporation) C:\Users\Blade\AppData\Local\Temp\kernel32.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-01-04 18:13] - [2018-01-01 03:11] - 000715776 _____ (Microsoft Corporation) D0926E8FC082646487BD159538F4D9F5
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2018-01-04 18:13] - [2018-01-01 04:38] - 003904808 _____ (Microsoft Corporation) 92B369312AF5D0B83AEF82D5DE0428D2
 
C:\Windows\SysWOW64\explorer.exe
[2018-01-04 18:13] - [2018-01-01 03:46] - 003485392 _____ (Microsoft Corporation) 152D8FB49984351A39F87A592EECD896
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2018-01-04 18:13] - [2018-01-01 04:25] - 000615768 _____ (Microsoft Corporation) AB75687641C9ADBE22336EC3C496909C
 
C:\Windows\System32\User32.dll
[2017-12-13 08:10] - [2017-12-07 15:34] - 001634288 _____ (Microsoft Corporation) 0370364D4D8846B6CF316ABBB2EDB083
 
C:\Windows\SysWOW64\User32.dll
[2017-12-13 08:10] - [2017-12-07 14:56] - 001528904 _____ (Microsoft Corporation) 5D41A00F6ED104C9639D5CBF0D38A1D6
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2017-12-13 08:10] - [2017-12-07 15:12] - 000401304 _____ (Microsoft Corporation) 5B27846CF4B1C21AFB3A35A8336BA02F
 
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2018-02-04 12:14
Restore point date: 2018-02-06 02:40
Restore point date: 2018-02-06 13:43
Restore point date: 2018-02-06 17:44
 
==================== Memory info =========================== 
 
Percentage of memory in use: 4%
Total physical RAM: 32710.84 MB
Available physical RAM: 31246.43 MB
Total Virtual: 32710.84 MB
Available Virtual: 31316.21 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:464.49 GB) (Free:256.94 GB) NTFS
Drive d: (Programs) (Fixed) (Total:3726.02 GB) (Free:1495.99 GB) NTFS
Drive e: (Other Stuffs) (Fixed) (Total:931.51 GB) (Free:492.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:931.5 GB) (Free:601.4 GB) exFAT
Drive h: () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
Drive o: (RECOVERY) (Removable) (Total:14.9 GB) (Free:8.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.38 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0176A26D)
Partition 1: (Active) - (Size=391 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 07631FEF)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 0E34AC68)
 
Partition: GPT.
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4A18CCF4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 9 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
LastRegBack: 2018-02-04 23:24
 
==================== End of FRST.txt ============================
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/6/18
Scan Time: 8:15 PM
Log File: bb480ffa-0bac-11e8-abd3-7824afbc1503.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3886
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: BLADE-PC\Blade
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 649884
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 33 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.CityPageToday, C:\USERS\BLADE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [8041], [480530],1.0.3886
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 07 February 2018 - 02:18 PM

Nice going! Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 scorcher64

scorcher64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 February 2018 - 09:57 PM

RogueKiller V12.12.3.0 (x64) [Feb  5 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Blade [Administrator]
Started from : C:\Users\Blade\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 02/07/2018 18:22:53 (Duration : 00:40:20)
 
¤¤¤ Processes : 1 ¤¤¤
[Adw.Elex|Adw.Wizzcaster] MBAMService.exe(25076) -- D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[7] -> Killed [DrvNtTerm]
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1030573958-117225573-3337015165-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1030573958-117225573-3337015165-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {69B0FAF2-21BD-4019-A6DD-817DCCD6CDC9} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\vindictus\appdata\en-US\NMService.exe|Name=Nexon Messenger Core| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3E97DBA-F0E3-4A51-95A6-41FFC5C7EF11} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\vindictus\appdata\en-US\NMService.exe|Name=Nexon Messenger Core| [7] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1030573958-117225573-3337015165-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1030573958-117225573-3337015165-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1030573958-117225573-3337015165-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1030573958-117225573-3337015165-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Replaced (1)
 
¤¤¤ Tasks : 1 ¤¤¤
[PUP.Gen0] %WINDIR%\Tasks\Chrome Cleanup Tool logs upload retry.job -- d:\downloads\chrome_cleanup_tool.exe (--upload-log-file --cleanup-id=6d658645-8882-4b20-82a1-fedd8023aa7d) -> Deleted
 
¤¤¤ Files : 20 ¤¤¤
[PUP.Gen1][File] C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Recent\athw10x.inf.lnk [LNK@] C:\Users\Blade\AppData\Roaming\Easeware\DriverEasy\drivers\i2fcyr10.sdj\athw10x.inf -> Deleted
[PUP.Gen1][File] C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Recent\heci.inf.lnk [LNK@] C:\Users\Blade\AppData\Roaming\Easeware\DriverEasy\drivers\bzsat45t.dja\heci.inf -> Deleted
[PUP.Gen1][File] C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Recent\iccwdt.inf.lnk [LNK@] C:\Users\Blade\AppData\Roaming\Easeware\DriverEasy\drivers\cldvh3bl.nqz\iccwdt.inf -> Deleted
[PUP.Gen1][File] C:\Users\Blade\AppData\Roaming\Microsoft\Windows\Recent\lynxpoint-hrefreshsystem.inf.lnk [LNK@] C:\Users\Blade\AppData\Roaming\Easeware\DriverEasy\drivers\fi0ofkis.agl\lynxpoint-hrefreshsystem.inf -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Blade\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] m7pawn2m.default : user_pref("browser.search.selectedEngine", "Search Provided by Yahoo"); -> Deleted
[PUM.SearchEngine][Firefox:Config] m7pawn2m.default : user_pref("browser.search.defaultenginename", "Search Provided by Yahoo"); -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 500G SCSI Disk Device +++++
--- User ---
[MBR] d1419be0906008117df23e78efedccb6
[BSP] 4351ba2fb67f43c19ac124649370477a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 391 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 819200 | Size: 475633 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 974917632 | Size: 455 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST4000DM000-1F2168 +++++
--- User ---
[MBR] f635795474c0d976b394bce192584aaa
[BSP] f011348e56488c90acd1097900508b54 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 -  | Offset (sectors): 2048 | Size: 3815446 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: ST1000DM003-1ER162 +++++
--- User ---
[MBR] e3384cc91760866b8605cbe38f63f14e
[BSP] 3c6c14e695cf10e855503cb53026b5e5 : Empty|VT.Unknown MBR Code
Partition table:
0 -  | Offset (sectors): 63 | Size: 953864 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Seagate Expansion+ SCSI Disk Device +++++
--- User ---
[MBR] a7cd007978e62e7c5e96752e1bcbc517
[BSP] c0540b33f6e2b7db05dde0e360186cb2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive5: Generic- SD/MMC +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive6: Generic- Compact Flash +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive7: Generic- SM/xD-Picture +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive8: Generic- MS/MS-Pro +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive9: HP HP Officejet Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
# AdwCleaner 7.0.7.0 - Logfile created on Thu Feb 08 02:55:28 2018
# Updated on 2018/18/01 by Malwarebytes 
# Database: 02-06-2018.1
# Running on Windows 10 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C2].txt - [24432 B] - [2015/11/11 4:57:49]
C:/AdwCleaner/AdwCleaner[C3].txt - [11895 B] - [2015/12/3 21:27:21]
C:/AdwCleaner/AdwCleaner[C4].txt - [2623 B] - [2016/1/20 5:53:16]
C:/AdwCleaner/AdwCleaner[C5].txt - [20020 B] - [2016/10/4 21:56:10]
C:/AdwCleaner/AdwCleaner[S0].txt - [31218 B] - [2014/7/28 23:7:51]
C:/AdwCleaner/AdwCleaner[S3].txt - [22662 B] - [2015/11/11 4:56:21]
C:/AdwCleaner/AdwCleaner[S4].txt - [11553 B] - [2015/12/3 21:24:20]
C:/AdwCleaner/AdwCleaner[S5].txt - [2598 B] - [2016/1/20 5:50:48]
C:/AdwCleaner/AdwCleaner[S6].txt - [18928 B] - [2016/10/4 21:52:13]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########

It never asked me to restart.



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 08 February 2018 - 04:12 PM

  • Highlight the entire content of the quote box below.

Start::
GroupPolicyScripts-x32: Restriction <==== ATTENTION
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Services\gwtxeb /f
C:\WINDOWS\system32\drivers\exneilor.sys
HKU\Mcx1-BLADE-PC\...\Winlogon: [Shell] c:\windows\explorer.exe [3904808 2018-01-01] (Microsoft Corporation) <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - No File
URLSearchHook: HKLM-x32 - (No Name) - {d3f4b70a-92e0-4393-a0f3-976d03b1ebf5} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
Toolbar: HKU\.DEFAULT -> No Name - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No File
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\.DEFAULT -> No Name - {D3F4B70A-92E0-4393-A0F3-976D03B1EBF5} - No File
Toolbar: HKU\S-1-5-21-1030573958-117225573-3337015165-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
ShortcutTarget: Twitch.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File)
C:\Users\Blade\AppData\Local\Pando_Temp
C:\Users\Blade\AppData\Local\Temp\kernel32.dll
2018-01-26 11:31 - 2018-01-26 11:31 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa55307983ece2e95.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5ea55035c1ed5c14.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe77aca6574482be2.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw86773fcba79eab30.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw37b431712c81d9f1.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9b0a6e345cf2bde4.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw627c17f477d1a6ee.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4d3e477c706725f1.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswc4cc8294e30abfb0.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8ba6806676092aa5.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa9c441ba3a85ef35.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa40b6479802dd0b6.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6eeea1b6f895169a.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe2020c1053d5f983.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000457896 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa55307983ece2e95.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000358672 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5ea55035c1ed5c14.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000204456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe77aca6574482be2.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000185096 _____ (AVAST Software) C:\Windows\System32\Drivers\asw86773fcba79eab30.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000146648 _____ (AVAST Software) C:\Windows\System32\Drivers\asw37b431712c81d9f1.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000110336 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9b0a6e345cf2bde4.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000084384 _____ (AVAST Software) C:\Windows\System32\Drivers\asw627c17f477d1a6ee.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4d3e477c706725f1.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 001025176 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc4cc8294e30abfb0.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\asw8ba6806676092aa5.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa9c441ba3a85ef35.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa40b6479802dd0b6.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000149344 _____ (AVAST Software) C:\Windows\System32\Drivers\asw6eeea1b6f895169a.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe2020c1053d5f983.tmp
C:\Windows\System32\drivers\exnvybfi.sys
C:\Users\Blade\AppData\Local\niemiro
C:\Users\Blade\AppData\Local\Pando_Temp
C:\Users\Blade\AppData\Local\RLPlatform
C:\Users\Blade\AppData\Local\spevnth
C:\Users\Kaze\AppData\Local\exkmuhl
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 scorcher64

scorcher64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 08 February 2018 - 07:23 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08.02.2018
Ran by Blade (08-02-2018 17:24:33) Run:1
Running from M:\
Loaded Profiles: Blade & DefaultAppPool (Available Profiles: Blade & Kaze & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
GroupPolicyScripts-x32: Restriction <==== ATTENTION
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Services\gwtxeb /f
C:\WINDOWS\system32\drivers\exneilor.sys
HKU\Mcx1-BLADE-PC\...\Winlogon: [Shell] c:\windows\explorer.exe [3904808 2018-01-01] (Microsoft Corporation) <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - No File
URLSearchHook: HKLM-x32 - (No Name) - {d3f4b70a-92e0-4393-a0f3-976d03b1ebf5} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
Toolbar: HKU\.DEFAULT -> No Name - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No File
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\.DEFAULT -> No Name - {D3F4B70A-92E0-4393-A0F3-976D03B1EBF5} - No File
Toolbar: HKU\S-1-5-21-1030573958-117225573-3337015165-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
ShortcutTarget: Twitch.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File)
C:\Users\Blade\AppData\Local\Pando_Temp
C:\Users\Blade\AppData\Local\Temp\kernel32.dll
2018-01-26 11:31 - 2018-01-26 11:31 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa55307983ece2e95.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5ea55035c1ed5c14.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe77aca6574482be2.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw86773fcba79eab30.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw37b431712c81d9f1.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9b0a6e345cf2bde4.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw627c17f477d1a6ee.tmp
2018-01-26 11:31 - 2018-01-26 11:31 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4d3e477c706725f1.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswc4cc8294e30abfb0.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8ba6806676092aa5.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa9c441ba3a85ef35.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa40b6479802dd0b6.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6eeea1b6f895169a.tmp
2018-01-26 11:31 - 2018-01-26 11:30 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe2020c1053d5f983.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000457896 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa55307983ece2e95.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000358672 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5ea55035c1ed5c14.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000204456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe77aca6574482be2.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000185096 _____ (AVAST Software) C:\Windows\System32\Drivers\asw86773fcba79eab30.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000146648 _____ (AVAST Software) C:\Windows\System32\Drivers\asw37b431712c81d9f1.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000110336 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9b0a6e345cf2bde4.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000084384 _____ (AVAST Software) C:\Windows\System32\Drivers\asw627c17f477d1a6ee.tmp
2018-01-26 09:31 - 2018-01-26 09:31 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4d3e477c706725f1.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 001025176 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc4cc8294e30abfb0.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\asw8ba6806676092aa5.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa9c441ba3a85ef35.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa40b6479802dd0b6.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000149344 _____ (AVAST Software) C:\Windows\System32\Drivers\asw6eeea1b6f895169a.tmp
2018-01-26 09:31 - 2018-01-26 09:30 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe2020c1053d5f983.tmp
C:\Windows\System32\drivers\exnvybfi.sys
C:\Users\Blade\AppData\Local\niemiro
C:\Users\Blade\AppData\Local\Pando_Temp
C:\Users\Blade\AppData\Local\RLPlatform
C:\Users\Blade\AppData\Local\spevnth
C:\Users\Kaze\AppData\Local\exkmuhl
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
 
========= reg delete HKLM\SYSTEM\CurrentControlSet\Services\gwtxeb /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
"C:\WINDOWS\system32\drivers\exneilor.sys" => not found
"HKU\Mcx1-BLADE-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => not found
"C:\WINDOWS\SysWOW64\GroupPolicy\Machine" => not found
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{a6e4a4eb-d169-4e99-8988-250fcbafe767}" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2}" => removed successfully
HKLM\Software\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => key not found
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A6E4A4EB-D169-4E99-8988-250FCBAFE767}" => removed successfully
HKLM\Software\Classes\CLSID\{A6E4A4EB-D169-4E99-8988-250FCBAFE767} => key not found
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326}" => removed successfully
HKLM\Software\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326} => key not found
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3F4B70A-92E0-4393-A0F3-976D03B1EBF5}" => removed successfully
HKLM\Software\Classes\CLSID\{D3F4B70A-92E0-4393-A0F3-976D03B1EBF5} => key not found
"HKU\S-1-5-21-1030573958-117225573-3337015165-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2}" => removed successfully
HKLM\Software\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => key not found
"HKLM\Software\Classes\PROTOCOLS\Handler\livecall" => removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found
"HKLM\Software\Classes\PROTOCOLS\Handler\msnim" => removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect" => removed successfully
"C:\windows\system32\config\systemprofile\AppData\Roaming\Curse Client\Bin\Twitch.exe" => not found
C:\Users\Blade\AppData\Local\Pando_Temp => moved successfully
C:\Users\Blade\AppData\Local\Temp\kernel32.dll => moved successfully
C:\WINDOWS\system32\Drivers\aswa55307983ece2e95.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw5ea55035c1ed5c14.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswe77aca6574482be2.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw86773fcba79eab30.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw37b431712c81d9f1.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw9b0a6e345cf2bde4.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw627c17f477d1a6ee.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw4d3e477c706725f1.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswc4cc8294e30abfb0.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw8ba6806676092aa5.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswa9c441ba3a85ef35.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswa40b6479802dd0b6.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw6eeea1b6f895169a.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswe2020c1053d5f983.tmp => moved successfully
"C:\Windows\System32\Drivers\aswa55307983ece2e95.tmp" => not found
"C:\Windows\System32\Drivers\asw5ea55035c1ed5c14.tmp" => not found
"C:\Windows\System32\Drivers\aswe77aca6574482be2.tmp" => not found
"C:\Windows\System32\Drivers\asw86773fcba79eab30.tmp" => not found
"C:\Windows\System32\Drivers\asw37b431712c81d9f1.tmp" => not found
"C:\Windows\System32\Drivers\asw9b0a6e345cf2bde4.tmp" => not found
"C:\Windows\System32\Drivers\asw627c17f477d1a6ee.tmp" => not found
"C:\Windows\System32\Drivers\asw4d3e477c706725f1.tmp" => not found
"C:\Windows\System32\Drivers\aswc4cc8294e30abfb0.tmp" => not found
"C:\Windows\System32\Drivers\asw8ba6806676092aa5.tmp" => not found
"C:\Windows\System32\Drivers\aswa9c441ba3a85ef35.tmp" => not found
"C:\Windows\System32\Drivers\aswa40b6479802dd0b6.tmp" => not found
"C:\Windows\System32\Drivers\asw6eeea1b6f895169a.tmp" => not found
"C:\Windows\System32\Drivers\aswe2020c1053d5f983.tmp" => not found
"C:\Windows\System32\drivers\exnvybfi.sys" => not found
C:\Users\Blade\AppData\Local\niemiro => moved successfully
"C:\Users\Blade\AppData\Local\Pando_Temp" => not found
C:\Users\Blade\AppData\Local\RLPlatform => moved successfully
"C:\Users\Blade\AppData\Local\spevnth" => not found
C:\Users\Kaze\AppData\Local\exkmuhl => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-1030573958-117225573-3337015165-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1030573958-117225573-3337015165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1030573958-117225573-3337015165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 388198698 B
Java, Flash, Steam htmlcache => 400035440 B
Windows/system/drivers => 19364161 B
Edge => 23336391 B
Chrome => 841514609 B
Firefox => 97142908 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 86990 B
NetworkService => 869916 B
Blade => 835924051 B
Kaze => 34537402 B
DefaultAppPool => 0 B
 
RecycleBin => 107176 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:41:09 ====
 
How the computer is doing so far:
- I no longer get the "FLTMGR File System" BSOD when I log in too quickly.
- I no longer get redirected when doing a Google search
- All of Malwarebytes' Live  Protection is working
- Spybot S&D update service is running again.
- Zemana and its Live Protection is working. Because it is working now, it picked up these infections on boot-up. The detection report is listed below, however, I won't do anything until you say so:
 
Zemana AntiMalware 2.74.189.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018/2/8
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-4790K CPU @ 4.00GHz
BIOS Mode              : Legacy
CUID                   : 12F3EA54444E922D6F9741
Scan Type              : Scheduled Scan
Duration               : 3m 7s
Scanned Objects        : 391342
Detected Objects       : 2
Excluded Objects       : 5
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
oggihoncmelambjaefiboekididcaffe
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\oggihoncmelambjaefiboekididcaffe.crx
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - oggihoncmelambjaefiboekididcaffe
 
TesSafe.sys
Status             : Scanned
Object             : %systemroot%\system32\tessafe.sys
MD5                : 8D3FACB922606821A3F65934DE18CA4A
Publisher          : Tencent Technology(Shenzhen) Company Limited
Size               : 910992
Version            : 2.0.1.25169
Detection          : PUA:Win32/BrowserHijacker!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\system32\tessafe.sys
                Registry Entry - HKLM\System\CurrentControlSet\Services\TesSafe\ImagePath = \??\C:\Windows\system32\TesSafe.sys
 


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 09 February 2018 - 02:06 PM

Excellent! I can say the system is now clear, congratulations.

Use this utility to remove quarantined items.

Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Always keep your antivirus active and updated.

Best regards. :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 scorcher64

scorcher64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 February 2018 - 08:57 PM

# DelFix v1.013 - Logfile created 09/02/2018 at 19:53:07
# Updated 17/04/2016 by Xplode
# Username : Blade - BLADE-PC
# Operating System : Windows 10 Pro  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Blade\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.1.0.11_04.10.2016_16.37.37_log.txt
Deleted : C:\TDSSKiller.3.1.0.11_04.10.2016_16.38.23_log.txt
Deleted : C:\TDSSKiller.3.1.0.11_25.01.2018_11.24.47_log.txt
Deleted : C:\TDSSKiller.3.1.0.16_02.02.2018_18.26.53_log.txt
Deleted : C:\TDSSKiller.3.1.0.16_04.02.2018_11.27.39_log.txt
Deleted : C:\TDSSKiller.3.1.0.16_06.02.2018_04.37.35_log.txt
Deleted : C:\TDSSKiller.3.1.0.16_25.01.2018_11.25.33_log.txt
Deleted : C:\TDSSKiller.3.1.0.16_26.01.2018_11.12.33_log.txt
Deleted : C:\TDSSKiller.3.1.0.16_29.01.2018_21.52.28_log.txt
Deleted : C:\TDSSKiller.3.1.0.16_30.01.2018_23.06.11_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_04.10.2016_16.36.54_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_19.01.2016_22.55.44_log.txt
Deleted : C:\Users\Blade\Desktop\AdwCleaner.exe
Deleted : C:\Users\Blade\Desktop\Rkill.txt
Deleted : C:\Users\Blade\Desktop\RogueKiller_portable64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Creating registry backup ... OK
 
########## - EOF - ##########
 
Thanks again :)


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 10 February 2018 - 10:00 AM

You are welcome. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 10 February 2018 - 10:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users