Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably SmarService Rootkit.


  • This topic is locked This topic is locked
31 replies to this topic

#1 zetank

zetank

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 08 March 2018 - 05:11 PM

Like the title suggests I have the bing redirect virus that's most likely the SmarService Rootkit. the root program I've found but sadly is in the system32 files named sedzhcgsvc.exe. it was the only modified persistent program I see running from task manager since I got the virus even in safe mode. I've used malware bytes and it found 175 virus. which one of them was the svchost.exe and as it executed it/I got bluescreened and I can't seem to find an easy way to just simply delete the sedzhcgsvc.exe in system32. I've tried the ownership route and it still gives me errors. Any help would be great. :)
 
edit: It just recently started opening "Windows Process Manager" which is from appdata/local/spsltbz. which isn't accessible due to permissions. In the past it would open two programs with blank names but we're located in the svchost.exe in the system files and one of them was using 35%~ of my cpu and if I ended the task it would blue screen. Haven't had it open up yet today.
 
currently working on getting a scan.
 
O.S. Windows 8.1
 
Mod Edit:  Merged posts - Hamluis.


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by morgan (08-03-2018 16:27:46)
Running from G:\
Windows 8.1 Pro (Update) (X64) (2016-04-30 14:12:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-589677986-2538330077-3668394710-500 - Administrator - Disabled)
Guest (S-1-5-21-589677986-2538330077-3668394710-501 - Limited - Disabled)
morgan (S-1-5-21-589677986-2538330077-3668394710-1001 - Administrator - Enabled) => C:\Users\morgan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS B15.0630.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B15.0630.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
µTorrent (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
ACP Application (HKLM\...\{0A1ABEEF-037C-D922-08E1-AB1798F320BE}) (Version: 2017.0612.1633.42 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.1.0 - IObit)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte)
Aslain's WoT Modpack version 9.17.1.26 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 9.17.1.26 - Aslain)
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.11.0.631 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.55.6279 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{83D75873-9603-EA5A-948F-A5AEE78082C1}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.1.0 - IObit)
Epic Games Launcher (HKLM-x32\...\{AAA3417F-FEAD-4AF7-9C01-9FAE1BB44E3D}) (Version: 1.1.134.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.0.0.11" - Rockstar Games)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.2.0.11 - IObit)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League client alpha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenIV (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\OpenIV) (Version: 2.9.2.932 - .black/OpenIV Team)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (32-bit) (HKLM-x32\...\{C68BE7C0-355D-49B6-B950-A558FAA17451}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit) (HKLM-x32\...\{7665C66D-78C4-4B30-B4B9-8DD484403532}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (HKLM-x32\...\{2B2FED36-5D63-411A-A8C4-E311D70BCF33}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (HKLM-x32\...\{77EEC303-714C-4290-AF63-5252FDB5D7C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (HKLM-x32\...\{946BBA68-EDC0-4981-83D3-09592B9A84FA}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4F29879C-940D-4599-8CEC-407579F73DF7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (HKLM-x32\...\{65A2F7DA-ACD7-4EC1-8A88-665D535D9CE7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C387DB53-A25F-49E3-8DF7-94F47E5A7921}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (HKLM-x32\...\{FA87440D-634A-4581-AD9C-C6FA859B88DD}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (HKLM-x32\...\{9254A29B-0F60-444C-B5CE-DB7E2505474C}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.47.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
SiSoftware Sandra Lite 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.7.1 - IObit)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Twitcha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\67999eb9a2ff6a10) (Version: 0.7.3.2 - Hamsterface Productions)
twitcha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\twitcha) (Version: 2.1.15 - Joachim Lindstrom)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-4) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-5) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-6) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft Logs Uploader (HKLM-x32\...\{3F14B1F6-AF18-BC9F-400A-3C95435B872D}) (Version: 4.16 - UNKNOWN) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 4.16 - UNKNOWN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2017-06-09] (Ilya Morozov)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {010DCB95-046C-49CD-9A60-F81519C0F448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {010DCB95-046C-49CD-9A60-F81519C0F448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe
Task: {1B92A8DE-E5FF-4C6A-990F-4C7593B34979} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {258A9816-89EF-4B10-805B-4DD683DAA366} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {3BE452B7-76AB-4439-BAC8-1E2668AFDF5A} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe [2017-12-07] (IObit)
Task: {40434AE4-7DBB-4F75-A378-343100F6DB29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {49214252-BC6D-4F10-8795-88680442BF32} - System32\Tasks\{6736D612-52E8-45CA-BB5C-F759C9C0A3C4} => C:\Users\morgan\IuViyGLYEeay.exe [1623-04-04] (Microsoft Corporation)
Task: {6A4AA20A-D83A-490D-B172-63C8AA7EF4D8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {7A5DC740-B314-4C7D-B2DD-8779250D919E} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-10-16] (IObit)
Task: {7F7F994C-08D2-4FC6-8B27-47C2CAC7A585} - System32\Tasks\Uninstaller_SkipUac_morgan => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-12-12] (IObit)
Task: {84644CBE-A512-4E7E-AA0D-FC1949B77B4A} - System32\Tasks\{AE037B03-827F-402D-AAB3-5EF6509E218F} => C:\WINDOWS\OYoRAOSyqVpe.exe [1623-04-04] (Microsoft Corporation)
Task: {85AC2B15-AB51-43A7-B25D-9305B76B3142} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {8BDB6A48-39A0-4472-923C-10F97C1C511D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {8F4B3755-472F-4EA1-850D-580A4B4AE487} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {9E46E2D9-F8C0-43BE-8EF8-EC56A549EBA9} - System32\Tasks\Driver Booster SkipUAC (morgan) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe [2017-12-11] (IObit)
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe
Task: {DA70BC7B-FCAB-4477-9EE4-FD4B8A3657FD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {E2C391AB-3E6C-4BF3-98CF-17522822FA73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {E51DEAF0-6663-4C28-8EDD-C39B73D3EB39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {E67DFA32-B0ED-4A82-9988-095182846649} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-06-12] (Advanced Micro Devices, Inc.)
Task: {EEBD9451-B61F-46F4-8148-BEFFD9224C8C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {F7082A13-FDE6-459A-BEF3-139C66C61868} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\morgan\Desktop\runbot.bat.lnk -> C:\Users\morgan\MusicBot\runbot.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-23 23:20 - 2016-07-23 23:20 - 000924688 _____ () C:\Program Files\Common Files\ATI Technologies\Multimedia\amf-wic-jpeg-decoder64.dll
2016-07-25 14:07 - 2016-05-24 10:43 - 008909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-27 11:55 - 2016-11-27 11:55 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-02-26 20:57 - 2018-02-21 21:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-26 20:57 - 2018-02-21 21:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-01-08 21:28 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\morgan\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-08 21:28 - 2018-02-09 23:56 - 001780216 _____ () \\?\C:\Users\morgan\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-01-08 21:28 - 2018-01-26 00:31 - 009817080 _____ () \\?\C:\Users\morgan\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-08 21:28 - 2018-02-01 13:18 - 001508344 _____ () \\?\C:\Users\morgan\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-08 21:28 - 2018-01-08 21:28 - 000513016 _____ () \\?\C:\Users\morgan\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-08 21:28 - 2018-01-08 21:28 - 002662904 _____ () \\?\C:\Users\morgan\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-08 21:28 - 2018-02-01 13:18 - 001518072 _____ () \\?\C:\Users\morgan\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2018-03-05 17:22 - 000001692 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 asedownloadgate.com
127.0.0.1 ladomainadeserver.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 www.wizzmonetize.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morgan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\roy9hxq.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "booster"
HKLM\...\StartupApproved\Run32: => "Optimizer.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\StartupFolder: => "Twitcher.lnk"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "DiscordPTB"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "dergda"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "KV8#QxDWNk.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "vOURHF4Usu.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "zh-CN.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{249BF0DD-1A36-4D89-9C5F-AAAF9BFC565B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{124DE36B-5AA2-422C-B001-71F569D0D032}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{DCE49EA6-7C0A-4E54-A67E-84096549BBB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F2802592-2AE6-4C8E-BB58-B63A5AE0A973}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{728F82A9-ADD7-40E0-890F-DBF8EA1B9117}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{42D3FBED-FE9C-498F-8B4E-065365944E71}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F93082E4-5858-4768-BB06-8BA28AC4F064}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D6A60F53-DF96-4DE9-987F-1F7D748F7A71}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8151579B-A6AD-4FE8-B792-1CF781CFB91F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D6EAB96D-FE83-4A07-907F-D465807ECD58}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0D033D69-C816-4C22-A3BC-A83DC13FBCED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D40E6F80-60A2-4596-95E1-411B4745EF15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{8131BA07-58CB-473B-A829-6DFB391191CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{12617BEE-9DC7-4C68-A1F4-9BA280410001}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{320D157C-454A-49FA-B186-2BDC9EE7EAA8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{455C7B2C-0C03-42C7-9B2F-957EC2EAB389}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{24957D8D-B0A0-44AC-9B0D-18EAA0E1081A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{8D3599D3-A5F2-4685-93A1-A391F6E2E38A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{8EC33561-9E0B-42D8-8F00-2FB2D1DD3B92}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{325188CC-1960-4969-AFE1-5CDEA0E8C877}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6D2F36B1-111C-4370-8B6F-E348C1B6AFF3}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{72EA06E4-7432-4D9E-B2E8-EB96AADFB4B6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0C455B50-B39E-4D11-976E-426B307348DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CB584B4E-64A9-41F8-9A0C-84B24161D110}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BD272B1F-FF4B-4DC1-82EC-D72DF44056FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A8FB6E3-4B2B-4049-99E2-13CFA3D6AF04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E1DEB64A-8538-430C-A5F2-B91792518C17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{242F2FF3-6EDB-47C8-87BD-4E259570A5DE}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{5276CFAA-C505-4EA2-B5B8-4DC083B0FE68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5AC5BCC3-A9FA-44FE-9636-0F2A420BA064}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96214836-C86A-4DB0-9292-62BA1E96CF70}] => (Allow) H:\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{A7E1813E-0370-438F-860E-42107A03E1FB}] => (Allow) H:\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{C788AEFD-701E-42C1-A2EE-7CCB219B7347}H:\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) H:\games\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{3A53EE52-9EFF-4CE4-B912-F312CE62BB3D}H:\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) H:\games\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{2DCC3097-C984-457D-BE98-950AA5A1EC05}] => (Allow) C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{425524DE-7E8F-4683-B8D6-F949BF7DFAA3}] => (Allow) C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5648356F-177F-4FE9-A179-ABD417932271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{94527A04-4FFF-4717-9452-B0898144B07E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{C9291086-F5C8-422A-B574-4BC7D0AA2CF1}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [UDP Query User{A2B0C58B-3DF8-418F-BB63-B8AD4C2754BA}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [{0CB355FD-4D59-4A35-97AC-D93F6DD4C80E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{7AF5EADA-AE76-4047-8043-550BE0BC2DF9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{ED2C55DD-11F9-45F1-8B33-61008B3F2BB3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{62DE38FD-1F12-4FB4-943B-D9076CABB258}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{E1249C94-8788-499A-849E-6D65664860FA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [{C752835E-EC23-4ACF-B4CF-573AC6D6E7CC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{3CCAD754-24A6-43C9-99CA-761018EA2362}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{2D400924-6D9A-4144-9D1D-5CC460880B53}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{6C565B5F-4012-4FFE-8F82-0B11344BD35B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{838F52F0-851B-49C6-A87F-FD63308BEC21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B52C1B1E-EABB-4E9C-990F-BB3739559D94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{11FF5190-5EA1-4630-9CC5-8387C802F87E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{12F3C322-1F08-4847-85A0-41CF8F2EC38E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5882E4BA-407F-430A-9F8C-E4CD2D9D0F6A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{8129A325-AA81-4969-8652-C996723A94C0}H:\fivem.exe] => (Allow) H:\fivem.exe
FirewallRules: [UDP Query User{A15CDCFC-6215-4D6A-AA50-94206B35FCD5}H:\fivem.exe] => (Allow) H:\fivem.exe
FirewallRules: [{4DD36DD7-7C4B-457E-8330-B54797540AE9}] => (Allow) H:\GTA 5\GTA5.exe
FirewallRules: [{A7FE484B-3705-4B8C-A03A-6DADBFB0EAD8}] => (Allow) H:\GTA 5\GTA5.exe
FirewallRules: [{9652CF50-EDC1-439B-ADF9-2D2F3B57F8DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3117A1AE-FADC-426E-A189-40CEE732598B}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{261B9655-D83F-46E8-9E04-3EF8E5F4FC51}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Block) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
FirewallRules: [UDP Query User{417C0393-E35C-4F6F-912E-89E212FA69FA}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Block) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AMD Radeon™ R7 Graphics
Description: AMD Radeon™ R7 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2018 04:54:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 02:55:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (03/08/2018 04:04:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/08/2018 03:59:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/08/2018 03:59:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/08/2018 03:59:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/08/2018 03:59:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/08/2018 03:59:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/08/2018 03:59:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/08/2018 03:59:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
 
Date: 2018-03-08 15:50:48.876
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-05 21:29:18.347
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-05 19:57:42.738
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-05 19:11:33.158
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-05 18:33:06.465
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-05 18:29:08.456
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-05 18:25:07.103
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-05 12:29:38.507
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 35%
Total physical RAM: 7113.88 MB
Available physical RAM: 4586.79 MB
Total Virtual: 17472.25 MB
Available Virtual: 14782.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:929.72 GB) (Free:721.87 GB) NTFS
Drive e: () (Fixed) (Total:464.8 GB) (Free:447.33 GB) NTFS
Drive f: (Apr 14 2017) (CDROM) (Total:4.38 GB) (Free:4.19 GB) UDF
Drive g: () (Removable) (Total:57.83 GB) (Free:57.82 GB) FAT32
Drive h: (New Volume) (Fixed) (Total:111.79 GB) (Free:1.4 GB) NTFS
 
\\?\Volume{da4b2d60-851d-01d3-b092-25ed8ec2e900}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{002ddf51-8450-5799-21c5-db75a2be5b00}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{22f0e93f-394c-489f-9c8e-7b0adf3dc1a3}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{9e4cac2b-36d5-440a-b3ea-545998dcceec}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E3B0859A)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0EBB4066)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0EBB4067)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Protective MBR) (Size: 57.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by morgan (administrator) on MORGAN (08-03-2018 16:26:48)
Running from G:\
Loaded Profiles: morgan (Available Profiles: morgan)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\sedzhcgsvc.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\morgan\AppData\Local\spsltbz\spsltbz.exe
(Discord Inc.) C:\Users\morgan\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\morgan\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\morgan\AppData\Local\spsltbz\dtspibx.exe
() C:\Users\morgan\AppData\Local\spsltbz\dtspibx.exe
() C:\Users\morgan\AppData\Local\spsltbz\dtspibx.exe
() C:\Users\morgan\AppData\Local\spsltbz\dtspibx.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-05-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5371168 2016-03-10] (IObit)
HKLM-x32\...\Run: [Razer Synapse] => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [uTorrent] => C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [dergda] => rundll32.exe "C:\Users\morgan\AppData\Local\dergda.dll",dergda <==== ATTENTION
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [KV8#QxDWNk.exe] => C:\Program Files\AutoHotkey\MNEXCFR7\KV8#QxDWNk.exe 
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [zh-CN.exe] => C:\Users\morgan\AppData\Local\Programs\Python\Python35-32\Lib\site-packages\pip\_vendor\requests\packages\urllib3\contrib\__pycache__\zh-CN.exe
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{65C922A1-52FF-4633-97FF-25836D1726CE}: [NameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{D77363BB-20CC-4A45-906B-4C88E14B088D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-589677986-2538330077-3668394710-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-20] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-20] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-05-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN16853915362860424&ctid=CT3239904&SearchSource=48&UP=SP9D9F0A20-84AE-4AA7-8C64-3EAE71AB52EE&SSPV=","hxxp://mysearch.avg.com/?cid={268C413E-A123-4A82-99B5-99F1D4021BB7}&mid=184d96c1facf47d39dced1544ff9e682-116d67ddb87ec26000e2953980c0443c1a68e5e2&lang=en&ds=oc011&pr=sa&d=2013-05-24%2015:59:47&v=15.2.0.5&pid=safeguard&sg=1&sap=hp","hxxp://mysearch.avg.com/?cid={268C413E-A123-4A82-99B5-99F1D4021BB7}&mid=184d96c1facf47d39dced1544ff9e682-116d67ddb87ec26000e2953980c0443c1a68e5e2&lang=en&ds=oc011&pr=sa&d=2013-05-24%2015:59:47&v=15.3.0.11&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9D9F0A20-84AE-4AA7-8C64-3EAE71AB52EE&SSPV=","hxxp://search.conduit.com/?CUI=UN16853915362860424&ctid=CT3239904&SearchSource=48&UP=SP9D9F0A20-84AE-4AA7-8C64-3EAE71AB52EE&SSPV=","hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131147,20033,0,25,0","hxxp://mysearch.avg.com?cid={BD2AFBDE-F89E-45A7-BE55-6D384E5CAD21}&mid=e0599db3923b47d29ddd78fcf63801e7-116d67ddb87ec26000e2953980c0443c1a68e5e2&lang=en&ds=is015&coid=avgtbdisis&cmpid=&pr=sa&d=2014-02-22 17:21:01&v=17.3.1.91&pid=safeguard&sg=&sap=hp","hxxps://www.google.com/"
CHR Profile: C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default [2018-03-08]
CHR Extension: (BetterTTV) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-19]
CHR Extension: (Docs) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (YouTube) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
CHR Extension: (Pandora) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2018-03-05]
CHR Extension: (AdBlock) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-02]
CHR Extension: (Core) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2018-03-05]
CHR Extension: (Deluminate) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2017-11-13]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2018-03-08]
CHR Extension: (Grammarly for Chrome) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-05]
CHR Extension: (Substital) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkbiiikppgjdiebcabomlbidfodipjg [2017-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (ScriptSafe) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-12-12]
CHR Extension: (Chrome Media Router) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR Extension: (Enhancer for YouTube™) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-02-24]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\wgisp <==== ATTENTION (Rootkit!)
 
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-19] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-21] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-21] (BlueStack Systems, Inc.)
S2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1576736 2016-03-10] (IObit)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
S3 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-27] (Plays.tv, LLC)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware) [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-03-22] (Microsoft Corporation)
S2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [9342976 2018-01-29] () [File not signed] <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-03-22] (Microsoft Corporation)
S4 AdvancedSystemCareService11; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S2 Razer Chroma SDK Server; "C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe" [X]
S2 Razer Chroma SDK Service; "C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe" [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 a891916cceffd1007867bb40142521d1; C:\WINDOWS\system32\drivers\a891916cceffd1007867bb40142521d1.sys [88008 2018-03-05] ()
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2017-08-18] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-09-13] (Bluestack System Inc. )
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-03-05] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [22208 2015-12-22] (IObit)
R2 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [155912 2014-10-22] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-28] (REALiX™)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2016-12-21] (IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [21872 2017-09-28] (IObit.com)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-08-31] (Razer Inc)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-03-22] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-03-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-03-22] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 cpuz138; \??\C:\Users\morgan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
R3 losvyb; system32\drivers\svybfi.sys [X]
S2 rzpmgrk; \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-08 16:26 - 2018-03-08 16:26 - 000000000 ____D C:\FRST
2018-03-08 15:59 - 2018-03-08 16:23 - 000000000 ____D C:\Users\morgan\AppData\Local\dtdceok
2018-03-08 15:56 - 2018-03-08 15:56 - 000000000 ____D C:\Users\morgan\AppData\Local\condhmv
2018-03-08 15:51 - 2018-03-08 15:51 - 000262144 _____ C:\WINDOWS\Minidump\030818-133859-01.dmp
2018-03-08 15:49 - 2018-03-08 15:49 - 020709376 ____N C:\WINDOWS\system32\config\SYSTEM
2018-03-05 21:43 - 2018-03-05 21:43 - 000000000 ____D C:\ProgramData\Razer
2018-03-05 21:39 - 2018-03-05 21:39 - 026194416 _____ (Razer USA Ltd) C:\Users\morgan\Downloads\Razer_Synapse_Installer_v2.21.00.830.exe
2018-03-05 21:39 - 2018-03-05 21:39 - 000000000 ____D C:\Program Files (x86)\PKGInstaller
2018-03-05 21:32 - 2018-03-05 21:32 - 000000000 ____D C:\Users\morgan\AppData\Local\snnzmlk
2018-03-05 21:29 - 2018-03-08 15:50 - 657871185 _____ C:\WINDOWS\MEMORY.DMP
2018-03-05 21:29 - 2018-03-05 21:30 - 000281104 _____ C:\WINDOWS\Minidump\030518-114859-01.dmp
2018-03-05 21:27 - 2018-03-05 21:27 - 020709376 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-05 21:16 - 2018-03-05 21:16 - 000000000 ____D C:\Users\morgan\AppData\Local\resghcu
2018-03-05 19:58 - 2018-03-05 19:58 - 000281104 _____ C:\WINDOWS\Minidump\030518-120359-01.dmp
2018-03-05 19:20 - 2018-03-05 19:20 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-05 19:20 - 2018-03-05 19:20 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-05 19:20 - 2018-03-05 19:20 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-05 19:20 - 2018-03-05 19:20 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-05 19:19 - 2018-03-05 19:19 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-05 19:19 - 2018-03-05 19:19 - 000001851 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-05 19:19 - 2018-03-05 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-05 19:19 - 2018-03-05 19:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-05 19:19 - 2018-03-05 19:19 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-05 19:19 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-05 19:18 - 2018-03-05 19:18 - 000002884 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (morgan)
2018-03-05 19:17 - 2018-03-05 19:19 - 068206640 _____ (Malwarebytes ) C:\Users\morgan\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4210.exe
2018-03-05 19:14 - 2018-03-08 15:55 - 000026192 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-03-05 19:14 - 2018-03-05 19:14 - 000000000 ____D C:\Users\morgan\AppData\Local\scmirea
2018-03-05 19:09 - 2018-03-05 19:09 - 000145232 ____N C:\WINDOWS\system32\Drivers\cwacfips.sys
2018-03-05 19:05 - 2018-03-05 19:05 - 000000000 ____D C:\Users\morgan\AppData\Local\ElevatedDiagnostics
2018-03-05 18:40 - 2018-03-05 18:40 - 000000000 ____D C:\Users\morgan\AppData\Local\sihlbkt
2018-03-05 18:36 - 2018-03-05 18:36 - 000000000 ____D C:\Users\morgan\AppData\Local\mbnwdrk
2018-03-05 18:18 - 2018-03-05 18:18 - 000000007 _____ C:\Users\morgan\Downloads\sedzhcgsvc.exe
2018-03-05 18:11 - 2018-03-05 18:23 - 023261071 _____ C:\Users\morgan\Downloads\zGuild+of+Heroes+fantasy+RPG_v1.60.3MOD.apk.crdownload
2018-03-05 18:11 - 2018-03-05 18:12 - 114636512 _____ (Microsoft Corporation) C:\Users\morgan\Downloads\msert.exe
2018-03-05 18:07 - 2018-03-05 18:07 - 000000011 _____ C:\WINDOWS\SysWOW64\sedzhcgsvc.exe
2018-03-05 17:23 - 2018-03-08 16:26 - 000000000 ____D C:\Users\morgan\AppData\Local\spsltbz
2018-03-05 17:23 - 2018-03-05 19:53 - 000000000 ____D C:\Users\morgan\AppData\Local\4093deda608544c58dd7107d22314436
2018-03-05 17:23 - 2018-03-05 17:23 - 000000000 ____D C:\Users\morgan\AppData\Local\snklvrm
2018-03-05 17:22 - 2018-03-05 17:22 - 000003602 _____ C:\WINDOWS\System32\Tasks\{AE037B03-827F-402D-AAB3-5EF6509E218F}
2018-03-05 17:22 - 2018-03-05 17:22 - 000003422 _____ C:\WINDOWS\System32\Tasks\{6736D612-52E8-45CA-BB5C-F759C9C0A3C4}
2018-03-05 17:22 - 2018-03-05 17:22 - 000000003 _____ C:\Users\morgan\AppData\Local\wbem.ini
2018-03-05 17:21 - 2018-03-08 15:49 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sedzhcgsvc.exe
2018-03-05 17:21 - 2018-03-05 19:53 - 000000000 ____D C:\Program Files (x86)\ecece
2018-03-05 17:21 - 2018-03-05 19:13 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-05 17:21 - 2018-03-05 17:27 - 007983104 _____ (Softplicity Inc.) C:\ProgramData\AudioConverter.exe
2018-03-05 17:21 - 2018-03-05 17:21 - 000012800 _____ C:\Users\morgan\AppData\Local\dergda.dll
2018-03-05 17:21 - 2018-03-05 17:21 - 000003072 _____ C:\Users\morgan\AppData\Local\removeHN.exe
2018-03-05 17:21 - 2018-03-05 17:21 - 000000000 ____D C:\WINDOWS\SysWOW64\cgrbhli
2018-03-05 17:21 - 2018-03-05 17:21 - 000000000 ____D C:\WINDOWS\system32\cgrbhli
2018-03-05 17:21 - 2018-03-05 17:21 - 000000000 ____D C:\Users\morgan\AppData\Roaming\et
2018-03-05 16:53 - 2018-03-05 16:54 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-03-05 16:53 - 2018-03-05 16:53 - 000001865 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-03-05 16:53 - 2018-03-05 16:53 - 000001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-03-05 16:52 - 2018-03-05 16:53 - 000000000 ____D C:\Program Files (x86)\Bluestacks
2018-03-05 16:52 - 2018-03-05 16:52 - 000219576 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\HD-Uninstaller_native.exe
2018-03-05 16:52 - 2016-09-21 05:05 - 000000000 ____D C:\ProgramData\Bluestacks
2018-03-05 16:27 - 2018-03-05 16:53 - 000000000 ____D C:\Users\morgan\AppData\Local\Bluestacks
2018-03-05 15:23 - 2018-03-05 16:26 - 321459672 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\BlueStacks2+2.5.55.6279.exe
2018-03-05 04:20 - 2018-03-05 04:20 - 000088008 _____ C:\WINDOWS\system32\Drivers\a891916cceffd1007867bb40142521d1.sys
2018-03-03 17:15 - 2018-03-03 17:15 - 000507256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-03 17:13 - 2018-03-05 19:09 - 101449728 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-03-03 17:13 - 2018-03-05 19:09 - 001572864 _____ C:\WINDOWS\system32\config\DEFAULT
2018-03-03 17:13 - 2018-03-05 19:09 - 000069632 _____ C:\WINDOWS\system32\config\SAM
2018-03-03 17:13 - 2018-03-05 19:09 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2018-03-03 17:13 - 2018-03-03 17:13 - 000000000 ____H C:\asc_rdflag
2018-03-02 19:16 - 2018-03-02 19:16 - 002923520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 002003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 001695744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 001562624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 001115648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-03-02 19:16 - 2018-03-02 19:16 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-03-02 19:16 - 2018-03-02 19:16 - 000393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000276312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-02 19:16 - 2018-03-02 19:16 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcshext.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcshext.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000022824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbldfltr.sys
2018-02-24 22:08 - 2018-02-24 22:08 - 000000000 ____D C:\Users\morgan\Documents\OpenIV
2018-02-24 22:07 - 2018-02-24 22:07 - 000001333 _____ C:\Users\morgan\Desktop\OpenIV.lnk
2018-02-24 22:07 - 2018-02-24 22:07 - 000000000 ____D C:\Users\morgan\AppData\Local\New Technology Studio
2018-02-24 22:06 - 2018-02-24 22:06 - 004555776 _____ (New Technology Studio) C:\Users\morgan\Downloads\ovisetup.exe
2018-02-24 21:54 - 2018-02-24 21:55 - 105180504 _____ C:\Users\morgan\Downloads\22c813-package files with hotfix.rar
2018-02-20 14:15 - 2018-02-20 14:14 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-02-19 20:03 - 2018-02-19 20:03 - 002164224 _____ (cfx-collective) C:\Users\morgan\Downloads\FiveM.exe
2018-02-16 11:48 - 2018-02-10 02:44 - 025740288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-16 11:48 - 2018-02-10 01:19 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-16 11:48 - 2018-02-10 01:16 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-02-16 11:48 - 2018-02-10 01:16 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-02-16 11:48 - 2018-02-10 01:09 - 005782016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-16 11:48 - 2018-02-10 01:06 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-02-16 11:48 - 2018-02-10 01:06 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-16 11:48 - 2018-02-10 00:48 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-16 11:48 - 2018-02-10 00:47 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-02-16 11:48 - 2018-02-10 00:46 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-16 11:48 - 2018-02-10 00:41 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-02-16 11:48 - 2018-02-10 00:36 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-16 11:48 - 2018-02-10 00:36 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-02-16 11:48 - 2018-02-10 00:34 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-02-16 11:48 - 2018-02-10 00:32 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-02-16 11:48 - 2018-02-10 00:27 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-16 11:48 - 2018-02-10 00:20 - 020274176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-16 11:48 - 2018-02-10 00:14 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-16 11:48 - 2018-02-10 00:02 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-16 11:48 - 2018-02-09 23:57 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-02-16 11:48 - 2018-02-09 23:56 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-02-16 11:48 - 2018-02-09 23:54 - 002294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-16 11:48 - 2018-02-09 23:49 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-02-16 11:48 - 2018-02-09 23:49 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 004498944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-16 11:48 - 2018-02-09 23:33 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-16 11:48 - 2018-02-09 23:32 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-02-16 11:48 - 2018-02-09 23:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-02-16 11:48 - 2018-02-09 23:27 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-02-16 11:48 - 2018-02-09 23:27 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-02-16 11:48 - 2018-02-09 23:14 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-16 11:48 - 2018-02-09 23:10 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-16 11:48 - 2018-02-09 23:08 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-02-16 11:48 - 2018-02-03 00:04 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-02-16 11:48 - 2018-02-03 00:03 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-02-16 11:48 - 2018-02-02 17:53 - 007408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-16 11:48 - 2018-02-01 12:51 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-16 11:48 - 2018-01-21 05:54 - 000419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-16 11:48 - 2018-01-12 19:18 - 002452824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-16 11:48 - 2018-01-12 15:42 - 000376664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-16 11:48 - 2018-01-11 12:19 - 000032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-16 11:48 - 2018-01-11 11:56 - 000504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-16 11:48 - 2018-01-11 11:07 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-16 11:48 - 2018-01-09 00:21 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-02-16 11:47 - 2018-01-21 05:09 - 000145080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-16 11:47 - 2018-01-21 00:13 - 001994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-16 11:47 - 2018-01-21 00:13 - 001569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-08 14:20 - 2018-02-08 14:20 - 000000222 _____ C:\Users\morgan\Desktop\SOS.url
2018-02-08 12:39 - 2018-02-05 14:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-08 12:39 - 2018-02-05 14:38 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 20:45 - 2018-02-07 20:45 - 000107575 _____ C:\Users\morgan\Downloads\CooldownCount.zip
2018-02-07 20:44 - 2018-02-07 20:44 - 000867840 _____ C:\Users\morgan\Downloads\Cartographer.zip
2018-02-07 20:44 - 2018-02-07 20:44 - 000661349 _____ C:\Users\morgan\Downloads\Gatherer.zip
2018-02-07 20:39 - 2018-02-07 20:39 - 000008593 _____ C:\Users\morgan\Downloads\oGlow.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-08 16:00 - 2016-04-28 14:25 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-589677986-2538330077-3668394710-1001
2018-03-08 15:51 - 2016-12-12 22:47 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-08 15:51 - 2013-08-22 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-05 21:43 - 2016-08-15 21:37 - 000000000 ____D C:\Users\morgan\AppData\Local\Battle.net
2018-03-05 21:33 - 2016-08-15 21:29 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-05 21:16 - 2016-04-29 23:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-05 21:15 - 2016-04-30 07:54 - 000000000 ____D C:\Users\morgan
2018-03-05 19:53 - 2016-07-11 19:05 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1
2018-03-05 19:53 - 2016-04-28 14:29 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2018-03-05 19:09 - 2016-05-20 09:54 - 000000000 ____D C:\WINDOWS\pss
2018-03-05 18:38 - 2016-04-28 14:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-05 18:21 - 2016-05-26 23:28 - 000000000 ____D C:\Users\morgan\Desktop\topkek
2018-03-05 17:34 - 2017-11-08 00:34 - 000000000 ____D C:\Users\morgan\AppData\Roaming\uTorrent
2018-03-05 17:26 - 2017-03-31 02:19 - 000000000 ____D C:\Program Files\AutoHotkey
2018-03-05 17:23 - 2017-11-28 13:43 - 000000000 ____D C:\Program Files\HyperCam 2
2018-03-05 17:19 - 2016-11-30 22:46 - 000000000 ____D C:\Users\morgan\AppData\Roaming\Notepad++
2018-03-05 16:53 - 2013-08-22 09:36 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-05 12:45 - 2016-04-28 15:15 - 000000000 ____D C:\ProgramData\ProductData
2018-03-03 18:55 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\rescache
2018-03-03 17:31 - 2016-04-30 09:42 - 000000000 ____D C:\Users\morgan\AppData\Roaming\discord
2018-03-03 17:18 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\Inf
2018-03-03 17:15 - 2013-08-22 09:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-03-03 17:13 - 2016-11-14 12:08 - 101228544 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2018-03-03 17:13 - 2016-11-14 12:08 - 001511424 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2018-03-03 17:13 - 2016-11-14 12:08 - 000069632 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2018-03-03 17:13 - 2016-11-14 12:08 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2018-03-02 19:16 - 2012-07-26 01:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-02 19:08 - 2017-06-30 20:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 16:52 - 2016-08-04 03:58 - 000000000 ____D C:\Users\morgan\AppData\Roaming\TS3Client
2018-02-28 20:14 - 2018-01-04 02:30 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-02-26 20:57 - 2016-04-28 14:34 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-26 20:57 - 2016-04-28 14:34 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 22:36 - 2016-06-25 04:29 - 000000000 ____D C:\Users\morgan\AppData\Roaming\GamingOnSteroids
2018-02-22 03:43 - 2016-05-01 00:06 - 000000000 ____D C:\Users\morgan\AppData\Roaming\vlc
2018-02-20 14:20 - 2017-08-22 18:16 - 000000000 ____D C:\ProgramData\Oracle
2018-02-20 14:15 - 2017-10-27 13:19 - 000000000 ____D C:\Program Files\Java
2018-02-20 14:15 - 2017-08-23 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-02-20 00:05 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-02-17 02:24 - 2016-04-30 12:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-16 11:57 - 2016-04-28 21:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-16 11:50 - 2017-11-08 04:15 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-16 11:50 - 2016-04-28 21:39 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-14 13:07 - 2016-04-28 15:15 - 000000000 ____D C:\ProgramData\IObit
2018-02-12 19:22 - 2017-06-07 20:58 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3
2018-02-12 19:22 - 2017-05-27 20:23 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3 Launcher
2018-02-11 16:22 - 2017-11-03 00:47 - 000000000 ____D C:\Users\morgan\AppData\Local\DigitalEntitlements
2018-02-06 23:47 - 2018-01-04 04:09 - 000000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2018-02-06 14:33 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-06 14:33 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\AppReadiness
 
==================== Files in the root of some directories =======
 
2018-03-05 17:21 - 2018-03-05 17:27 - 007983104 _____ (Softplicity Inc.) C:\ProgramData\AudioConverter.exe
1623-04-04 11:37 - 1623-04-04 11:37 - 000059904 ____N (Microsoft Corporation) C:\Users\morgan\IuViyGLYEeay.exe
2017-11-07 02:50 - 2017-11-07 02:50 - 000000127 _____ () C:\Users\morgan\AppData\Roaming\2xdsoft_overlayxhair.settings
2016-12-27 15:16 - 2016-12-27 18:09 - 015454208 _____ () C:\Users\morgan\AppData\Roaming\Sandra.mdb
1623-04-04 11:37 - 1623-04-04 11:37 - 000197120 ____N (Microsoft Corporation) C:\Users\morgan\AppData\Roaming\ZuEC.exe
2018-03-05 17:21 - 2018-03-05 17:21 - 000012800 _____ () C:\Users\morgan\AppData\Local\dergda.dll
2018-03-05 17:21 - 2018-03-05 17:21 - 000003072 _____ () C:\Users\morgan\AppData\Local\removeHN.exe
2016-05-08 13:54 - 2018-01-03 22:19 - 000007608 _____ () C:\Users\morgan\AppData\Local\Resmon.ResmonCfg
2018-03-05 17:22 - 2018-03-05 17:22 - 000000003 _____ () C:\Users\morgan\AppData\Local\wbem.ini
2017-01-10 22:29 - 2017-01-10 22:29 - 000000000 _____ () C:\Users\morgan\AppData\Local\{1962A4FA-E3F5-44D5-8CD4-9596B4F77469}
 
Some files in TEMP:
====================
2018-03-05 17:21 - 2018-03-05 17:21 - 002200576 _____ (Microsoft Corporation) C:\Users\morgan\AppData\Local\Temp\installer_mi.exe
2018-03-05 17:21 - 2018-03-05 17:21 - 000672084 _____ (                                                            ) C:\Users\morgan\AppData\Local\Temp\setup (2).exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\cwacfips.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-02-26 18:50
 
==================== End of FRST.txt ============================


https://imgur.com/a/IfB8X :\ Every now and then it will use cpu and network.
 
C:\Users\morgan\AppData\Local\dtdceok isn't accessible as well even though I changed permissions/ownership.

Edited by hamluis, 08 March 2018 - 07:31 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 08 March 2018 - 10:29 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

Let me review your logs and will post back with a fix.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 08 March 2018 - 10:34 PM

The computer is infected with a variant of the SmarService Rootkit. Very difficult to remove, but with the right protocol we may be able to do so.

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file Attached File  Fixlist.txt   965bytes   13 downloads and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Environment's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.

Once in the Recovery Environment, on the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:
  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.
Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 zetank

zetank
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 08 March 2018 - 10:49 PM

Okay working on recovery mode scan :)

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 08 March 2018 - 11:24 PM

It is past midnight here. Will check on your progress later in the day.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 zetank

zetank
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 09 March 2018 - 04:03 PM

uploading scans now. still got the svchost virus https://imgur.com/cusbaps

 

-----------------------------recovery------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by SYSTEM on MININT-SN62TUM (09-03-2018 14:20:47)
Running from f:\
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-05-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5371168 2016-03-10] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\morgan\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\morgan\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\morgan\...\Run: [uTorrent] => C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\morgan\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.)
HKU\morgan\...\Run: [dergda] => rundll32.exe "C:\Users\morgan\AppData\Local\dergda.dll",dergda <==== ATTENTION
HKU\morgan\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [3702560 2017-12-14] (IObit)
HKU\morgan\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\morgan\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdvancedSystemCareService11; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe [1664800 2017-12-09] (IObit)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [1990928 2018-01-18] (IObit)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-19] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-21] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-21] (BlueStack Systems, Inc.)
S2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] ()
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1576736 2016-03-10] (IObit)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-23] (INCA Internet Co., Ltd.)
S3 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-27] (Plays.tv, LLC)
S2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [439936 2018-02-26] (Razer Inc.)
S2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2018-02-26] (Razer Inc.)
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-11] (Razer Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [280304 2018-02-14] ()
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2018-01-24] (Razer Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-03-22] (Microsoft Corporation)
S2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [9342976 2018-01-29] () <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-03-22] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 a891916cceffd1007867bb40142521d1; C:\WINDOWS\system32\drivers\a891916cceffd1007867bb40142521d1.sys [88008 2018-03-05] ()
S2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2017-08-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-08] (Advanced Micro Devices)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-09-13] (Bluestack System Inc. )
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-03-08] (CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [22208 2015-12-22] (IObit)
S2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [183576 2016-10-27] (BitDefender LLC)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-28] (REALiX™)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys [14680 2016-12-21] (IObit)
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
S3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [21872 2017-09-28] (IObit.com)
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [46056 2017-12-21] (Razer Inc)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 RzDev_021e; C:\Windows\System32\drivers\RzDev_021e.sys [47592 2018-01-23] (Razer Inc)
S3 RzDev_0C00; C:\Windows\System32\drivers\RzDev_0C00.sys [47592 2018-01-23] (Razer Inc)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-08-31] (Razer Inc)
S2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-11-02] (BitDefender S.R.L.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-03-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-03-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-03-22] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 cpuz138; \??\C:\Users\morgan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-08 22:41 - 2016-11-02 17:11 - 000520032 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2018-03-08 22:37 - 2018-03-08 22:37 - 000507256 _____ C:\Windows\System32\FNTCACHE.DAT
2018-03-08 22:35 - 2018-03-08 22:35 - 101249024 _____ C:\Windows\System32\config\SOFTWARE
2018-03-08 22:35 - 2018-03-08 22:35 - 001536000 _____ C:\Windows\System32\config\DEFAULT
2018-03-08 22:35 - 2018-03-08 22:35 - 000069632 _____ C:\Windows\System32\config\SAM
2018-03-08 22:35 - 2018-03-08 22:35 - 000028672 _____ C:\Windows\System32\config\SECURITY
2018-03-08 22:34 - 2018-03-08 22:34 - 000000000 ____H C:\asc_rdflag
2018-03-08 22:25 - 2015-12-23 16:34 - 000034080 _____ (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2018-03-08 22:22 - 2016-10-27 11:54 - 000183576 _____ (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2018-03-08 22:19 - 2018-03-08 22:59 - 000002397 _____ C:\Users\Public\Desktop\Advanced SystemCare Ultimate 11.lnk
2018-03-08 22:19 - 2018-03-08 22:19 - 000003070 _____ C:\Windows\System32\Tasks\ASCU_ASCTray_Auto
2018-03-08 22:19 - 2018-03-08 22:19 - 000003034 _____ C:\Windows\System32\Tasks\ASCU11_PerformanceMonitor
2018-03-08 22:19 - 2018-03-08 22:19 - 000002834 _____ C:\Windows\System32\Tasks\ASCU11_SkipUac_morgan
2018-03-08 22:19 - 2018-03-08 22:19 - 000000000 ____D C:\ProgramData\{7F40DE3E-8294-4E24-B2EA-80F6C6BB173C}
2018-03-08 22:17 - 2018-03-08 22:18 - 090458280 _____ (IObit ) C:\Users\morgan\Downloads\asc-ultimate-setup.exe
2018-03-08 22:13 - 2018-03-08 22:13 - 000002884 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (morgan)
2018-03-08 22:10 - 2018-03-08 22:10 - 000001591 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-03-08 22:10 - 2018-03-08 22:10 - 000000000 ____D C:\Users\morgan\AppData\Roaming\Synapse3
2018-03-08 22:10 - 2018-03-08 22:10 - 000000000 ____D C:\temp
2018-03-08 22:06 - 2018-03-08 22:06 - 000000000 ____D C:\Program Files\Razer Chroma SDK
2018-03-08 22:06 - 2018-03-08 22:06 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2018-03-08 22:02 - 2018-03-08 22:02 - 004197032 _____ C:\Users\morgan\Downloads\RazerSynapseInstaller_DT_V1.0.67.89.exe
2018-03-08 20:30 - 2018-03-08 20:30 - 000000000 ____D C:\Users\morgan\AppData\Local\mbmxnkt
2018-03-08 20:20 - 2018-03-08 20:20 - 000000000 ____D C:\Users\morgan\AppData\Local\auickze
2018-03-08 20:15 - 2018-03-08 20:15 - 000000000 ____D C:\Users\morgan\AppData\Local\pwctesx
2018-03-08 20:08 - 2018-03-08 20:08 - 000000000 ____D C:\Users\morgan\AppData\Local\nirdtuk
2018-03-08 20:06 - 2018-03-08 22:09 - 000000000 ____D C:\Program Files (x86)\Razer
2018-03-08 20:05 - 2018-03-08 20:06 - 000281104 _____ C:\Windows\Minidump\030818-122046-01.dmp
2018-03-08 19:59 - 2018-03-08 19:59 - 000000965 _____ C:\Users\morgan\Downloads\c32dedfb-286c-4126-917c-3980cbe4b314.tmp
2018-03-08 19:55 - 2018-03-08 19:55 - 000000965 _____ C:\Users\morgan\Downloads\Fixlist (1).txt
2018-03-08 19:51 - 2018-03-08 19:51 - 000000000 ____D C:\Users\morgan\AppData\Local\siozgxm
2018-03-08 14:26 - 2018-02-01 09:58 - 000000000 ____D C:\FRST
2018-03-08 13:51 - 2018-03-08 13:51 - 000262144 _____ C:\Windows\Minidump\030818-133859-01.dmp
2018-03-08 13:50 - 2018-03-08 20:05 - 673784145 _____ C:\Windows\MEMORY.DMP
2018-03-05 19:43 - 2018-03-08 22:18 - 000000000 ____D C:\ProgramData\Razer
2018-03-05 19:39 - 2018-03-05 19:39 - 026194416 _____ (Razer USA Ltd) C:\Users\morgan\Downloads\Razer_Synapse_Installer_v2.21.00.830.exe
2018-03-05 19:32 - 2018-03-05 19:32 - 000000000 ____D C:\Users\morgan\AppData\Local\snnzmlk
2018-03-05 19:29 - 2018-03-05 19:30 - 000281104 _____ C:\Windows\Minidump\030518-114859-01.dmp
2018-03-05 19:16 - 2018-03-05 19:16 - 000000000 ____D C:\Users\morgan\AppData\Local\resghcu
2018-03-05 17:58 - 2018-03-05 17:58 - 000281104 _____ C:\Windows\Minidump\030518-120359-01.dmp
2018-03-05 17:20 - 2018-03-05 17:20 - 000193968 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-03-05 17:20 - 2018-03-05 17:20 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-03-05 17:20 - 2018-03-05 17:20 - 000094144 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-03-05 17:20 - 2018-03-05 17:20 - 000046008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-03-05 17:19 - 2018-03-05 17:19 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-03-05 17:19 - 2018-03-05 17:19 - 000001851 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-05 17:19 - 2018-03-05 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-05 17:19 - 2018-03-05 17:19 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-05 17:19 - 2017-11-29 07:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-03-05 17:17 - 2018-03-05 17:19 - 068206640 _____ (Malwarebytes ) C:\Users\morgan\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4210.exe
2018-03-05 17:14 - 2018-03-08 22:39 - 000026192 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-03-05 17:14 - 2018-03-05 17:14 - 000000000 ____D C:\Users\morgan\AppData\Local\scmirea
2018-03-05 17:05 - 2018-03-05 17:05 - 000000000 ____D C:\Users\morgan\AppData\Local\ElevatedDiagnostics
2018-03-05 16:11 - 2018-03-05 16:23 - 023261071 _____ C:\Users\morgan\Downloads\zGuild+of+Heroes+fantasy+RPG_v1.60.3MOD.apk.crdownload
2018-03-05 16:11 - 2018-03-05 16:12 - 114636512 _____ (Microsoft Corporation) C:\Users\morgan\Downloads\msert.exe
2018-03-05 15:23 - 2018-03-05 17:53 - 000000000 ____D C:\Users\morgan\AppData\Local\4093deda608544c58dd7107d22314436
2018-03-05 15:22 - 2018-03-05 15:22 - 000003602 _____ C:\Windows\System32\Tasks\{AE037B03-827F-402D-AAB3-5EF6509E218F}
2018-03-05 15:22 - 2018-03-05 15:22 - 000003422 _____ C:\Windows\System32\Tasks\{6736D612-52E8-45CA-BB5C-F759C9C0A3C4}
2018-03-05 15:22 - 2018-03-05 15:22 - 000000003 _____ C:\Users\morgan\AppData\Local\wbem.ini
2018-03-05 15:21 - 2018-03-05 17:13 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-05 15:21 - 2018-03-05 15:27 - 007983104 _____ (Softplicity Inc.) C:\ProgramData\AudioConverter.exe
2018-03-05 15:21 - 2018-03-05 15:21 - 000012800 _____ C:\Users\morgan\AppData\Local\dergda.dll
2018-03-05 15:21 - 2018-03-05 15:21 - 000003072 _____ C:\Users\morgan\AppData\Local\removeHN.exe
2018-03-05 14:53 - 2018-03-05 14:54 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-03-05 14:53 - 2018-03-05 14:53 - 000001865 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-03-05 14:52 - 2018-03-05 14:53 - 000000000 ____D C:\Program Files (x86)\Bluestacks
2018-03-05 14:52 - 2018-03-05 14:52 - 000219576 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\HD-Uninstaller_native.exe
2018-03-05 14:52 - 2016-09-21 03:05 - 000000000 ____D C:\ProgramData\Bluestacks
2018-03-05 14:27 - 2018-03-05 14:53 - 000000000 ____D C:\Users\morgan\AppData\Local\Bluestacks
2018-03-05 13:23 - 2018-03-05 14:26 - 321459672 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\BlueStacks2+2.5.55.6279.exe
2018-03-05 02:20 - 2018-03-05 02:20 - 000088008 _____ C:\Windows\System32\Drivers\a891916cceffd1007867bb40142521d1.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 002923520 _____ (Microsoft Corporation) C:\Windows\System32\mmcndmgr.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 002364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 002003456 _____ (Microsoft Corporation) C:\Windows\System32\mmc.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 001695744 _____ (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 001562624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 001292288 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 001115648 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 001096192 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 000826368 _____ (Microsoft Corporation) C:\Windows\System32\pmcsnap.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000559616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 000538624 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000477696 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000401408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 000393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000350208 _____ (Microsoft Corporation) C:\Windows\System32\mmcbase.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000309760 _____ (Microsoft Corporation) C:\Windows\System32\compstui.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000276312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 000260096 _____ (Microsoft Corporation) C:\Windows\System32\ppcsnap.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000221184 _____ (Microsoft Corporation) C:\Windows\System32\prnntfy.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000202752 _____ (Microsoft Corporation) C:\Windows\System32\cic.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\puiapi.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000128000 _____ (Microsoft Corporation) C:\Windows\System32\mmcshext.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000053248 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000022824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbldfltr.sys
2018-02-26 18:30 - 2018-02-26 18:30 - 000121984 _____ (Razer Inc.) C:\Windows\System32\RzChromaSDK64.dll
2018-02-26 18:30 - 2018-02-26 18:30 - 000105088 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
2018-02-24 20:08 - 2018-02-24 20:08 - 000000000 ____D C:\Users\morgan\Documents\OpenIV
2018-02-24 20:07 - 2018-02-24 20:07 - 000001333 _____ C:\Users\morgan\Desktop\OpenIV.lnk
2018-02-24 20:07 - 2018-02-24 20:07 - 000000000 ____D C:\Users\morgan\AppData\Local\New Technology Studio
2018-02-24 20:06 - 2018-02-24 20:06 - 004555776 _____ (New Technology Studio) C:\Users\morgan\Downloads\ovisetup.exe
2018-02-24 19:54 - 2018-02-24 19:55 - 105180504 _____ C:\Users\morgan\Downloads\22c813-package files with hotfix.rar
2018-02-20 12:15 - 2018-02-20 12:14 - 000110144 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2018-02-19 18:03 - 2018-02-19 18:03 - 002164224 _____ (cfx-collective) C:\Users\morgan\Downloads\FiveM.exe
2018-02-16 09:48 - 2018-02-10 00:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-02-16 09:48 - 2018-02-09 23:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-02-16 09:48 - 2018-02-09 23:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2018-02-16 09:48 - 2018-02-09 23:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2018-02-16 09:48 - 2018-02-09 23:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-02-16 09:48 - 2018-02-09 23:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-02-16 09:48 - 2018-02-09 23:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-02-16 09:48 - 2018-02-09 22:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-02-16 09:48 - 2018-02-09 22:47 - 000145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2018-02-16 09:48 - 2018-02-09 22:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2018-02-16 09:48 - 2018-02-09 22:41 - 001033216 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2018-02-16 09:48 - 2018-02-09 22:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-02-16 09:48 - 2018-02-09 22:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-02-16 09:48 - 2018-02-09 22:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-02-16 09:48 - 2018-02-09 22:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-02-16 09:48 - 2018-02-09 22:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-02-16 09:48 - 2018-02-09 22:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-16 09:48 - 2018-02-09 22:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-02-16 09:48 - 2018-02-09 22:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-02-16 09:48 - 2018-02-09 21:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-16 09:48 - 2018-02-09 21:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-16 09:48 - 2018-02-09 21:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-16 09:48 - 2018-02-09 21:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-16 09:48 - 2018-02-09 21:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-16 09:48 - 2018-02-09 21:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-16 09:48 - 2018-02-09 21:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-02-16 09:48 - 2018-02-09 21:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-16 09:48 - 2018-02-09 21:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-16 09:48 - 2018-02-09 21:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-16 09:48 - 2018-02-09 21:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-16 09:48 - 2018-02-09 21:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-16 09:48 - 2018-02-09 21:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-16 09:48 - 2018-02-02 22:04 - 000686592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-02-16 09:48 - 2018-02-02 22:03 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2018-02-16 09:48 - 2018-02-02 15:53 - 007408984 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-02-16 09:48 - 2018-02-01 10:51 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2018-02-16 09:48 - 2018-01-21 03:54 - 000419160 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-02-16 09:48 - 2018-01-12 17:18 - 002452824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-02-16 09:48 - 2018-01-12 13:42 - 000376664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
2018-02-16 09:48 - 2018-01-11 10:19 - 000032384 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-02-16 09:48 - 2018-01-11 09:56 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-16 09:48 - 2018-01-11 09:07 - 000748032 _____ (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2018-02-16 09:48 - 2018-01-08 22:21 - 004168704 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2018-02-16 09:47 - 2018-01-21 03:09 - 000145080 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-02-16 09:47 - 2018-01-20 22:13 - 001994752 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-02-16 09:47 - 2018-01-20 22:13 - 001569280 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000749568 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000654336 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000604672 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000450048 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000378880 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000236544 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-02-08 12:20 - 2018-02-08 12:20 - 000000222 _____ C:\Users\morgan\Desktop\SOS.url
2018-02-08 10:39 - 2018-02-05 12:38 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-08 10:39 - 2018-02-05 12:38 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 18:45 - 2018-02-07 18:45 - 000107575 _____ C:\Users\morgan\Downloads\CooldownCount.zip
2018-02-07 18:44 - 2018-02-07 18:44 - 000867840 _____ C:\Users\morgan\Downloads\Cartographer.zip
2018-02-07 18:44 - 2018-02-07 18:44 - 000661349 _____ C:\Users\morgan\Downloads\Gatherer.zip
2018-02-07 18:39 - 2018-02-07 18:39 - 000008593 _____ C:\Users\morgan\Downloads\oGlow.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-08 23:04 - 2016-04-28 12:25 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-589677986-2538330077-3668394710-1001
2018-03-08 22:53 - 2016-08-15 19:37 - 000000000 ____D C:\Users\morgan\AppData\Local\Battle.net
2018-03-08 22:43 - 2016-08-15 19:29 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-08 22:43 - 2014-11-21 00:43 - 000865068 _____ C:\Windows\System32\PerfStringBackup.INI
2018-03-08 22:43 - 2013-08-22 05:36 - 000000000 ____D C:\Windows\Inf
2018-03-08 22:37 - 2013-08-22 06:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-08 22:35 - 2016-11-18 12:43 - 005898240 _____ C:\Windows\System32\config\DRIVERS.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 101249024 _____ C:\Windows\System32\config\SOFTWARE.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 001536000 _____ C:\Windows\System32\config\DEFAULT.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 000069632 _____ C:\Windows\System32\config\SAM.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 000028672 _____ C:\Windows\System32\config\SECURITY.iodefrag.bak
2018-03-08 22:33 - 2016-04-28 12:49 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-03-08 22:19 - 2016-04-28 13:15 - 000000000 ____D C:\ProgramData\ProductData
2018-03-08 22:09 - 2018-01-04 02:09 - 000000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2018-03-08 22:09 - 2018-01-04 00:30 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-03-08 20:07 - 2016-04-30 05:54 - 000000000 ____D C:\users\morgan
2018-03-08 13:51 - 2016-12-12 20:47 - 000000000 ____D C:\Windows\Minidump
2018-03-05 19:16 - 2016-04-29 21:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-05 17:53 - 2016-07-11 17:05 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1
2018-03-05 17:53 - 2016-04-28 12:29 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2018-03-05 16:21 - 2016-05-26 21:28 - 000000000 ____D C:\Users\morgan\Desktop\topkek
2018-03-05 15:34 - 2017-11-07 22:34 - 000000000 ____D C:\Users\morgan\AppData\Roaming\uTorrent
2018-03-05 15:26 - 2017-03-31 00:19 - 000000000 ____D C:\Program Files\AutoHotkey
2018-03-05 15:23 - 2017-11-28 11:43 - 000000000 ____D C:\Program Files\HyperCam 2
2018-03-05 15:19 - 2016-11-30 20:46 - 000000000 ____D C:\Users\morgan\AppData\Roaming\Notepad++
2018-03-05 14:53 - 2013-08-22 07:36 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-03 16:55 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\rescache
2018-03-03 15:31 - 2016-04-30 07:42 - 000000000 ____D C:\Users\morgan\AppData\Roaming\discord
2018-03-03 15:15 - 2013-08-22 07:36 - 000000000 ___RD C:\Windows\ToastData
2018-03-02 17:16 - 2012-07-25 23:59 - 000000000 ____D C:\Windows\CbsTemp
2018-03-02 17:08 - 2017-06-30 18:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 14:52 - 2016-08-04 01:58 - 000000000 ____D C:\Users\morgan\AppData\Roaming\TS3Client
2018-02-26 18:57 - 2016-04-28 12:34 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 20:36 - 2016-06-25 02:29 - 000000000 ____D C:\Users\morgan\AppData\Roaming\GamingOnSteroids
2018-02-22 01:43 - 2016-04-30 22:06 - 000000000 ____D C:\Users\morgan\AppData\Roaming\vlc
2018-02-20 12:20 - 2017-08-22 16:16 - 000000000 ____D C:\ProgramData\Oracle
2018-02-20 12:15 - 2017-10-27 11:19 - 000000000 ____D C:\Program Files\Java
2018-02-17 00:24 - 2016-04-30 10:33 - 000000000 ____D C:\Windows\System32\appraiser
2018-02-16 09:57 - 2016-04-28 19:39 - 000000000 ____D C:\Windows\System32\MRT
2018-02-16 09:50 - 2017-11-08 02:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-02-16 09:50 - 2016-04-28 19:39 - 130067560 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-02-14 11:07 - 2016-04-28 13:15 - 000000000 ____D C:\ProgramData\IObit
2018-02-12 17:22 - 2017-06-07 18:58 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3
2018-02-12 17:22 - 2017-05-27 18:23 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3 Launcher
2018-02-11 14:22 - 2017-11-02 22:47 - 000000000 ____D C:\Users\morgan\AppData\Local\DigitalEntitlements
 
Some files in TEMP:
====================
2018-03-05 15:21 - 2018-03-05 15:21 - 002200576 _____ (Microsoft Corporation) C:\Users\morgan\AppData\Local\Temp\installer_mi.exe
2018-03-05 15:21 - 2018-03-05 15:21 - 000672084 _____ (                                                            ) C:\Users\morgan\AppData\Local\Temp\setup (2).exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-01-15 08:26] - [2018-01-15 08:26] - 000571392 _____ (Microsoft Corporation) 4294D7AD504EA206A4A03DB29311B6C2
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-01-15 08:26] - [2018-01-15 08:26] - 000817664 _____ (Microsoft Corporation) 2928249E4DD39C2ADD3E74F02427AB8B
 
C:\Windows\System32\dnsapi.dll
[2017-10-10 20:28] - [2017-10-10 20:28] - 000656896 _____ (Microsoft Corporation) 764E397D1664C3CE690AC35D3DD7085A
 
C:\Windows\SysWOW64\dnsapi.dll
[2017-10-10 20:28] - [2017-10-10 20:28] - 000499200 _____ (Microsoft Corporation) 19992FFEC28B2CE8BDFCE1E7F51C4FAF
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 7113.87 MB
Available physical RAM: 6199.94 MB
Total Virtual: 7113.87 MB
Available Virtual: 6236.69 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:929.72 GB) (Free:721.23 GB) NTFS
Drive d: () (Fixed) (Total:464.8 GB) (Free:447.28 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:111.79 GB) (Free:1.36 GB) NTFS
Drive f: (RECOVERY) (Removable) (Total:31.99 GB) (Free:31.56 GB) FAT32
Drive g: (Recovery) (Fixed) (Total:0.59 GB) (Free:0.55 GB) NTFS
Drive h: () (Fixed) (Total:0.75 GB) (Free:0.46 GB) NTFS
Drive i: (Apr 14 2017) (CDROM) (Total:4.38 GB) (Free:4.19 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
\\?\Volume{00170643-d170-db1a-1dd5-d301860c2e00}\ () (Fixed) (Total:0.32 GB) (Free:0.3 GB) FAT32
\\?\Volume{22f0e93f-394c-489f-9c8e-7b0adf3dc1a3}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.26 GB) NTFS
\\?\Volume{0adfb044-7e2c-4f61-b8cf-084cef1aef84}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{9e4cac2b-36d5-440a-b3ea-545998dcceec}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E3B0859A)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0EBB4066)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0EBB4067)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 57.8 GB) (Disk ID: 716BBC27)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
 
LastRegBack: 2018-02-26 16:50
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
-----------------recovery--------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by morgan (01-02-2018 11:58:07)
Running from G:\
Windows 8.1 Pro (Update) (X64) (2016-04-30 14:12:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-589677986-2538330077-3668394710-500 - Administrator - Disabled)
Guest (S-1-5-21-589677986-2538330077-3668394710-501 - Limited - Disabled)
morgan (S-1-5-21-589677986-2538330077-3668394710-1001 - Administrator - Enabled) => C:\Users\morgan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS B15.0630.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B15.0630.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
µTorrent (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
ACP Application (HKLM\...\{0A1ABEEF-037C-D922-08E1-AB1798F320BE}) (Version: 2017.0612.1633.42 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.1.0 - IObit)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte)
Aslain's WoT Modpack version 9.17.1.26 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 9.17.1.26 - Aslain)
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.11.0.631 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.55.6279 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{83D75873-9603-EA5A-948F-A5AEE78082C1}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.1.0 - IObit)
Epic Games Launcher (HKLM-x32\...\{AAA3417F-FEAD-4AF7-9C01-9FAE1BB44E3D}) (Version: 1.1.134.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.0.0.11" - Rockstar Games)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.2.0.11 - IObit)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League client alpha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenIV (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\OpenIV) (Version: 2.9.2.932 - .black/OpenIV Team)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (32-bit) (HKLM-x32\...\{C68BE7C0-355D-49B6-B950-A558FAA17451}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit) (HKLM-x32\...\{7665C66D-78C4-4B30-B4B9-8DD484403532}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (HKLM-x32\...\{2B2FED36-5D63-411A-A8C4-E311D70BCF33}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (HKLM-x32\...\{77EEC303-714C-4290-AF63-5252FDB5D7C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (HKLM-x32\...\{946BBA68-EDC0-4981-83D3-09592B9A84FA}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4F29879C-940D-4599-8CEC-407579F73DF7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (HKLM-x32\...\{65A2F7DA-ACD7-4EC1-8A88-665D535D9CE7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C387DB53-A25F-49E3-8DF7-94F47E5A7921}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (HKLM-x32\...\{FA87440D-634A-4581-AD9C-C6FA859B88DD}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (HKLM-x32\...\{9254A29B-0F60-444C-B5CE-DB7E2505474C}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.47.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
SiSoftware Sandra Lite 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.7.1 - IObit)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Twitcha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\67999eb9a2ff6a10) (Version: 0.7.3.2 - Hamsterface Productions)
twitcha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\twitcha) (Version: 2.1.15 - Joachim Lindstrom)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-4) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-5) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-6) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft Logs Uploader (HKLM-x32\...\{3F14B1F6-AF18-BC9F-400A-3C95435B872D}) (Version: 4.16 - UNKNOWN) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 4.16 - UNKNOWN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2017-06-09] (Ilya Morozov)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-12-23] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {010DCB95-046C-49CD-9A60-F81519C0F448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {010DCB95-046C-49CD-9A60-F81519C0F448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe
Task: {1B92A8DE-E5FF-4C6A-990F-4C7593B34979} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {258A9816-89EF-4B10-805B-4DD683DAA366} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {3BE452B7-76AB-4439-BAC8-1E2668AFDF5A} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe [2017-12-07] (IObit)
Task: {40434AE4-7DBB-4F75-A378-343100F6DB29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {49214252-BC6D-4F10-8795-88680442BF32} - System32\Tasks\{6736D612-52E8-45CA-BB5C-F759C9C0A3C4} => C:\Users\morgan\IuViyGLYEeay.exe [1623-04-04] (Microsoft Corporation)
Task: {5EE0BC46-FEC7-4350-AECD-B5AF7924D776} - System32\Tasks\Driver Booster SkipUAC (morgan) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe [2017-12-11] (IObit)
Task: {6A4AA20A-D83A-490D-B172-63C8AA7EF4D8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {7A5DC740-B314-4C7D-B2DD-8779250D919E} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-10-16] (IObit)
Task: {7F7F994C-08D2-4FC6-8B27-47C2CAC7A585} - System32\Tasks\Uninstaller_SkipUac_morgan => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-12-12] (IObit)
Task: {84644CBE-A512-4E7E-AA0D-FC1949B77B4A} - System32\Tasks\{AE037B03-827F-402D-AAB3-5EF6509E218F} => C:\WINDOWS\OYoRAOSyqVpe.exe [1623-04-04] (Microsoft Corporation)
Task: {85AC2B15-AB51-43A7-B25D-9305B76B3142} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {8BDB6A48-39A0-4472-923C-10F97C1C511D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {8F4B3755-472F-4EA1-850D-580A4B4AE487} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe
Task: {DA70BC7B-FCAB-4477-9EE4-FD4B8A3657FD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {E2C391AB-3E6C-4BF3-98CF-17522822FA73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {E51DEAF0-6663-4C28-8EDD-C39B73D3EB39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {E67DFA32-B0ED-4A82-9988-095182846649} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-06-12] (Advanced Micro Devices, Inc.)
Task: {EEBD9451-B61F-46F4-8148-BEFFD9224C8C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {F7082A13-FDE6-459A-BEF3-139C66C61868} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\morgan\Desktop\runbot.bat.lnk -> C:\Users\morgan\MusicBot\runbot.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-14 14:27 - 2015-04-14 14:27 - 000016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2016-07-23 23:20 - 2016-07-23 23:20 - 000924688 _____ () C:\Program Files\Common Files\ATI Technologies\Multimedia\amf-wic-jpeg-decoder64.dll
2016-07-25 14:07 - 2016-05-24 10:43 - 008909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-27 11:55 - 2016-11-27 11:55 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-07-12 14:17 - 2017-07-12 14:17 - 001244080 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
2017-12-28 16:18 - 2017-10-16 10:14 - 000442144 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madExcept_.bpl
2017-12-28 16:18 - 2017-10-16 10:14 - 000210720 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madBasic_.bpl
2017-12-28 16:18 - 2017-10-16 10:14 - 000059680 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madDisAsm_.bpl
2017-12-28 16:18 - 2016-08-01 10:48 - 000899872 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\webres.dll
2018-03-02 11:09 - 2018-03-02 11:09 - 067966440 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9877\libcef.dll
2018-03-02 11:09 - 2018-03-02 11:09 - 000540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9877\ortp.dll
2018-03-02 11:09 - 2018-03-02 11:09 - 000133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9877\libEGL.dll
2018-03-02 11:09 - 2018-03-02 11:09 - 003384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9877\libGLESv2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2018-03-05 17:22 - 000001692 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 asedownloadgate.com
127.0.0.1 ladomainadeserver.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 www.wizzmonetize.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morgan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\roy9hxq.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "booster"
HKLM\...\StartupApproved\Run32: => "Optimizer.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\StartupFolder: => "Twitcher.lnk"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "DiscordPTB"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "dergda"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "KV8#QxDWNk.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "vOURHF4Usu.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "zh-CN.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{249BF0DD-1A36-4D89-9C5F-AAAF9BFC565B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{124DE36B-5AA2-422C-B001-71F569D0D032}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{DCE49EA6-7C0A-4E54-A67E-84096549BBB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F2802592-2AE6-4C8E-BB58-B63A5AE0A973}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{728F82A9-ADD7-40E0-890F-DBF8EA1B9117}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{42D3FBED-FE9C-498F-8B4E-065365944E71}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F93082E4-5858-4768-BB06-8BA28AC4F064}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D6A60F53-DF96-4DE9-987F-1F7D748F7A71}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8151579B-A6AD-4FE8-B792-1CF781CFB91F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D6EAB96D-FE83-4A07-907F-D465807ECD58}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0D033D69-C816-4C22-A3BC-A83DC13FBCED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D40E6F80-60A2-4596-95E1-411B4745EF15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{8131BA07-58CB-473B-A829-6DFB391191CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{12617BEE-9DC7-4C68-A1F4-9BA280410001}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{320D157C-454A-49FA-B186-2BDC9EE7EAA8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{455C7B2C-0C03-42C7-9B2F-957EC2EAB389}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{24957D8D-B0A0-44AC-9B0D-18EAA0E1081A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{8D3599D3-A5F2-4685-93A1-A391F6E2E38A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{8EC33561-9E0B-42D8-8F00-2FB2D1DD3B92}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{325188CC-1960-4969-AFE1-5CDEA0E8C877}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6D2F36B1-111C-4370-8B6F-E348C1B6AFF3}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{72EA06E4-7432-4D9E-B2E8-EB96AADFB4B6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0C455B50-B39E-4D11-976E-426B307348DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CB584B4E-64A9-41F8-9A0C-84B24161D110}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BD272B1F-FF4B-4DC1-82EC-D72DF44056FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A8FB6E3-4B2B-4049-99E2-13CFA3D6AF04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E1DEB64A-8538-430C-A5F2-B91792518C17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{242F2FF3-6EDB-47C8-87BD-4E259570A5DE}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{5276CFAA-C505-4EA2-B5B8-4DC083B0FE68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5AC5BCC3-A9FA-44FE-9636-0F2A420BA064}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96214836-C86A-4DB0-9292-62BA1E96CF70}] => (Allow) H:\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{A7E1813E-0370-438F-860E-42107A03E1FB}] => (Allow) H:\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{C788AEFD-701E-42C1-A2EE-7CCB219B7347}H:\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) H:\games\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{3A53EE52-9EFF-4CE4-B912-F312CE62BB3D}H:\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) H:\games\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{2DCC3097-C984-457D-BE98-950AA5A1EC05}] => (Allow) C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{425524DE-7E8F-4683-B8D6-F949BF7DFAA3}] => (Allow) C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5648356F-177F-4FE9-A179-ABD417932271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{94527A04-4FFF-4717-9452-B0898144B07E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{C9291086-F5C8-422A-B574-4BC7D0AA2CF1}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [UDP Query User{A2B0C58B-3DF8-418F-BB63-B8AD4C2754BA}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [{0CB355FD-4D59-4A35-97AC-D93F6DD4C80E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{7AF5EADA-AE76-4047-8043-550BE0BC2DF9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{ED2C55DD-11F9-45F1-8B33-61008B3F2BB3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{62DE38FD-1F12-4FB4-943B-D9076CABB258}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{E1249C94-8788-499A-849E-6D65664860FA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [{C752835E-EC23-4ACF-B4CF-573AC6D6E7CC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{3CCAD754-24A6-43C9-99CA-761018EA2362}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{2D400924-6D9A-4144-9D1D-5CC460880B53}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{6C565B5F-4012-4FFE-8F82-0B11344BD35B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{838F52F0-851B-49C6-A87F-FD63308BEC21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B52C1B1E-EABB-4E9C-990F-BB3739559D94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{11FF5190-5EA1-4630-9CC5-8387C802F87E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{12F3C322-1F08-4847-85A0-41CF8F2EC38E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5882E4BA-407F-430A-9F8C-E4CD2D9D0F6A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{8129A325-AA81-4969-8652-C996723A94C0}H:\fivem.exe] => (Allow) H:\fivem.exe
FirewallRules: [UDP Query User{A15CDCFC-6215-4D6A-AA50-94206B35FCD5}H:\fivem.exe] => (Allow) H:\fivem.exe
FirewallRules: [{4DD36DD7-7C4B-457E-8330-B54797540AE9}] => (Allow) H:\GTA 5\GTA5.exe
FirewallRules: [{A7FE484B-3705-4B8C-A03A-6DADBFB0EAD8}] => (Allow) H:\GTA 5\GTA5.exe
FirewallRules: [{9652CF50-EDC1-439B-ADF9-2D2F3B57F8DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3117A1AE-FADC-426E-A189-40CEE732598B}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{261B9655-D83F-46E8-9E04-3EF8E5F4FC51}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Block) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
FirewallRules: [UDP Query User{417C0393-E35C-4F6F-912E-89E212FA69FA}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Block) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AMD Radeon™ R7 Graphics
Description: AMD Radeon™ R7 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2018 11:56:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/08/2018 09:58:56 PM) (Source: MsiInstaller) (EventID: 11704) (User: MORGAN)
Description: Продукт: IC__iPackage -- Ошибка 1704. Установка "IC__iPackage" приостановлена. Для продолжения отмените изменения, сделанные этой установкой. Вы хотите отменить изменения?
 
Error: (03/05/2018 04:54:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (02/01/2018 11:57:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IObit Uninstaller Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2018 11:57:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2018 11:49:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (02/01/2018 11:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Chroma SDK Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/01/2018 11:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Chroma SDK Server service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/01/2018 11:30:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (02/01/2018 11:30:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rzpmgrk service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/01/2018 11:30:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Chroma SDK Service service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
 
Date: 2018-02-01 11:48:57.442
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-01 11:29:44.576
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-01 11:24:23.374
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-01 11:20:00.738
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-08 22:26:18.243
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-08 22:18:28.486
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-08 22:13:19.527
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-08 22:05:26.282
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 18%
Total physical RAM: 7113.87 MB
Available physical RAM: 5804.1 MB
Total Virtual: 16192.22 MB
Available Virtual: 14324.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:929.72 GB) (Free:722.8 GB) NTFS
Drive e: () (Fixed) (Total:464.8 GB) (Free:447.32 GB) NTFS
Drive f: (Apr 14 2017) (CDROM) (Total:4.38 GB) (Free:4.19 GB) UDF
Drive g: (RECOVERY) (Removable) (Total:31.99 GB) (Free:31.56 GB) FAT32
Drive h: (New Volume) (Fixed) (Total:111.79 GB) (Free:1.4 GB) NTFS
 
\\?\Volume{da4b2d60-851d-01d3-b092-25ed8ec2e900}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{002ddf51-8450-5799-21c5-db75a2be5b00}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{22f0e93f-394c-489f-9c8e-7b0adf3dc1a3}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{9e4cac2b-36d5-440a-b3ea-545998dcceec}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E3B0859A)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0EBB4066)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0EBB4067)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 57.8 GB) (Disk ID: 716BBC27)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
the virus is preventing me from opening frst64 in normal mode.

Edited by zetank, 09 March 2018 - 04:09 PM.


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 09 March 2018 - 05:08 PM

You did not include all reports as requested. Follow these steps in Normal Mode.

 

  • Highlight the entire content of the quote box below.

Start::  
HKU\morgan\...\Run: [dergda] => rundll32.exe "C:\Users\morgan\AppData\Local\dergda.dll",dergda <==== ATTENTION
S2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [9342976 2018-01-29] () <==== ATTENTION
C:\Users\morgan\AppData\Local\mbmxnkt
C:\Users\morgan\AppData\Local\auickze
C:\Users\morgan\AppData\Local\pwctesx
C:\Users\morgan\AppData\Local\nirdtuk
C:\Users\morgan\AppData\Local\siozgxm
C:\Users\morgan\AppData\Local\snnzmlk
C:\Users\morgan\AppData\Local\resghcu
C:\Users\morgan\AppData\Local\scmirea
C:\Users\morgan\AppData\Local\dergda.dll
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 zetank

zetank
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 09 March 2018 - 06:04 PM

Yeah I can't run frst64 it closes immediately. I think virus is preventing it from loading.



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 09 March 2018 - 07:42 PM

Lets start this again. We must follow  the right protocol in order to be able to remove the rootkit. Read the instructions.

 

Remove FRST from your USB drive, as well as any fixlist.txt in it.

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file Attached File  Fixlist.txt   568bytes   3 downloads and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Environment's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.

Once in the Recovery Environment, on the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.

Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 zetank

zetank
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 09 March 2018 - 08:36 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by SYSTEM (09-03-2018 19:28:37) Run:2
Running from f:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
HKU\morgan\...\Run: [dergda] => rundll32.exe "C:\Users\morgan\AppData\Local\dergda.dll",dergda <==== ATTENTION
S2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [9342976 2018-01-29] () <==== ATTENTION
C:\Users\morgan\AppData\Local\mbmxnkt
C:\Users\morgan\AppData\Local\auickze
C:\Users\morgan\AppData\Local\pwctesx
C:\Users\morgan\AppData\Local\nirdtuk
C:\Users\morgan\AppData\Local\siozgxm
C:\Users\morgan\AppData\Local\snnzmlk
C:\Users\morgan\AppData\Local\resghcu
C:\Users\morgan\AppData\Local\scmirea
C:\Users\morgan\AppData\Local\dergda.dll
*****************
 
"HKU\morgan\Software\Microsoft\Windows\CurrentVersion\Run\\dergda" => removed successfully
"HKLM\System\ControlSet001\Services\winamgr" => removed successfully
winamgr => service removed successfully
C:\Users\morgan\AppData\Local\mbmxnkt => moved successfully
C:\Users\morgan\AppData\Local\auickze => moved successfully
C:\Users\morgan\AppData\Local\pwctesx => moved successfully
C:\Users\morgan\AppData\Local\nirdtuk => moved successfully
C:\Users\morgan\AppData\Local\siozgxm => moved successfully
C:\Users\morgan\AppData\Local\snnzmlk => moved successfully
C:\Users\morgan\AppData\Local\resghcu => moved successfully
C:\Users\morgan\AppData\Local\scmirea => moved successfully
C:\Users\morgan\AppData\Local\dergda.dll => moved successfully
 
==== End of Fixlog 19:28:37 ====
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by SYSTEM on MININT-0FBD6QE (09-03-2018 19:27:36)
Running from f:\
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-05-06] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\morgan\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\morgan\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\morgan\...\Run: [uTorrent] => C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\morgan\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.)
HKU\morgan\...\Run: [dergda] => rundll32.exe "C:\Users\morgan\AppData\Local\dergda.dll",dergda <==== ATTENTION
HKU\morgan\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\morgan\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-19] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-21] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-21] (BlueStack Systems, Inc.)
S2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] ()
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-23] (INCA Internet Co., Ltd.)
S3 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-27] (Plays.tv, LLC)
S2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [439936 2018-02-26] (Razer Inc.)
S2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2018-02-26] (Razer Inc.)
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-11] (Razer Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [280304 2018-02-14] ()
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2018-01-24] (Razer Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-03-22] (Microsoft Corporation)
S2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [9342976 2018-01-29] () <==== ATTENTION
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-03-22] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 a891916cceffd1007867bb40142521d1; C:\WINDOWS\system32\drivers\a891916cceffd1007867bb40142521d1.sys [88008 2018-03-05] ()
S2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2017-08-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-08] (Advanced Micro Devices)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-09-13] (Bluestack System Inc. )
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-03-09] (CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-28] (REALiX™)
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
S3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [21872 2017-09-28] (IObit.com)
S1 MpKsl1299ba9a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFA9ED99-DC9D-4F36-9D16-BE24A3C6510C}\MpKsl1299ba9a.sys [58120 2018-03-09] ()
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [46056 2017-12-21] (Razer Inc)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 RzDev_021e; C:\Windows\System32\drivers\RzDev_021e.sys [47592 2018-01-23] (Razer Inc)
S3 RzDev_0C00; C:\Windows\System32\drivers\RzDev_0C00.sys [47592 2018-01-23] (Razer Inc)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-08-31] (Razer Inc)
S2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-03-22] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-03-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-03-22] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 cpuz138; \??\C:\Users\morgan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-09 17:26 - 2018-03-09 17:26 - 000000000 _____ C:\Windows\Minidump\030918-124453-01.dmp
2018-03-09 15:15 - 2018-03-09 15:15 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-03-09 15:12 - 2018-01-23 10:58 - 000548000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2018-03-09 12:39 - 2018-03-09 12:39 - 000002884 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (morgan)
2018-03-09 12:27 - 2018-03-09 17:25 - 725053889 _____ C:\Windows\MEMORY.DMP
2018-03-09 12:27 - 2018-03-09 12:27 - 000281216 _____ C:\Windows\Minidump\030918-112171-01.dmp
2018-03-08 22:37 - 2018-03-08 22:37 - 000507256 _____ C:\Windows\System32\FNTCACHE.DAT
2018-03-08 22:35 - 2018-03-09 14:21 - 101249024 _____ C:\Windows\System32\config\SOFTWARE
2018-03-08 22:35 - 2018-03-08 22:35 - 001536000 _____ C:\Windows\System32\config\DEFAULT
2018-03-08 22:35 - 2018-03-08 22:35 - 000069632 _____ C:\Windows\System32\config\SAM
2018-03-08 22:35 - 2018-03-08 22:35 - 000028672 _____ C:\Windows\System32\config\SECURITY
2018-03-08 22:34 - 2018-03-08 22:34 - 000000000 ____H C:\asc_rdflag
2018-03-08 22:25 - 2015-12-23 16:34 - 000034080 _____ (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2018-03-08 22:19 - 2018-03-08 22:19 - 000000000 ____D C:\ProgramData\{7F40DE3E-8294-4E24-B2EA-80F6C6BB173C}
2018-03-08 22:17 - 2018-03-08 22:18 - 090458280 _____ (IObit ) C:\Users\morgan\Downloads\asc-ultimate-setup.exe
2018-03-08 22:10 - 2018-03-08 22:10 - 000001591 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-03-08 22:10 - 2018-03-08 22:10 - 000000000 ____D C:\Users\morgan\AppData\Roaming\Synapse3
2018-03-08 22:10 - 2018-03-08 22:10 - 000000000 ____D C:\temp
2018-03-08 22:06 - 2018-03-08 22:06 - 000000000 ____D C:\Program Files\Razer Chroma SDK
2018-03-08 22:06 - 2018-03-08 22:06 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2018-03-08 22:02 - 2018-03-08 22:02 - 004197032 _____ C:\Users\morgan\Downloads\RazerSynapseInstaller_DT_V1.0.67.89.exe
2018-03-08 20:30 - 2018-03-08 20:30 - 000000000 ____D C:\Users\morgan\AppData\Local\mbmxnkt
2018-03-08 20:20 - 2018-03-08 20:20 - 000000000 ____D C:\Users\morgan\AppData\Local\auickze
2018-03-08 20:15 - 2018-03-08 20:15 - 000000000 ____D C:\Users\morgan\AppData\Local\pwctesx
2018-03-08 20:08 - 2018-03-08 20:08 - 000000000 ____D C:\Users\morgan\AppData\Local\nirdtuk
2018-03-08 20:06 - 2018-03-08 22:09 - 000000000 ____D C:\Program Files (x86)\Razer
2018-03-08 20:05 - 2018-03-08 20:06 - 000281104 _____ C:\Windows\Minidump\030818-122046-01.dmp
2018-03-08 19:59 - 2018-03-08 19:59 - 000000965 _____ C:\Users\morgan\Downloads\c32dedfb-286c-4126-917c-3980cbe4b314.tmp
2018-03-08 19:55 - 2018-03-08 19:55 - 000000965 _____ C:\Users\morgan\Downloads\Fixlist (1).txt
2018-03-08 19:51 - 2018-03-08 19:51 - 000000000 ____D C:\Users\morgan\AppData\Local\siozgxm
2018-03-08 14:26 - 2018-03-09 14:21 - 000000000 ____D C:\FRST
2018-03-08 13:51 - 2018-03-08 13:51 - 000262144 _____ C:\Windows\Minidump\030818-133859-01.dmp
2018-03-05 19:43 - 2018-03-08 22:18 - 000000000 ____D C:\ProgramData\Razer
2018-03-05 19:39 - 2018-03-05 19:39 - 026194416 _____ (Razer USA Ltd) C:\Users\morgan\Downloads\Razer_Synapse_Installer_v2.21.00.830.exe
2018-03-05 19:32 - 2018-03-05 19:32 - 000000000 ____D C:\Users\morgan\AppData\Local\snnzmlk
2018-03-05 19:29 - 2018-03-05 19:30 - 000281104 _____ C:\Windows\Minidump\030518-114859-01.dmp
2018-03-05 19:16 - 2018-03-05 19:16 - 000000000 ____D C:\Users\morgan\AppData\Local\resghcu
2018-03-05 17:58 - 2018-03-05 17:58 - 000281104 _____ C:\Windows\Minidump\030518-120359-01.dmp
2018-03-05 17:20 - 2018-03-05 17:20 - 000193968 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-03-05 17:20 - 2018-03-05 17:20 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-03-05 17:20 - 2018-03-05 17:20 - 000094144 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-03-05 17:20 - 2018-03-05 17:20 - 000046008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-03-05 17:19 - 2018-03-05 17:19 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-03-05 17:19 - 2018-03-05 17:19 - 000001851 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-05 17:19 - 2018-03-05 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-05 17:19 - 2018-03-05 17:19 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-05 17:19 - 2017-11-29 07:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-03-05 17:17 - 2018-03-05 17:19 - 068206640 _____ (Malwarebytes ) C:\Users\morgan\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4210.exe
2018-03-05 17:14 - 2018-03-09 12:34 - 000026192 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-03-05 17:14 - 2018-03-05 17:14 - 000000000 ____D C:\Users\morgan\AppData\Local\scmirea
2018-03-05 17:05 - 2018-03-05 17:05 - 000000000 ____D C:\Users\morgan\AppData\Local\ElevatedDiagnostics
2018-03-05 16:11 - 2018-03-05 16:23 - 023261071 _____ C:\Users\morgan\Downloads\zGuild+of+Heroes+fantasy+RPG_v1.60.3MOD.apk.crdownload
2018-03-05 16:11 - 2018-03-05 16:12 - 114636512 _____ (Microsoft Corporation) C:\Users\morgan\Downloads\msert.exe
2018-03-05 15:23 - 2018-03-05 17:53 - 000000000 ____D C:\Users\morgan\AppData\Local\4093deda608544c58dd7107d22314436
2018-03-05 15:22 - 2018-03-05 15:22 - 000003602 _____ C:\Windows\System32\Tasks\{AE037B03-827F-402D-AAB3-5EF6509E218F}
2018-03-05 15:22 - 2018-03-05 15:22 - 000003422 _____ C:\Windows\System32\Tasks\{6736D612-52E8-45CA-BB5C-F759C9C0A3C4}
2018-03-05 15:22 - 2018-03-05 15:22 - 000000003 _____ C:\Users\morgan\AppData\Local\wbem.ini
2018-03-05 15:21 - 2018-03-05 17:13 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-05 15:21 - 2018-03-05 15:27 - 007983104 _____ (Softplicity Inc.) C:\ProgramData\AudioConverter.exe
2018-03-05 15:21 - 2018-03-05 15:21 - 000012800 _____ C:\Users\morgan\AppData\Local\dergda.dll
2018-03-05 15:21 - 2018-03-05 15:21 - 000003072 _____ C:\Users\morgan\AppData\Local\removeHN.exe
2018-03-05 14:53 - 2018-03-05 14:54 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-03-05 14:53 - 2018-03-05 14:53 - 000001865 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-03-05 14:52 - 2018-03-05 14:53 - 000000000 ____D C:\Program Files (x86)\Bluestacks
2018-03-05 14:52 - 2018-03-05 14:52 - 000219576 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\HD-Uninstaller_native.exe
2018-03-05 14:52 - 2016-09-21 03:05 - 000000000 ____D C:\ProgramData\Bluestacks
2018-03-05 14:27 - 2018-03-05 14:53 - 000000000 ____D C:\Users\morgan\AppData\Local\Bluestacks
2018-03-05 13:23 - 2018-03-05 14:26 - 321459672 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\BlueStacks2+2.5.55.6279.exe
2018-03-05 02:20 - 2018-03-05 02:20 - 000088008 _____ C:\Windows\System32\Drivers\a891916cceffd1007867bb40142521d1.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 002923520 _____ (Microsoft Corporation) C:\Windows\System32\mmcndmgr.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 002364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 002003456 _____ (Microsoft Corporation) C:\Windows\System32\mmc.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 001695744 _____ (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 001562624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 001292288 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 001115648 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 001096192 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2018-03-02 17:16 - 2018-03-02 17:16 - 000826368 _____ (Microsoft Corporation) C:\Windows\System32\pmcsnap.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000559616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 000538624 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000477696 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000401408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 000393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000350208 _____ (Microsoft Corporation) C:\Windows\System32\mmcbase.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000309760 _____ (Microsoft Corporation) C:\Windows\System32\compstui.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000276312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2018-03-02 17:16 - 2018-03-02 17:16 - 000260096 _____ (Microsoft Corporation) C:\Windows\System32\ppcsnap.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000221184 _____ (Microsoft Corporation) C:\Windows\System32\prnntfy.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000202752 _____ (Microsoft Corporation) C:\Windows\System32\cic.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\puiapi.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000128000 _____ (Microsoft Corporation) C:\Windows\System32\mmcshext.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000053248 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2018-03-02 17:16 - 2018-03-02 17:16 - 000022824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbldfltr.sys
2018-02-26 18:30 - 2018-02-26 18:30 - 000121984 _____ (Razer Inc.) C:\Windows\System32\RzChromaSDK64.dll
2018-02-26 18:30 - 2018-02-26 18:30 - 000105088 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
2018-02-24 20:08 - 2018-02-24 20:08 - 000000000 ____D C:\Users\morgan\Documents\OpenIV
2018-02-24 20:07 - 2018-02-24 20:07 - 000001333 _____ C:\Users\morgan\Desktop\OpenIV.lnk
2018-02-24 20:07 - 2018-02-24 20:07 - 000000000 ____D C:\Users\morgan\AppData\Local\New Technology Studio
2018-02-24 20:06 - 2018-02-24 20:06 - 004555776 _____ (New Technology Studio) C:\Users\morgan\Downloads\ovisetup.exe
2018-02-24 19:54 - 2018-02-24 19:55 - 105180504 _____ C:\Users\morgan\Downloads\22c813-package files with hotfix.rar
2018-02-20 12:15 - 2018-02-20 12:14 - 000110144 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2018-02-19 18:03 - 2018-02-19 18:03 - 002164224 _____ (cfx-collective) C:\Users\morgan\Downloads\FiveM.exe
2018-02-16 09:48 - 2018-02-10 00:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-02-16 09:48 - 2018-02-09 23:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-02-16 09:48 - 2018-02-09 23:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2018-02-16 09:48 - 2018-02-09 23:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2018-02-16 09:48 - 2018-02-09 23:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-02-16 09:48 - 2018-02-09 23:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-02-16 09:48 - 2018-02-09 23:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-02-16 09:48 - 2018-02-09 22:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-02-16 09:48 - 2018-02-09 22:47 - 000145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2018-02-16 09:48 - 2018-02-09 22:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2018-02-16 09:48 - 2018-02-09 22:41 - 001033216 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2018-02-16 09:48 - 2018-02-09 22:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-02-16 09:48 - 2018-02-09 22:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-02-16 09:48 - 2018-02-09 22:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-02-16 09:48 - 2018-02-09 22:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-02-16 09:48 - 2018-02-09 22:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-02-16 09:48 - 2018-02-09 22:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-16 09:48 - 2018-02-09 22:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-02-16 09:48 - 2018-02-09 22:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-02-16 09:48 - 2018-02-09 21:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-16 09:48 - 2018-02-09 21:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-16 09:48 - 2018-02-09 21:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-16 09:48 - 2018-02-09 21:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-16 09:48 - 2018-02-09 21:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-02-16 09:48 - 2018-02-09 21:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-16 09:48 - 2018-02-09 21:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-16 09:48 - 2018-02-09 21:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-02-16 09:48 - 2018-02-09 21:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-16 09:48 - 2018-02-09 21:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-16 09:48 - 2018-02-09 21:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-16 09:48 - 2018-02-09 21:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-16 09:48 - 2018-02-09 21:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-16 09:48 - 2018-02-09 21:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-16 09:48 - 2018-02-02 22:04 - 000686592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-02-16 09:48 - 2018-02-02 22:03 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2018-02-16 09:48 - 2018-02-02 15:53 - 007408984 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-02-16 09:48 - 2018-02-01 10:51 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2018-02-16 09:48 - 2018-01-21 03:54 - 000419160 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-02-16 09:48 - 2018-01-12 17:18 - 002452824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-02-16 09:48 - 2018-01-12 13:42 - 000376664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
2018-02-16 09:48 - 2018-01-11 10:19 - 000032384 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-02-16 09:48 - 2018-01-11 09:56 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-16 09:48 - 2018-01-11 09:07 - 000748032 _____ (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2018-02-16 09:48 - 2018-01-08 22:21 - 004168704 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2018-02-16 09:47 - 2018-01-21 03:09 - 000145080 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-02-16 09:47 - 2018-01-20 22:13 - 001994752 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-02-16 09:47 - 2018-01-20 22:13 - 001569280 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000749568 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000654336 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000604672 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000450048 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000378880 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-02-16 09:47 - 2018-01-20 22:13 - 000236544 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-02-08 12:20 - 2018-02-08 12:20 - 000000222 _____ C:\Users\morgan\Desktop\SOS.url
2018-02-08 10:39 - 2018-02-05 12:38 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-08 10:39 - 2018-02-05 12:38 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 18:45 - 2018-02-07 18:45 - 000107575 _____ C:\Users\morgan\Downloads\CooldownCount.zip
2018-02-07 18:44 - 2018-02-07 18:44 - 000867840 _____ C:\Users\morgan\Downloads\Cartographer.zip
2018-02-07 18:44 - 2018-02-07 18:44 - 000661349 _____ C:\Users\morgan\Downloads\Gatherer.zip
2018-02-07 18:39 - 2018-02-07 18:39 - 000008593 _____ C:\Users\morgan\Downloads\oGlow.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-09 16:54 - 2017-06-30 18:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-09 16:54 - 2016-08-04 01:58 - 000000000 ____D C:\Users\morgan\AppData\Roaming\TS3Client
2018-03-09 15:40 - 2016-04-30 07:42 - 000000000 ____D C:\Users\morgan\AppData\Roaming\discord
2018-03-09 15:15 - 2016-04-28 12:25 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-589677986-2538330077-3668394710-1001
2018-03-09 15:12 - 2013-08-22 05:25 - 000262144 ___SH C:\Windows\System32\config\ELAM
2018-03-09 13:10 - 2016-08-15 19:37 - 000000000 ____D C:\Users\morgan\AppData\Local\Battle.net
2018-03-09 13:10 - 2016-08-15 19:29 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-09 12:32 - 2014-11-21 00:43 - 000865068 _____ C:\Windows\System32\PerfStringBackup.INI
2018-03-09 12:32 - 2013-08-22 05:36 - 000000000 ____D C:\Windows\Inf
2018-03-09 12:27 - 2016-12-12 20:47 - 000000000 ____D C:\Windows\Minidump
2018-03-09 12:27 - 2013-08-22 06:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-08 22:35 - 2016-11-18 12:43 - 005898240 _____ C:\Windows\System32\config\DRIVERS.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 101249024 _____ C:\Windows\System32\config\SOFTWARE.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 001536000 _____ C:\Windows\System32\config\DEFAULT.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 000069632 _____ C:\Windows\System32\config\SAM.iodefrag.bak
2018-03-08 22:35 - 2016-11-14 10:08 - 000028672 _____ C:\Windows\System32\config\SECURITY.iodefrag.bak
2018-03-08 22:33 - 2016-04-28 12:49 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-03-08 22:19 - 2016-04-28 13:15 - 000000000 ____D C:\ProgramData\ProductData
2018-03-08 22:09 - 2018-01-04 02:09 - 000000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2018-03-08 22:09 - 2018-01-04 00:30 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-03-08 22:07 - 2016-04-28 13:06 - 000000000 ____D C:\Users\morgan\AppData\Local\Razer
2018-03-08 20:07 - 2016-04-30 05:54 - 000000000 ____D C:\users\morgan
2018-03-05 19:16 - 2016-04-29 21:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-05 17:53 - 2016-07-11 17:05 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1
2018-03-05 17:53 - 2016-04-28 12:29 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2018-03-05 16:21 - 2016-05-26 21:28 - 000000000 ____D C:\Users\morgan\Desktop\topkek
2018-03-05 15:34 - 2017-11-07 22:34 - 000000000 ____D C:\Users\morgan\AppData\Roaming\uTorrent
2018-03-05 15:26 - 2017-03-31 00:19 - 000000000 ____D C:\Program Files\AutoHotkey
2018-03-05 15:23 - 2017-11-28 11:43 - 000000000 ____D C:\Program Files\HyperCam 2
2018-03-05 15:19 - 2016-11-30 20:46 - 000000000 ____D C:\Users\morgan\AppData\Roaming\Notepad++
2018-03-05 14:53 - 2013-08-22 07:36 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-03 16:55 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\rescache
2018-03-03 15:15 - 2013-08-22 07:36 - 000000000 ___RD C:\Windows\ToastData
2018-03-02 17:16 - 2012-07-25 23:59 - 000000000 ____D C:\Windows\CbsTemp
2018-02-26 18:57 - 2016-04-28 12:34 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 20:36 - 2016-06-25 02:29 - 000000000 ____D C:\Users\morgan\AppData\Roaming\GamingOnSteroids
2018-02-22 01:43 - 2016-04-30 22:06 - 000000000 ____D C:\Users\morgan\AppData\Roaming\vlc
2018-02-20 12:20 - 2017-08-22 16:16 - 000000000 ____D C:\ProgramData\Oracle
2018-02-20 12:15 - 2017-10-27 11:19 - 000000000 ____D C:\Program Files\Java
2018-02-17 00:24 - 2016-04-30 10:33 - 000000000 ____D C:\Windows\System32\appraiser
2018-02-16 09:57 - 2016-04-28 19:39 - 000000000 ____D C:\Windows\System32\MRT
2018-02-16 09:50 - 2017-11-08 02:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-02-16 09:50 - 2016-04-28 19:39 - 130067560 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-02-14 11:07 - 2016-04-28 13:15 - 000000000 ____D C:\ProgramData\IObit
2018-02-12 17:22 - 2017-06-07 18:58 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3
2018-02-12 17:22 - 2017-05-27 18:23 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3 Launcher
2018-02-11 14:22 - 2017-11-02 22:47 - 000000000 ____D C:\Users\morgan\AppData\Local\DigitalEntitlements
 
Some files in TEMP:
====================
2018-03-05 15:21 - 2018-03-05 15:21 - 002200576 _____ (Microsoft Corporation) C:\Users\morgan\AppData\Local\Temp\installer_mi.exe
2018-03-05 15:21 - 2018-03-05 15:21 - 000672084 _____ (                                                            ) C:\Users\morgan\AppData\Local\Temp\setup (2).exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-01-15 08:26] - [2018-01-15 08:26] - 000571392 _____ (Microsoft Corporation) 4294D7AD504EA206A4A03DB29311B6C2
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-01-15 08:26] - [2018-01-15 08:26] - 000817664 _____ (Microsoft Corporation) 2928249E4DD39C2ADD3E74F02427AB8B
 
C:\Windows\System32\dnsapi.dll
[2017-10-10 20:28] - [2017-10-10 20:28] - 000656896 _____ (Microsoft Corporation) 764E397D1664C3CE690AC35D3DD7085A
 
C:\Windows\SysWOW64\dnsapi.dll
[2017-10-10 20:28] - [2017-10-10 20:28] - 000499200 _____ (Microsoft Corporation) 19992FFEC28B2CE8BDFCE1E7F51C4FAF
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2018-03-09 12:53
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 7113.87 MB
Available physical RAM: 6185.4 MB
Total Virtual: 7113.87 MB
Available Virtual: 6218.97 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:929.72 GB) (Free:720.92 GB) NTFS
Drive d: () (Fixed) (Total:464.8 GB) (Free:447.3 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:111.79 GB) (Free:1.36 GB) NTFS
Drive f: (RECOVERY) (Removable) (Total:31.99 GB) (Free:31.56 GB) FAT32
Drive g: (Recovery) (Fixed) (Total:0.59 GB) (Free:0.55 GB) NTFS
Drive h: () (Fixed) (Total:0.75 GB) (Free:0.46 GB) NTFS
Drive i: (Apr 14 2017) (CDROM) (Total:4.38 GB) (Free:4.19 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
\\?\Volume{00170643-d170-db1a-1dd5-d301860c2e00}\ () (Fixed) (Total:0.32 GB) (Free:0.3 GB) FAT32
\\?\Volume{22f0e93f-394c-489f-9c8e-7b0adf3dc1a3}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.26 GB) NTFS
\\?\Volume{0adfb044-7e2c-4f61-b8cf-084cef1aef84}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{9e4cac2b-36d5-440a-b3ea-545998dcceec}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E3B0859A)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0EBB4066)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0EBB4067)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 57.8 GB) (Disk ID: 716BBC27)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
 
LastRegBack: 2018-03-09 12:47
 
==================== End of FRST.txt ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by morgan (administrator) on MORGAN (09-03-2018 19:36:40)
Running from C:\Users\morgan\Desktop
Loaded Profiles: morgan (Available Profiles: morgan)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
() C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-05-06] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [uTorrent] => C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{65C922A1-52FF-4633-97FF-25836D1726CE}: [NameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{D77363BB-20CC-4A45-906B-4C88E14B088D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-589677986-2538330077-3668394710-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-20] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-20] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-05-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN16853915362860424&ctid=CT3239904&SearchSource=48&UP=SP9D9F0A20-84AE-4AA7-8C64-3EAE71AB52EE&SSPV=","hxxp://mysearch.avg.com/?cid={268C413E-A123-4A82-99B5-99F1D4021BB7}&mid=184d96c1facf47d39dced1544ff9e682-116d67ddb87ec26000e2953980c0443c1a68e5e2&lang=en&ds=oc011&pr=sa&d=2013-05-24%2015:59:47&v=15.2.0.5&pid=safeguard&sg=1&sap=hp","hxxp://mysearch.avg.com/?cid={268C413E-A123-4A82-99B5-99F1D4021BB7}&mid=184d96c1facf47d39dced1544ff9e682-116d67ddb87ec26000e2953980c0443c1a68e5e2&lang=en&ds=oc011&pr=sa&d=2013-05-24%2015:59:47&v=15.3.0.11&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9D9F0A20-84AE-4AA7-8C64-3EAE71AB52EE&SSPV=","hxxp://search.conduit.com/?CUI=UN16853915362860424&ctid=CT3239904&SearchSource=48&UP=SP9D9F0A20-84AE-4AA7-8C64-3EAE71AB52EE&SSPV=","hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131147,20033,0,25,0","hxxp://mysearch.avg.com?cid={BD2AFBDE-F89E-45A7-BE55-6D384E5CAD21}&mid=e0599db3923b47d29ddd78fcf63801e7-116d67ddb87ec26000e2953980c0443c1a68e5e2&lang=en&ds=is015&coid=avgtbdisis&cmpid=&pr=sa&d=2014-02-22 17:21:01&v=17.3.1.91&pid=safeguard&sg=&sap=hp","hxxps://www.google.com/"
CHR Profile: C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (BetterTTV) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-19]
CHR Extension: (Docs) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (YouTube) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
CHR Extension: (Pandora) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2018-03-05]
CHR Extension: (AdBlock) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-09]
CHR Extension: (Core) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2018-03-05]
CHR Extension: (Deluminate) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2017-11-13]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2018-03-08]
CHR Extension: (Grammarly for Chrome) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-05]
CHR Extension: (Substital) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkbiiikppgjdiebcabomlbidfodipjg [2017-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (ScriptSafe) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-12-12]
CHR Extension: (Chrome Media Router) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR Extension: (Enhancer for YouTube™) - C:\Users\morgan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-02-24]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-19] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-21] (BlueStack Systems, Inc.)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
S3 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-27] (Plays.tv, LLC)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [439936 2018-02-26] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2018-02-26] (Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-11] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [280304 2018-02-14] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2018-01-24] (Razer Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-03-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-03-22] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 a891916cceffd1007867bb40142521d1; C:\WINDOWS\system32\drivers\a891916cceffd1007867bb40142521d1.sys [88008 2018-03-05] ()
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2017-08-18] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-09-13] (Bluestack System Inc. )
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-03-09] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-28] (REALiX™)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [21872 2017-09-28] (IObit.com)
S1 MpKsl1299ba9a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFA9ED99-DC9D-4F36-9D16-BE24A3C6510C}\MpKsl1299ba9a.sys [58120 2018-03-09] () [File not signed]
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [46056 2017-12-21] (Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 RzDev_021e; C:\WINDOWS\System32\drivers\RzDev_021e.sys [47592 2018-01-23] (Razer Inc)
R3 RzDev_0C00; C:\WINDOWS\System32\drivers\RzDev_0C00.sys [47592 2018-01-23] (Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-08-31] (Razer Inc)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-03-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-03-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-03-22] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 cpuz138; \??\C:\Users\morgan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-09 19:36 - 2018-03-09 19:37 - 000018255 _____ C:\Users\morgan\Desktop\FRST.txt
2018-03-09 19:36 - 2018-03-09 19:36 - 002403328 _____ (Farbar) C:\Users\morgan\Desktop\FRST64.exe
2018-03-09 19:26 - 2018-03-09 19:26 - 000000000 _____ C:\WINDOWS\Minidump\030918-124453-01.dmp
2018-03-09 17:15 - 2018-03-09 17:15 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-03-09 17:12 - 2018-01-23 12:58 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-03-09 14:39 - 2018-03-09 14:39 - 000002884 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (morgan)
2018-03-09 14:27 - 2018-03-09 19:25 - 725053889 _____ C:\WINDOWS\MEMORY.DMP
2018-03-09 14:27 - 2018-03-09 14:27 - 000281216 _____ C:\WINDOWS\Minidump\030918-112171-01.dmp
2018-03-09 00:37 - 2018-03-09 00:37 - 000507256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-09 00:35 - 2018-03-09 16:21 - 101249024 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-03-09 00:35 - 2018-03-09 00:35 - 001536000 _____ C:\WINDOWS\system32\config\DEFAULT
2018-03-09 00:35 - 2018-03-09 00:35 - 000069632 _____ C:\WINDOWS\system32\config\SAM
2018-03-09 00:35 - 2018-03-09 00:35 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2018-03-09 00:34 - 2018-03-09 00:34 - 000000000 ____H C:\asc_rdflag
2018-03-09 00:25 - 2015-12-23 18:34 - 000034080 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2018-03-09 00:19 - 2018-03-09 00:19 - 000000000 ____D C:\ProgramData\{7F40DE3E-8294-4E24-B2EA-80F6C6BB173C}
2018-03-09 00:17 - 2018-03-09 00:18 - 090458280 _____ (IObit ) C:\Users\morgan\Downloads\asc-ultimate-setup.exe
2018-03-09 00:10 - 2018-03-09 00:10 - 000001591 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-03-09 00:10 - 2018-03-09 00:10 - 000000000 ____D C:\Users\morgan\AppData\Roaming\Synapse3
2018-03-09 00:10 - 2018-03-09 00:10 - 000000000 ____D C:\temp
2018-03-09 00:06 - 2018-03-09 00:06 - 000000000 ____D C:\Program Files\Razer Chroma SDK
2018-03-09 00:06 - 2018-03-09 00:06 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2018-03-09 00:02 - 2018-03-09 00:02 - 004197032 _____ C:\Users\morgan\Downloads\RazerSynapseInstaller_DT_V1.0.67.89.exe
2018-03-08 22:06 - 2018-03-09 00:09 - 000000000 ____D C:\Program Files (x86)\Razer
2018-03-08 22:05 - 2018-03-08 22:06 - 000281104 _____ C:\WINDOWS\Minidump\030818-122046-01.dmp
2018-03-08 21:59 - 2018-03-08 21:59 - 000000965 _____ C:\Users\morgan\Downloads\c32dedfb-286c-4126-917c-3980cbe4b314.tmp
2018-03-08 21:55 - 2018-03-08 21:55 - 000000965 _____ C:\Users\morgan\Downloads\Fixlist (1).txt
2018-03-08 16:26 - 2018-03-09 19:36 - 000000000 ____D C:\FRST
2018-03-08 15:51 - 2018-03-08 15:51 - 000262144 _____ C:\WINDOWS\Minidump\030818-133859-01.dmp
2018-03-05 21:43 - 2018-03-09 00:18 - 000000000 ____D C:\ProgramData\Razer
2018-03-05 21:39 - 2018-03-05 21:39 - 026194416 _____ (Razer USA Ltd) C:\Users\morgan\Downloads\Razer_Synapse_Installer_v2.21.00.830.exe
2018-03-05 21:29 - 2018-03-05 21:30 - 000281104 _____ C:\WINDOWS\Minidump\030518-114859-01.dmp
2018-03-05 19:58 - 2018-03-05 19:58 - 000281104 _____ C:\WINDOWS\Minidump\030518-120359-01.dmp
2018-03-05 19:20 - 2018-03-05 19:20 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-05 19:20 - 2018-03-05 19:20 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-05 19:20 - 2018-03-05 19:20 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-05 19:20 - 2018-03-05 19:20 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-05 19:19 - 2018-03-05 19:19 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-05 19:19 - 2018-03-05 19:19 - 000001851 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-05 19:19 - 2018-03-05 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-05 19:19 - 2018-03-05 19:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-05 19:19 - 2018-03-05 19:19 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-05 19:19 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-05 19:17 - 2018-03-05 19:19 - 068206640 _____ (Malwarebytes ) C:\Users\morgan\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4210.exe
2018-03-05 19:14 - 2018-03-09 19:33 - 000026192 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-03-05 19:05 - 2018-03-05 19:05 - 000000000 ____D C:\Users\morgan\AppData\Local\ElevatedDiagnostics
2018-03-05 18:11 - 2018-03-05 18:23 - 023261071 _____ C:\Users\morgan\Downloads\zGuild+of+Heroes+fantasy+RPG_v1.60.3MOD.apk.crdownload
2018-03-05 18:11 - 2018-03-05 18:12 - 114636512 _____ (Microsoft Corporation) C:\Users\morgan\Downloads\msert.exe
2018-03-05 17:23 - 2018-03-05 19:53 - 000000000 ____D C:\Users\morgan\AppData\Local\4093deda608544c58dd7107d22314436
2018-03-05 17:22 - 2018-03-05 17:22 - 000003602 _____ C:\WINDOWS\System32\Tasks\{AE037B03-827F-402D-AAB3-5EF6509E218F}
2018-03-05 17:22 - 2018-03-05 17:22 - 000003422 _____ C:\WINDOWS\System32\Tasks\{6736D612-52E8-45CA-BB5C-F759C9C0A3C4}
2018-03-05 17:22 - 2018-03-05 17:22 - 000000003 _____ C:\Users\morgan\AppData\Local\wbem.ini
2018-03-05 17:21 - 2018-03-05 19:13 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-05 17:21 - 2018-03-05 17:27 - 007983104 _____ (Softplicity Inc.) C:\ProgramData\AudioConverter.exe
2018-03-05 17:21 - 2018-03-05 17:21 - 000003072 _____ C:\Users\morgan\AppData\Local\removeHN.exe
2018-03-05 16:53 - 2018-03-05 16:54 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-03-05 16:53 - 2018-03-05 16:53 - 000001865 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-03-05 16:53 - 2018-03-05 16:53 - 000001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-03-05 16:52 - 2018-03-05 16:53 - 000000000 ____D C:\Program Files (x86)\Bluestacks
2018-03-05 16:52 - 2018-03-05 16:52 - 000219576 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\HD-Uninstaller_native.exe
2018-03-05 16:52 - 2016-09-21 05:05 - 000000000 ____D C:\ProgramData\Bluestacks
2018-03-05 16:27 - 2018-03-05 16:53 - 000000000 ____D C:\Users\morgan\AppData\Local\Bluestacks
2018-03-05 15:23 - 2018-03-05 16:26 - 321459672 _____ (BlueStack Systems Inc.) C:\Users\morgan\Downloads\BlueStacks2+2.5.55.6279.exe
2018-03-05 04:20 - 2018-03-05 04:20 - 000088008 _____ C:\WINDOWS\system32\Drivers\a891916cceffd1007867bb40142521d1.sys
2018-03-02 19:16 - 2018-03-02 19:16 - 002923520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 002003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 001695744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 001562624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 001115648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-03-02 19:16 - 2018-03-02 19:16 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-03-02 19:16 - 2018-03-02 19:16 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-03-02 19:16 - 2018-03-02 19:16 - 000393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000276312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-02 19:16 - 2018-03-02 19:16 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcshext.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcshext.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2018-03-02 19:16 - 2018-03-02 19:16 - 000022824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbldfltr.sys
2018-02-26 20:30 - 2018-02-26 20:30 - 000121984 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2018-02-26 20:30 - 2018-02-26 20:30 - 000105088 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
2018-02-24 22:08 - 2018-02-24 22:08 - 000000000 ____D C:\Users\morgan\Documents\OpenIV
2018-02-24 22:07 - 2018-02-24 22:07 - 000001333 _____ C:\Users\morgan\Desktop\OpenIV.lnk
2018-02-24 22:07 - 2018-02-24 22:07 - 000000000 ____D C:\Users\morgan\AppData\Local\New Technology Studio
2018-02-24 22:06 - 2018-02-24 22:06 - 004555776 _____ (New Technology Studio) C:\Users\morgan\Downloads\ovisetup.exe
2018-02-24 21:54 - 2018-02-24 21:55 - 105180504 _____ C:\Users\morgan\Downloads\22c813-package files with hotfix.rar
2018-02-20 14:15 - 2018-02-20 14:14 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-02-19 20:03 - 2018-02-19 20:03 - 002164224 _____ (cfx-collective) C:\Users\morgan\Downloads\FiveM.exe
2018-02-16 11:48 - 2018-02-10 02:44 - 025740288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-16 11:48 - 2018-02-10 01:19 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-16 11:48 - 2018-02-10 01:16 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-02-16 11:48 - 2018-02-10 01:16 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-02-16 11:48 - 2018-02-10 01:09 - 005782016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-16 11:48 - 2018-02-10 01:06 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-02-16 11:48 - 2018-02-10 01:06 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-16 11:48 - 2018-02-10 00:48 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-16 11:48 - 2018-02-10 00:47 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-02-16 11:48 - 2018-02-10 00:46 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-16 11:48 - 2018-02-10 00:41 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-02-16 11:48 - 2018-02-10 00:36 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-16 11:48 - 2018-02-10 00:36 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-02-16 11:48 - 2018-02-10 00:34 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-02-16 11:48 - 2018-02-10 00:32 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-02-16 11:48 - 2018-02-10 00:27 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-16 11:48 - 2018-02-10 00:20 - 020274176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-16 11:48 - 2018-02-10 00:14 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-16 11:48 - 2018-02-10 00:02 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-16 11:48 - 2018-02-09 23:57 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-02-16 11:48 - 2018-02-09 23:56 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-02-16 11:48 - 2018-02-09 23:54 - 002294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-16 11:48 - 2018-02-09 23:49 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-02-16 11:48 - 2018-02-09 23:49 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 004498944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-02-16 11:48 - 2018-02-09 23:35 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-16 11:48 - 2018-02-09 23:33 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-16 11:48 - 2018-02-09 23:32 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-02-16 11:48 - 2018-02-09 23:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-02-16 11:48 - 2018-02-09 23:27 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-02-16 11:48 - 2018-02-09 23:27 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-02-16 11:48 - 2018-02-09 23:14 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-16 11:48 - 2018-02-09 23:10 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-16 11:48 - 2018-02-09 23:08 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-02-16 11:48 - 2018-02-03 00:04 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-02-16 11:48 - 2018-02-03 00:03 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-02-16 11:48 - 2018-02-02 17:53 - 007408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-16 11:48 - 2018-02-01 12:51 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-16 11:48 - 2018-01-21 05:54 - 000419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-16 11:48 - 2018-01-12 19:18 - 002452824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-16 11:48 - 2018-01-12 15:42 - 000376664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-16 11:48 - 2018-01-11 12:19 - 000032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-16 11:48 - 2018-01-11 11:56 - 000504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-16 11:48 - 2018-01-11 11:07 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-16 11:48 - 2018-01-09 00:21 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-02-16 11:47 - 2018-01-21 05:09 - 000145080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-16 11:47 - 2018-01-21 00:13 - 001994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-16 11:47 - 2018-01-21 00:13 - 001569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-16 11:47 - 2018-01-21 00:13 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-08 14:20 - 2018-02-08 14:20 - 000000222 _____ C:\Users\morgan\Desktop\SOS.url
2018-02-08 12:39 - 2018-02-05 14:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-08 12:39 - 2018-02-05 14:38 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 20:45 - 2018-02-07 20:45 - 000107575 _____ C:\Users\morgan\Downloads\CooldownCount.zip
2018-02-07 20:44 - 2018-02-07 20:44 - 000867840 _____ C:\Users\morgan\Downloads\Cartographer.zip
2018-02-07 20:44 - 2018-02-07 20:44 - 000661349 _____ C:\Users\morgan\Downloads\Gatherer.zip
2018-02-07 20:39 - 2018-02-07 20:39 - 000008593 _____ C:\Users\morgan\Downloads\oGlow.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-09 19:34 - 2016-04-28 14:26 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-09 19:31 - 2013-08-22 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-09 18:54 - 2017-06-30 20:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-09 18:54 - 2016-08-04 03:58 - 000000000 ____D C:\Users\morgan\AppData\Roaming\TS3Client
2018-03-09 17:42 - 2017-11-03 00:47 - 000000000 ____D C:\Users\morgan\AppData\Local\DigitalEntitlements
2018-03-09 17:40 - 2016-04-30 09:42 - 000000000 ____D C:\Users\morgan\AppData\Roaming\discord
2018-03-09 17:15 - 2016-04-28 14:25 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-589677986-2538330077-3668394710-1001
2018-03-09 17:12 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-03-09 15:10 - 2016-08-15 21:37 - 000000000 ____D C:\Users\morgan\AppData\Local\Battle.net
2018-03-09 15:10 - 2016-08-15 21:29 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-09 14:32 - 2014-11-21 02:43 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-09 14:32 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\Inf
2018-03-09 14:27 - 2016-12-12 22:47 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-09 00:35 - 2016-11-18 14:43 - 005898240 _____ C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2018-03-09 00:35 - 2016-11-14 12:08 - 101249024 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2018-03-09 00:35 - 2016-11-14 12:08 - 001536000 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2018-03-09 00:35 - 2016-11-14 12:08 - 000069632 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2018-03-09 00:35 - 2016-11-14 12:08 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2018-03-09 00:33 - 2016-04-28 14:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-09 00:19 - 2016-04-28 15:15 - 000000000 ____D C:\ProgramData\ProductData
2018-03-09 00:10 - 2016-04-28 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-03-09 00:09 - 2018-01-04 04:09 - 000000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2018-03-09 00:09 - 2018-01-04 02:30 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-03-09 00:07 - 2016-04-28 15:06 - 000000000 ____D C:\Users\morgan\AppData\Local\Razer
2018-03-08 22:07 - 2016-04-30 07:54 - 000000000 ____D C:\Users\morgan
2018-03-05 21:16 - 2016-04-29 23:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-05 19:53 - 2016-07-11 19:05 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1
2018-03-05 19:53 - 2016-04-28 14:29 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2018-03-05 18:21 - 2016-05-26 23:28 - 000000000 ____D C:\Users\morgan\Desktop\topkek
2018-03-05 17:34 - 2017-11-08 00:34 - 000000000 ____D C:\Users\morgan\AppData\Roaming\uTorrent
2018-03-05 17:26 - 2017-03-31 02:19 - 000000000 ____D C:\Program Files\AutoHotkey
2018-03-05 17:23 - 2017-11-28 13:43 - 000000000 ____D C:\Program Files\HyperCam 2
2018-03-05 17:19 - 2016-11-30 22:46 - 000000000 ____D C:\Users\morgan\AppData\Roaming\Notepad++
2018-03-05 16:53 - 2013-08-22 09:36 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-03 18:55 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\rescache
2018-03-03 17:15 - 2013-08-22 09:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-03-02 19:16 - 2012-07-26 01:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-26 20:57 - 2016-04-28 14:34 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-26 20:57 - 2016-04-28 14:34 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 22:36 - 2016-06-25 04:29 - 000000000 ____D C:\Users\morgan\AppData\Roaming\GamingOnSteroids
2018-02-22 03:43 - 2016-05-01 00:06 - 000000000 ____D C:\Users\morgan\AppData\Roaming\vlc
2018-02-20 14:20 - 2017-08-22 18:16 - 000000000 ____D C:\ProgramData\Oracle
2018-02-20 14:15 - 2017-10-27 13:19 - 000000000 ____D C:\Program Files\Java
2018-02-20 14:15 - 2017-08-23 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-02-17 02:24 - 2016-04-30 12:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-16 11:57 - 2016-04-28 21:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-16 11:50 - 2017-11-08 04:15 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-16 11:50 - 2016-04-28 21:39 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-14 13:07 - 2016-04-28 15:15 - 000000000 ____D C:\ProgramData\IObit
2018-02-12 19:22 - 2017-06-07 20:58 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3
2018-02-12 19:22 - 2017-05-27 20:23 - 000000000 ____D C:\Users\morgan\AppData\Local\Arma 3 Launcher
 
==================== Files in the root of some directories =======
 
2018-03-05 17:21 - 2018-03-05 17:27 - 007983104 _____ (Softplicity Inc.) C:\ProgramData\AudioConverter.exe
1623-04-04 11:37 - 1623-04-04 11:37 - 000059904 ____N (Microsoft Corporation) C:\Users\morgan\IuViyGLYEeay.exe
2017-11-07 02:50 - 2017-11-07 02:50 - 000000127 _____ () C:\Users\morgan\AppData\Roaming\2xdsoft_overlayxhair.settings
2016-12-27 15:16 - 2016-12-27 18:09 - 015454208 _____ () C:\Users\morgan\AppData\Roaming\Sandra.mdb
1623-04-04 11:37 - 1623-04-04 11:37 - 000197120 ____N (Microsoft Corporation) C:\Users\morgan\AppData\Roaming\ZuEC.exe
2018-03-05 17:21 - 2018-03-05 17:21 - 000003072 _____ () C:\Users\morgan\AppData\Local\removeHN.exe
2016-05-08 13:54 - 2018-01-03 22:19 - 000007608 _____ () C:\Users\morgan\AppData\Local\Resmon.ResmonCfg
2018-03-05 17:22 - 2018-03-05 17:22 - 000000003 _____ () C:\Users\morgan\AppData\Local\wbem.ini
2017-01-10 22:29 - 2017-01-10 22:29 - 000000000 _____ () C:\Users\morgan\AppData\Local\{1962A4FA-E3F5-44D5-8CD4-9596B4F77469}
 
Some files in TEMP:
====================
2018-03-05 17:21 - 2018-03-05 17:21 - 002200576 _____ (Microsoft Corporation) C:\Users\morgan\AppData\Local\Temp\installer_mi.exe
2018-03-05 17:21 - 2018-03-05 17:21 - 000672084 _____ (                                                            ) C:\Users\morgan\AppData\Local\Temp\setup (2).exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-09 14:47
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by morgan (09-03-2018 19:37:40)
Running from C:\Users\morgan\Desktop
Windows 8.1 Pro (Update) (X64) (2016-04-30 14:12:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-589677986-2538330077-3668394710-500 - Administrator - Disabled)
Guest (S-1-5-21-589677986-2538330077-3668394710-501 - Limited - Disabled)
morgan (S-1-5-21-589677986-2538330077-3668394710-1001 - Administrator - Enabled) => C:\Users\morgan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS B15.0630.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B15.0630.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
µTorrent (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
ACP Application (HKLM\...\{0A1ABEEF-037C-D922-08E1-AB1798F320BE}) (Version: 2017.0612.1633.42 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte)
Aslain's WoT Modpack version 9.17.1.26 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 9.17.1.26 - Aslain)
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.11.0.631 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.55.6279 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{83D75873-9603-EA5A-948F-A5AEE78082C1}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.1.0 - IObit)
Epic Games Launcher (HKLM-x32\...\{AAA3417F-FEAD-4AF7-9C01-9FAE1BB44E3D}) (Version: 1.1.134.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.0.0.11" - Rockstar Games)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.2.0.11 - IObit)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League client alpha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenIV (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\OpenIV) (Version: 2.9.2.932 - .black/OpenIV Team)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (32-bit) (HKLM-x32\...\{C68BE7C0-355D-49B6-B950-A558FAA17451}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit) (HKLM-x32\...\{7665C66D-78C4-4B30-B4B9-8DD484403532}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (HKLM-x32\...\{2B2FED36-5D63-411A-A8C4-E311D70BCF33}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (HKLM-x32\...\{77EEC303-714C-4290-AF63-5252FDB5D7C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (HKLM-x32\...\{946BBA68-EDC0-4981-83D3-09592B9A84FA}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4F29879C-940D-4599-8CEC-407579F73DF7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (HKLM-x32\...\{65A2F7DA-ACD7-4EC1-8A88-665D535D9CE7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C387DB53-A25F-49E3-8DF7-94F47E5A7921}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (HKLM-x32\...\{FA87440D-634A-4581-AD9C-C6FA859B88DD}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (HKLM-x32\...\{9254A29B-0F60-444C-B5CE-DB7E2505474C}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.2 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.0229.021420 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.47.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
SiSoftware Sandra Lite 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.7.1 - IObit)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Twitcha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\67999eb9a2ff6a10) (Version: 0.7.3.2 - Hamsterface Productions)
twitcha (HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\twitcha) (Version: 2.1.15 - Joachim Lindstrom)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-4) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-5) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-6) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft Logs Uploader (HKLM-x32\...\{3F14B1F6-AF18-BC9F-400A-3C95435B872D}) (Version: 4.16 - UNKNOWN) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 4.16 - UNKNOWN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2017-06-09] (Ilya Morozov)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {010DCB95-046C-49CD-9A60-F81519C0F448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {010DCB95-046C-49CD-9A60-F81519C0F448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe
Task: {1B92A8DE-E5FF-4C6A-990F-4C7593B34979} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {258A9816-89EF-4B10-805B-4DD683DAA366} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {3BE452B7-76AB-4439-BAC8-1E2668AFDF5A} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe [2017-12-07] (IObit)
Task: {40434AE4-7DBB-4F75-A378-343100F6DB29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {49214252-BC6D-4F10-8795-88680442BF32} - System32\Tasks\{6736D612-52E8-45CA-BB5C-F759C9C0A3C4} => C:\Users\morgan\IuViyGLYEeay.exe [1623-04-04] (Microsoft Corporation)
Task: {6A4AA20A-D83A-490D-B172-63C8AA7EF4D8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {7A5DC740-B314-4C7D-B2DD-8779250D919E} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-10-16] (IObit)
Task: {7F7F994C-08D2-4FC6-8B27-47C2CAC7A585} - System32\Tasks\Uninstaller_SkipUac_morgan => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-12-12] (IObit)
Task: {84644CBE-A512-4E7E-AA0D-FC1949B77B4A} - System32\Tasks\{AE037B03-827F-402D-AAB3-5EF6509E218F} => C:\WINDOWS\OYoRAOSyqVpe.exe [1623-04-04] (Microsoft Corporation)
Task: {85AC2B15-AB51-43A7-B25D-9305B76B3142} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {8BDB6A48-39A0-4472-923C-10F97C1C511D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {8F4B3755-472F-4EA1-850D-580A4B4AE487} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {CC9BE9F5-681C-4942-8D1D-2527996650FE} - System32\Tasks\Driver Booster SkipUAC (morgan) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe [2017-12-11] (IObit)
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {D3749E82-AEE6-47A7-80FE-2025757E9EFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe
Task: {DA70BC7B-FCAB-4477-9EE4-FD4B8A3657FD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {E2C391AB-3E6C-4BF3-98CF-17522822FA73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {E51DEAF0-6663-4C28-8EDD-C39B73D3EB39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {E67DFA32-B0ED-4A82-9988-095182846649} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-06-12] (Advanced Micro Devices, Inc.)
Task: {EEBD9451-B61F-46F4-8148-BEFFD9224C8C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {F7082A13-FDE6-459A-BEF3-139C66C61868} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\morgan\Desktop\runbot.bat.lnk -> C:\Users\morgan\MusicBot\runbot.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-14 14:27 - 2015-04-14 14:27 - 000016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2018-02-14 06:30 - 2018-02-14 06:30 - 000280304 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2018-02-14 06:30 - 2018-02-14 06:30 - 000273648 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe
2016-07-23 23:20 - 2016-07-23 23:20 - 000924688 _____ () C:\Program Files\Common Files\ATI Technologies\Multimedia\amf-wic-jpeg-decoder64.dll
2016-07-25 14:07 - 2016-05-24 10:43 - 008909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-02-14 06:20 - 2018-02-14 06:20 - 000421616 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
2017-07-12 14:17 - 2017-07-12 14:17 - 001244080 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
2016-04-30 10:08 - 2016-04-30 10:08 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2018-02-26 20:57 - 2018-02-21 21:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-26 20:57 - 2018-02-21 21:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2017-12-28 16:18 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-12-28 16:18 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-12-28 16:18 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-03-09 19:32 - 2018-02-09 09:51 - 000149744 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-03-09 19:32 - 2018-02-09 09:51 - 000179440 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-03-09 19:32 - 2018-02-09 10:13 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-03-09 19:32 - 2018-02-09 10:14 - 000466160 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_GlobalShortcuts.dll
2018-03-09 19:32 - 2018-02-09 09:51 - 000129776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-03-09 19:32 - 2018-02-09 10:14 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-03-09 19:31 - 2018-02-09 10:14 - 000284400 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-03-09 19:32 - 2018-02-09 10:14 - 000186096 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-03-09 19:32 - 2018-02-09 09:51 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-03-09 19:32 - 2018-01-26 14:21 - 000560368 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Firefly\Bin\RSy3_DeviceStatus.dll
2018-03-09 19:32 - 2018-01-26 14:21 - 000274160 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Firefly\Bin\RSy3_DriverMode.dll
2018-03-09 19:32 - 2018-01-26 14:21 - 000317168 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Firefly\Bin\RSy3_Lighting.dll
2018-03-09 19:32 - 2018-01-29 15:21 - 000560368 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Ornata Chroma\Bin\RSy3_DeviceStatus.dll
2018-03-09 19:32 - 2018-01-29 15:21 - 000274160 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Ornata Chroma\Bin\RSy3_DriverMode.dll
2018-03-09 19:32 - 2018-01-29 15:21 - 000328432 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Ornata Chroma\Bin\RSy3_GameMode.dll
2018-03-09 19:32 - 2018-01-29 15:21 - 000317168 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Ornata Chroma\Bin\RSy3_Lighting.dll
2018-03-09 19:32 - 2018-01-29 15:21 - 000143600 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Ornata Chroma\Bin\RSy3_Mapping.dll
2018-03-09 19:32 - 2018-01-29 15:21 - 000522992 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Ornata Chroma\Bin\RSy3_MappingBaseM.dll
2018-03-09 19:32 - 2018-02-14 06:29 - 000049904 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeys.dll
2018-03-09 19:32 - 2018-01-29 15:21 - 000049904 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Ornata Chroma\Bin\RSy3_KeyboardKeys.dll
2018-02-14 06:17 - 2018-02-14 06:17 - 000115952 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll
2017-11-01 14:49 - 2016-01-11 16:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2017-11-01 14:49 - 2016-01-11 16:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2014-01-22 12:53 - 2014-01-22 12:53 - 001607680 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\BDR_info.dll
2015-02-16 09:47 - 2015-02-16 09:47 - 000105472 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.dll
2018-01-24 11:28 - 2018-01-24 11:30 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
2018-01-24 11:28 - 2018-01-24 11:30 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
2017-12-28 16:18 - 2017-10-16 10:14 - 000442144 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madExcept_.bpl
2017-12-28 16:18 - 2017-10-16 10:14 - 000210720 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madBasic_.bpl
2017-12-28 16:18 - 2017-10-16 10:14 - 000059680 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madDisAsm_.bpl
2017-12-28 16:18 - 2017-05-22 11:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-12-28 16:18 - 2017-05-23 18:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-12-28 16:18 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2018-01-24 11:28 - 2018-01-24 11:30 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
2018-01-24 11:28 - 2018-01-24 11:30 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
2018-01-24 11:28 - 2018-01-24 11:30 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2018-03-05 17:22 - 000001692 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 asedownloadgate.com
127.0.0.1 ladomainadeserver.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 www.wizzmonetize.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morgan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\roy9hxq.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "booster"
HKLM\...\StartupApproved\Run32: => "Optimizer.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\StartupFolder: => "Twitcher.lnk"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "DiscordPTB"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "dergda"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "KV8#QxDWNk.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "vOURHF4Usu.exe"
HKU\S-1-5-21-589677986-2538330077-3668394710-1001\...\StartupApproved\Run: => "zh-CN.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{249BF0DD-1A36-4D89-9C5F-AAAF9BFC565B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{124DE36B-5AA2-422C-B001-71F569D0D032}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{DCE49EA6-7C0A-4E54-A67E-84096549BBB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F2802592-2AE6-4C8E-BB58-B63A5AE0A973}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{728F82A9-ADD7-40E0-890F-DBF8EA1B9117}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{42D3FBED-FE9C-498F-8B4E-065365944E71}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F93082E4-5858-4768-BB06-8BA28AC4F064}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D6A60F53-DF96-4DE9-987F-1F7D748F7A71}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8151579B-A6AD-4FE8-B792-1CF781CFB91F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D6EAB96D-FE83-4A07-907F-D465807ECD58}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0D033D69-C816-4C22-A3BC-A83DC13FBCED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D40E6F80-60A2-4596-95E1-411B4745EF15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{8131BA07-58CB-473B-A829-6DFB391191CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{12617BEE-9DC7-4C68-A1F4-9BA280410001}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{320D157C-454A-49FA-B186-2BDC9EE7EAA8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{455C7B2C-0C03-42C7-9B2F-957EC2EAB389}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{24957D8D-B0A0-44AC-9B0D-18EAA0E1081A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{8D3599D3-A5F2-4685-93A1-A391F6E2E38A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{8EC33561-9E0B-42D8-8F00-2FB2D1DD3B92}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{72EA06E4-7432-4D9E-B2E8-EB96AADFB4B6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0C455B50-B39E-4D11-976E-426B307348DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CB584B4E-64A9-41F8-9A0C-84B24161D110}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BD272B1F-FF4B-4DC1-82EC-D72DF44056FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A8FB6E3-4B2B-4049-99E2-13CFA3D6AF04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E1DEB64A-8538-430C-A5F2-B91792518C17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5276CFAA-C505-4EA2-B5B8-4DC083B0FE68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5AC5BCC3-A9FA-44FE-9636-0F2A420BA064}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96214836-C86A-4DB0-9292-62BA1E96CF70}] => (Allow) H:\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{A7E1813E-0370-438F-860E-42107A03E1FB}] => (Allow) H:\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{C788AEFD-701E-42C1-A2EE-7CCB219B7347}H:\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) H:\games\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{3A53EE52-9EFF-4CE4-B912-F312CE62BB3D}H:\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) H:\games\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{2DCC3097-C984-457D-BE98-950AA5A1EC05}] => (Allow) C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{425524DE-7E8F-4683-B8D6-F949BF7DFAA3}] => (Allow) C:\Users\morgan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5648356F-177F-4FE9-A179-ABD417932271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{94527A04-4FFF-4717-9452-B0898144B07E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{C9291086-F5C8-422A-B574-4BC7D0AA2CF1}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [UDP Query User{A2B0C58B-3DF8-418F-BB63-B8AD4C2754BA}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [{0CB355FD-4D59-4A35-97AC-D93F6DD4C80E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{7AF5EADA-AE76-4047-8043-550BE0BC2DF9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{ED2C55DD-11F9-45F1-8B33-61008B3F2BB3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{62DE38FD-1F12-4FB4-943B-D9076CABB258}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{E1249C94-8788-499A-849E-6D65664860FA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [{C752835E-EC23-4ACF-B4CF-573AC6D6E7CC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{3CCAD754-24A6-43C9-99CA-761018EA2362}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{2D400924-6D9A-4144-9D1D-5CC460880B53}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{6C565B5F-4012-4FFE-8F82-0B11344BD35B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{838F52F0-851B-49C6-A87F-FD63308BEC21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B52C1B1E-EABB-4E9C-990F-BB3739559D94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{11FF5190-5EA1-4630-9CC5-8387C802F87E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{12F3C322-1F08-4847-85A0-41CF8F2EC38E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5882E4BA-407F-430A-9F8C-E4CD2D9D0F6A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{8129A325-AA81-4969-8652-C996723A94C0}H:\fivem.exe] => (Allow) H:\fivem.exe
FirewallRules: [UDP Query User{A15CDCFC-6215-4D6A-AA50-94206B35FCD5}H:\fivem.exe] => (Allow) H:\fivem.exe
FirewallRules: [{4DD36DD7-7C4B-457E-8330-B54797540AE9}] => (Allow) H:\GTA 5\GTA5.exe
FirewallRules: [{A7FE484B-3705-4B8C-A03A-6DADBFB0EAD8}] => (Allow) H:\GTA 5\GTA5.exe
FirewallRules: [{9652CF50-EDC1-439B-ADF9-2D2F3B57F8DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3117A1AE-FADC-426E-A189-40CEE732598B}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{261B9655-D83F-46E8-9E04-3EF8E5F4FC51}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Block) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
FirewallRules: [UDP Query User{417C0393-E35C-4F6F-912E-89E212FA69FA}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Block) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
FirewallRules: [{4A5958AD-DB00-4F76-A763-2817AED44814}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{C7BF3E1C-50D8-43F8-91BA-6C932BF20F57}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
 
==================== Restore Points =========================
 
09-03-2018 14:52:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AMD Radeon™ R7 Graphics
Description: AMD Radeon™ R7 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2018 02:52:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/01/2018 12:02:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/01/2018 11:56:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/08/2018 09:58:56 PM) (Source: MsiInstaller) (EventID: 11704) (User: MORGAN)
Description: Продукт: IC__iPackage -- Ошибка 1704. Установка "IC__iPackage" приостановлена. Для продолжения отмените изменения, сделанные этой установкой. Вы хотите отменить изменения?
 
Error: (03/05/2018 04:54:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (03/05/2018 04:54:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (03/05/2018 04:54:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (03/09/2018 07:32:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (03/09/2018 07:32:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Razer Synapse Service service hung on starting.
 
Error: (03/09/2018 07:32:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Razer Chroma SDK Server service hung on starting.
 
Error: (03/09/2018 07:29:23 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/09/2018 07:31:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:22:33 PM on ‎3/‎9/‎2018 was unexpected.
 
Error: (03/09/2018 05:44:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Synapse Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2018 05:44:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Central Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2018 05:44:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Game Manager service terminated unexpectedly.  It has done this 2 time(s).
 
 
Windows Defender:
===================================
Date: 2018-03-09 17:10:41.850
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible. 
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
 
CodeIntegrity:
===================================
 
Date: 2018-03-09 19:30:50.515
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-09 14:27:15.876
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-09 00:37:00.440
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-03-09 00:34:55.863
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-01 11:48:57.442
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-01 11:29:44.576
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-01 11:24:23.374
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-01 11:20:00.738
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 39%
Total physical RAM: 7113.87 MB
Available physical RAM: 4284.19 MB
Total Virtual: 17437.77 MB
Available Virtual: 14539.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:929.72 GB) (Free:720.99 GB) NTFS
Drive e: () (Fixed) (Total:464.8 GB) (Free:447.3 GB) NTFS
Drive f: (Apr 14 2017) (CDROM) (Total:4.38 GB) (Free:4.19 GB) UDF
Drive g: (RECOVERY) (Removable) (Total:31.99 GB) (Free:31.56 GB) FAT32
Drive h: (New Volume) (Fixed) (Total:111.79 GB) (Free:1.36 GB) NTFS
 
\\?\Volume{da4b2d60-851d-01d3-b092-25ed8ec2e900}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{002ddf51-8450-5799-21c5-db75a2be5b00}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{22f0e93f-394c-489f-9c8e-7b0adf3dc1a3}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
\\?\Volume{9e4cac2b-36d5-440a-b3ea-545998dcceec}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E3B0859A)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0EBB4066)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0EBB4067)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 57.8 GB) (Disk ID: 716BBC27)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
svchost still consuming lots of cpu :( https://imgur.com/a/O8yFy

Edited by zetank, 09 March 2018 - 08:45 PM.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 09 March 2018 - 08:59 PM

Let Scan:

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

favicon-32x32.png Please scan with Malwarebytes.

  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents

 

Your next reply(ies) should therefore contain:

  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log
  • Copy/pasted Malwarebytes Antimalware log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 zetank

zetank
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 09 March 2018 - 09:39 PM

While roguekiller was scanning svchost program popped up halfway into it and closed it. seems like it's starting a few minutes after desktop boot. and kills all scanning programs and prevents them from opening.


Edited by zetank, 09 March 2018 - 09:40 PM.


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 09 March 2018 - 10:44 PM

Both programs,

 

C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
 
Are legit files.
 
RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingcomputer.com/download/rkill/

A report, rkill.log will be created in the root directory, usually C:\. Post that report on your next reply
 
Once Rkill is ran, do not restart the computer, just proceed and run RogueKilller and scan

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 09 March 2018 - 11:32 PM

It is past midnight here. Will check on your progress later in the day.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:23 AM

Posted 10 March 2018 - 10:05 PM

Any progress?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users