Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with basti.exe/biodegradation.exe virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 redflgslooklikeflgs

redflgslooklikeflgs

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 09 March 2018 - 07:02 PM

When I start my computer, about a dozen processes of basti.exe and another dozen of biodegradation.exe use up 100% of my CPU, making it nearly impossible to do anything. Random music plays, there are new "computer fixer" shortcuts on my desktop, popups, etc. Chrome is redirected to some other program that *looks* like Chrome, but I'm sure isn't. Starting in safe mode seems to keep the virus from starting with Windows. Thank you for your help, again :(

Below is FRST.txt and Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Luke (administrator) on LUKE-PC (09-03-2018 18:39:09)
Running from E:\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [trickey] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKLM\...\Run: [trickeystriken] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKLM\...\Run: [trickeytrickey] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [souci] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [souciwise] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [soucisouci] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wise] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wisesouci] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wisewise] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [striken] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [strikentrickey] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [strikenstriken] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [ric] => C:\Program Files (x86)\ambrose\ric.exe [66831 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [controversial] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {7fbd7e68-e113-11e3-a78c-8f97b0442811} - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {cbcd9218-2053-11e6-8751-89338eab2433} - N:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {f45084ee-dfc9-11e5-b230-b9335618642a} - L:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA! Pro VPN.lnk [2017-11-13]
ShortcutTarget: HMA! Pro VPN.lnk -> E:\Programs\HMA! Pro VPN\vpn.exe (Privax Limited)
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swains.lnk [2018-03-08]
ShortcutTarget: swains.lnk -> C:\Program Files (x86)\Pyre\basti.exe ()
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swainsswains.lnk [2018-03-08]
ShortcutTarget: swainsswains.lnk -> C:\Program Files (x86)\refectory\biodegradation.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3C7FEFD2-0AD1-416D-B425-D68DA9463984}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3C7FEFD2-0AD1-416D-B425-D68DA9463984}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{3D817C84-CC44-4F44-ADD4-49F98BDCCDBC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3D817C84-CC44-4F44-ADD4-49F98BDCCDBC}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{49D755C0-838C-412F-9678-34AFCA6E5361}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C429DA9F-55EA-4C0D-B23A-42B9B2E413BA}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C752A9C6-DF18-42F4-AD18-56F390355796}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: zw7mdomu.default
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default [2018-03-08]
FF Homepage: Mozilla\Firefox\Profiles\zw7mdomu.default -> C:\ProgramData\Quoteexs\ff.HP
FF NewTab: Mozilla\Firefox\Profiles\zw7mdomu.default -> C:\ProgramData\Quoteexs\ff.NT
FF Extension: (Fast search) - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\Extensions\amcontextmenu@loucypher [2017-07-18] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-22] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> E:\Programs\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://thepiratebay.la/search/%22chaos%20chaos%22/0/99/0
CHR StartupUrls: Default -> "hxxps://1917.rt.com/#!/en/twitter/lenin"
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (Slides) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-08]
CHR Extension: (Torrent Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2016-08-14]
CHR Extension: (Duolingo on the Web) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-02-10]
CHR Extension: (Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-04-27]
CHR Extension: (DuckDuckGo) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-03-03]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-03-07]
CHR Extension: (Adblock Plus) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Play Music) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-02-21]
CHR Extension: (Full Page Screen Capture) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-03-08]
CHR Extension: (Sheets) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Eve News24) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacenaodinjocbceobidngfdopgcpbjh [2014-04-27]
CHR Extension: (Dropbox) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-29]
CHR Extension: (PolitEcho) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcindbcjkekiofoogdiohbdleddkpbbm [2017-03-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-21]
CHR Extension: (Logical Increments Field Agent) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnmfdickgjlfdjmjnaejgkjeebfadc [2014-04-27]
CHR Extension: (Bazz Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2018-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Disc Soft Lite Bus Service; E:\Programs\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
S2 HmaProVpn; E:\Programs\HMA! Pro VPN\VpnSvc.exe [5266016 2017-12-12] (Privax Limited)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2017-12-19] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-22] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-21] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [537080 2017-07-19] (Intel Corporation)
R3 hmatap; C:\Windows\System32\DRIVERS\hmatap.sys [45560 2017-10-31] (The OpenVPN Project)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-19] (Logitech Inc.)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2017-09-19] (The OpenVPN Project)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)
S3 cpuz137; \??\C:\Users\Luke\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
S3 GPU-Z; \??\C:\Users\Luke\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S0 knsctpzi; System32\drivers\tiixudck.sys [X]
S3 WinRing0_1_2_0; \??\E:\Programs\NZXT\CAM\CAM_Client.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-08 21:20 - 2018-03-09 18:28 - 000583842 _____ C:\Windows\ntbtlog.txt
2018-03-08 20:27 - 2018-03-08 20:27 - 001895382 _____ C:\Users\Luke\AppData\Local\ZamQuadtax.bin
2018-03-08 20:27 - 2018-03-08 20:27 - 000000000 ____D C:\Users\Luke\AppData\LocalLow\AMD
2018-03-08 20:26 - 2018-03-08 21:15 - 000000000 ____D C:\Program Files (x86)\preceded
2018-03-08 20:26 - 2018-03-08 20:26 - 000140800 _____ C:\Users\Luke\AppData\Local\installer.dat
2018-03-08 20:26 - 2018-03-08 20:26 - 000003926 _____ C:\Windows\System32\Tasks\pepperidge-discern
2018-03-08 20:26 - 2018-03-08 20:26 - 000003910 _____ C:\Windows\System32\Tasks\etruscans twas
2018-03-08 20:26 - 2018-03-08 20:26 - 000003904 _____ C:\Windows\System32\Tasks\telefon_wrangle
2018-03-08 20:26 - 2018-03-08 20:26 - 000003902 _____ C:\Windows\System32\Tasks\tnt siew irritation
2018-03-08 20:26 - 2018-03-08 20:26 - 000003896 _____ C:\Windows\System32\Tasks\doubled_francis
2018-03-08 20:26 - 2018-03-08 20:26 - 000003860 _____ C:\Windows\System32\Tasks\melon
2018-03-08 20:26 - 2018-03-08 20:26 - 000003850 _____ C:\Windows\System32\Tasks\becher
2018-03-08 20:26 - 2018-03-08 20:26 - 000003760 _____ C:\Windows\System32\Tasks\tspepperidge-discernpepperidge-discern
2018-03-08 20:26 - 2018-03-08 20:26 - 000003744 _____ C:\Windows\System32\Tasks\tsetruscans twasetruscans twas
2018-03-08 20:26 - 2018-03-08 20:26 - 000003738 _____ C:\Windows\System32\Tasks\tstelefon_wrangletelefon_wrangle
2018-03-08 20:26 - 2018-03-08 20:26 - 000003736 _____ C:\Windows\System32\Tasks\tstnt siew irritationtnt siew irritation
2018-03-08 20:26 - 2018-03-08 20:26 - 000003730 _____ C:\Windows\System32\Tasks\tsdoubled_francisdoubled_francis
2018-03-08 20:26 - 2018-03-08 20:26 - 000003694 _____ C:\Windows\System32\Tasks\tsmelonmelon
2018-03-08 20:26 - 2018-03-08 20:26 - 000003684 _____ C:\Windows\System32\Tasks\tsbecherbecher
2018-03-08 20:26 - 2018-03-08 20:26 - 000000012 _____ C:\Windows\b57888333
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ___HD C:\Program Files (x86)\Whistlers
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ___HD C:\Program Files (x86)\ambrose
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Windows\SysWOW64\lmeugks
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Windows\system32\lmeugks
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Users\Luke\AppData\Roaming\et
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Program Files (x86)\refectory
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Program Files (x86)\Pyre
2018-03-08 20:24 - 2018-03-08 20:24 - 000000000 ____D C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ C:\Windows\lachlan.exe
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ C:\Users\Luke\AppData\Local\biodegradation.exe
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ C:\Users\Luke\AppData\Local\basti.exe
2018-03-07 12:51 - 2018-03-07 12:51 - 000038434 _____ C:\Windows\uninstaller.dat
2018-03-06 14:27 - 2018-03-06 14:27 - 000000218 _____ C:\Users\Luke\AppData\Local\recently-used.xbel
2018-02-20 22:31 - 2018-03-08 18:50 - 000000000 ____D C:\Users\Luke\AppData\Roaming\Tropico 5
2018-02-20 22:31 - 2018-02-20 22:31 - 000000000 ____D C:\Users\Luke\AppData\Roaming\Kalypso Media
2018-02-20 22:23 - 2018-02-20 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media Digital
2018-02-14 11:15 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 11:15 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 11:15 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 11:15 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 11:15 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 11:15 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 11:15 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 11:15 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 11:15 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 11:15 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 11:15 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 11:15 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 11:15 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 11:15 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 11:15 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 11:15 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 11:15 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 11:15 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 11:15 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 11:15 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 11:15 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 11:15 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 11:15 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 11:15 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 11:15 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 11:15 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 11:15 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 11:15 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 11:15 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 11:15 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 11:15 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 11:15 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 11:15 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 11:15 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 11:15 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 11:15 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 11:15 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 11:15 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 11:15 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 11:15 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 11:15 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 11:15 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 11:15 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 11:15 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 11:15 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 11:15 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 11:15 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 11:15 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 11:15 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 11:15 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 11:15 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 11:15 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 11:15 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 11:15 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 11:15 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 11:15 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 11:15 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 11:15 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 11:15 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 11:15 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 11:15 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 11:15 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 11:15 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 11:15 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 11:15 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 11:15 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 11:15 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 11:15 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 11:15 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 11:15 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 11:15 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 11:15 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 11:15 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 11:15 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 11:15 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 11:15 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 11:15 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 11:15 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 11:15 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 11:15 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 11:15 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 11:15 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 11:15 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 11:15 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 11:15 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 11:15 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 11:15 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 11:15 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 11:15 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 11:15 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 11:15 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 11:15 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 11:15 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 11:15 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 11:15 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 11:15 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 11:15 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 11:15 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 11:15 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 11:15 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 11:15 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 11:15 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 11:15 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 11:15 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 11:15 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 11:15 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 11:15 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 11:15 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 11:15 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 11:15 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 11:15 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 11:15 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 11:14 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 11:14 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 11:14 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 18:39 - 2017-07-23 17:37 - 000000000 ____D C:\FRST
2018-03-09 18:33 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-09 18:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-03-09 18:31 - 2015-03-27 14:23 - 000007677 _____ C:\Users\Luke\AppData\Local\Resmon.ResmonCfg
2018-03-08 22:36 - 2017-09-17 14:16 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-08 22:35 - 2014-06-08 19:40 - 000000000 __SHD C:\Users\Luke\IntelGraphicsProfiles
2018-03-08 22:35 - 2009-07-14 00:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-08 22:35 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-08 22:34 - 2017-07-23 22:21 - 000000000 ____D C:\AdwCleaner
2018-03-08 22:28 - 2017-07-23 18:17 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-08 22:19 - 2014-08-14 17:48 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-03-08 22:19 - 2014-08-14 17:48 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-08 22:01 - 2015-05-19 08:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-03-08 22:01 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-08 22:00 - 2016-05-12 15:34 - 000000000 ____D C:\Users\Luke\AppData\Local\Jagex
2018-03-08 22:00 - 2016-05-12 15:34 - 000000000 ____D C:\ProgramData\Jagex
2018-03-08 21:51 - 2017-07-25 18:48 - 000002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-08 20:28 - 2014-04-27 18:49 - 000001042 _____ C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-08 20:26 - 2016-01-06 13:37 - 000797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-08 20:26 - 2016-01-06 13:37 - 000142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-08 20:26 - 2016-01-06 13:37 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-08 20:24 - 2015-05-16 23:44 - 000000000 ____D C:\Users\Luke\AppData\Local\CrashDumps
2018-03-08 20:22 - 2014-05-21 19:27 - 000000000 ____D C:\Users\Luke\AppData\Roaming\DAEMON Tools Lite
2018-03-08 15:05 - 2009-07-13 23:45 - 000031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-08 15:05 - 2009-07-13 23:45 - 000031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-07 01:52 - 2017-12-01 16:01 - 000000000 ____D C:\Users\Luke\AppData\Local\Battle.net
2018-03-06 20:36 - 2014-04-28 19:35 - 000000000 ____D C:\Users\Luke\AppData\Roaming\vlc
2018-03-06 10:49 - 2015-06-21 13:07 - 000000000 ____D C:\Users\Luke\AppData\Roaming\deluge
2018-03-04 02:15 - 2014-06-17 18:11 - 000000000 ____D C:\Users\Luke\AppData\Local\ElevatedDiagnostics
2018-02-27 14:58 - 2014-10-08 18:24 - 000000000 ____D C:\Users\Luke\AppData\Roaming\foobar2000
2018-02-20 22:30 - 2015-01-09 14:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-20 14:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-18 02:45 - 2014-05-20 11:29 - 000000000 ____D C:\Users\Luke\AppData\Roaming\EVEMon
2018-02-15 14:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-02-15 12:31 - 2009-07-13 23:45 - 000386896 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-15 12:30 - 2014-12-10 22:07 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-14 19:15 - 2014-04-27 20:08 - 000000000 ____D C:\Windows\system32\MRT
2018-02-14 19:13 - 2017-10-11 00:16 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-14 19:13 - 2014-04-27 20:08 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-14 19:11 - 2014-04-27 20:34 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-11 21:27 - 2016-12-25 13:07 - 000000000 ____D C:\Users\Luke\AppData\Roaming\AirDroid
2018-02-08 12:28 - 2018-01-31 18:00 - 000002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 12:28 - 2014-04-27 22:16 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-07 14:55 - 2016-10-22 20:37 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-02-07 14:55 - 2016-01-06 13:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 14:55 - 2016-01-06 13:37 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2013-02-16 22:27 - 2013-02-16 22:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2018-01-17 20:25 - 2018-01-17 20:25 - 000000000 _____ () C:\Users\Luke\AppData\Roaming\FC29FA0894FE.ini
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ () C:\Users\Luke\AppData\Local\basti.exe
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ () C:\Users\Luke\AppData\Local\biodegradation.exe
2018-03-08 20:26 - 2018-03-08 20:26 - 000140800 _____ () C:\Users\Luke\AppData\Local\installer.dat
2015-01-26 09:38 - 2015-05-12 09:16 - 000000600 _____ () C:\Users\Luke\AppData\Local\PUTTY.RND
2018-03-06 14:27 - 2018-03-06 14:27 - 000000218 _____ () C:\Users\Luke\AppData\Local\recently-used.xbel
2015-03-27 14:23 - 2018-03-09 18:31 - 000007677 _____ () C:\Users\Luke\AppData\Local\Resmon.ResmonCfg
2018-03-08 20:27 - 2018-03-08 20:27 - 001895382 _____ () C:\Users\Luke\AppData\Local\ZamQuadtax.bin

Some files in TEMP:
====================
2018-03-08 20:22 - 2018-03-08 20:22 - 000024576 _____ (1010 Vine Street) C:\Users\Luke\AppData\Local\Temp\capi.exe
2018-03-08 20:22 - 2018-03-08 20:22 - 004103885 _____ (Indigo Rose Corporation) C:\Users\Luke\AppData\Local\Temp\ing.exe
2018-03-08 20:30 - 2018-03-08 20:30 - 002749904 _____ () C:\Users\Luke\AppData\Local\Temp\instalelerxvid.exe
2018-03-08 20:22 - 2018-03-08 20:22 - 001959424 _____ () C:\Users\Luke\AppData\Local\Temp\XvidCodecInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-27 15:31

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Luke (09-03-2018 18:39:22)
Running from E:\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-27 23:48:58)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2829323167-97675127-1012005819-500 - Administrator - Disabled)
Guest (S-1-5-21-2829323167-97675127-1012005819-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2829323167-97675127-1012005819-1002 - Limited - Enabled)
Luke (S-1-5-21-2829323167-97675127-1012005819-1000 - Administrator - Enabled) => C:\Users\Luke

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
AirDroid 3.3.1.0 (HKLM-x32\...\AirDroid) (Version: 3.3.1.0 - Sand Studio)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ArcGIS 10.2 for Desktop (HKLM-x32\...\{44EF0455-5764-4158-90B3-CA483BCB1F75}) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2 for Desktop (HKLM-x32\...\ArcGIS 10.2 for Desktop) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BOSS Userlist Manager (HKLM-x32\...\{F0AB569C-99EF-4F4D-992D-2206E354C903}) (Version: 6.7.2 - Surazal)
calibre 64bit (HKLM\...\{B16F2206-747F-4758-ADA9-76148D2C0C35}) (Version: 3.7.0 - Kovid Goyal)
CAM (HKLM-x32\...\{751D9BCF-E66B-42AC-ADF3-66ED78649223}) (Version: 1.1.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dogecoin (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dogecoin) (Version: 1.6.0.0 - Dogecoin)
Dogecoin Core (64-bit) (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dogecoin Core (64-bit)) (Version: 1.10.0 - Dogecoin Core project)
Dropbox (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EVE Isk per Hour (HKLM-x32\...\{4A4A176E-F5F4-47D2-9866-2CAF8B09A29D}) (Version: 3.3 - EVE Isk per Hour)
EVE Isk per Hour (HKLM-x32\...\{7A37BE74-5767-407A-8145-098EF7DA02FB}) (Version: 3.3 - EVE IPH)
EVE Online (HKLM-x32\...\{2C60FECF-7254-436F-81A6-BCA9E87760A5}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{7DB2B037-E097-4B03-909D-0431F0250DE0}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{9CFA1749-644E-48EC-B4ED-1BD368198737}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{A556A849-45D4-4F7C-A520-135A060F1A6C}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{BAF7798B-050F-415A-9E84-912C424F747D}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{C680CFD6-1227-46F4-A2F2-0E1FB7402592}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{21baeecc-bb92-4eaa-bc13-6d66469e4477}) (Version: 1.0.0 - CCP)
EVEMon (HKLM-x32\...\EVEMon) (Version: 3.0.4 - EVEMon Development Team)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreeFileSync 7.7 (HKLM-x32\...\FreeFileSync) (Version: 7.7 - www.FreeFileSync.org)
Git version 2.9.3.2 (HKLM\...\Git_is1) (Version: 2.9.3.2 - The Git Development Community)
GitHub (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.1.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearts of Iron IV Death or Dishonor (HKLM-x32\...\Hearts of Iron IV Death or Dishonor_is1) (Version:  - )
HHD Software Free Hex Editor Neo 6.24 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.24.0.5920 - HHD Software, Ltd.)
HMA! Pro VPN (HKLM\...\{60A560F2-CB75-4C94-9C36-39AD2161DE73}_is1) (Version: 3.7.80 - Privax)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intergraph Licensing 11.10.1 (HKLM-x32\...\{E61CBFF0-5B9A-4722-AE2D-E5910CA5A1EA}) (Version: 11.10.0100.00201 - Intergraph Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 13.6.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
LibreOffice 4.4.7.2 (HKLM-x32\...\{94C42982-D118-45DE-B761-3D331428FAB9}) (Version: 4.4.7.2 - The Document Foundation)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version:  - )
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetLogo 5.1.0 (HKLM-x32\...\5730-6571-9917-5170) (Version: 5.1.0 - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Node.js (HKLM\...\{8434AEA1-1294-47E3-9137-848F546CD824}) (Version: 4.4.7 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pokemon GO Live Map (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\pokemon) (Version: 0.3.3 - Mike Christopher)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
pyfa version 1.28.1 (YC119.3 1.0) (HKLM-x32\...\{3DA39096-C08D-49CD-90E0-1D177F32C8AA}_is1) (Version: 1.28.1 (YC119.3 1.0) - pyfa)
Python 2.7 pycurl-7.43.0 (HKLM-x32\...\pycurl-py2.7) (Version:  - )
Python 2.7 PyYAML-3.11 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\PyYAML-py2.7) (Version:  - )
Python 2.7 reverence-1.5.0 (HKLM-x32\...\reverence-py2.7) (Version:  - )
Python 2.7 reverence-1.5.0 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\reverence-py2.7) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Sniper Elite 4 (HKLM\...\Sniper Elite 4_is1) (Version: 1.0 - )
South Park The Fractured But Whole version 1.0 (HKLM\...\South Park The Fractured But Whole_is1) (Version: 1.0 - CODEPUNKS)
Spotify (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.90968 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.0.0.1 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.12.0 - GOG.com)
Tropico 5 - Complete Collection (HKLM-x32\...\Tropico 5 - Complete Collection_is1) (Version:  - )
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 5.3.1 - Universal Media Server)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\WinDirStat) (Version:  - )
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
Yawcam 0.5.0 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: 0.5.0 - Yawcam)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> E:\Programs\Hex Editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> E:\Programs\Hex Editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> E:\Programs\Hex Editor\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Programs\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Programs\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programs\WinRAR\rarext.dll [2014-04-25] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Programs\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Programs\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Programs\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programs\WinRAR\rarext.dll [2014-04-25] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10741947-3D5B-47B6-9166-699030E39E8C} - System32\Tasks\melon => C:\Program Files (x86)\preceded\preceded.exe
Task: {1BC844E0-850E-4D64-9F10-E04DAB2DA740} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2AC213CF-6CE5-46E8-A868-7145FDAC19D5} - System32\Tasks\tsetruscans twasetruscans twas => C:\Program Files (x86)\Whistlers\biodegradation.exe [2018-03-08] ()
Task: {2C3D58A9-38E8-489B-8F35-1BE176B0E2F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-08] (Adobe Systems Incorporated)
Task: {3F47D89A-7C31-4B5C-B2B2-4447690CC988} - System32\Tasks\telefon_wrangle => C:\Users\Luke\AppData\Local\biodegradation.exe [2018-03-08] ()
Task: {3F71AC83-F0D4-4469-9A2B-0287043AEC89} - System32\Tasks\tsdoubled_francisdoubled_francis => C:\Program Files (x86)\Whistlers\basti.exe [2018-03-08] ()
Task: {40866354-7EC2-4AA7-A8B7-971E7F27C64C} - System32\Tasks\tsbecherbecher => C:\Program Files (x86)\Pyre\basti.exe [2018-03-08] ()
Task: {495DF05D-3FF5-4C8E-AF0E-F25411DB6CB1} - System32\Tasks\becher => C:\Program Files (x86)\Pyre\basti.exe [2018-03-08] ()
Task: {4FA46B8A-DE92-4F75-AF78-FA2811410A02} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-10-18] ()
Task: {4FF4B20F-3028-4C1A-8FB6-A4D1DC7D7152} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {5BB35221-0745-4895-9D9C-4E550A0BF8B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {5CE59C4C-CB7C-4D0D-826B-C33BEF11E073} - System32\Tasks\{19A59D09-F635-4BA4-B25C-EBA8DB5AE042} => C:\Windows\system32\pcalua.exe -a C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {69E79004-1618-4D7B-AEE3-AD3EB192EC6F} - System32\Tasks\doubled_francis => C:\Program Files (x86)\Whistlers\basti.exe [2018-03-08] ()
Task: {6E03092E-C68D-4914-8166-879A2F977B0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {89E210A4-8973-43BA-81BF-67CAD0E8BAEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {A2F7B176-6659-41AA-8CDD-F05D22965200} - System32\Tasks\tsmelonmelon => C:\Program Files (x86)\preceded\preceded.exe
Task: {A680F860-050A-4479-95F6-63EC61EBB91B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {AB27382C-B164-4E61-B3FE-42DE2DDD41FF} - System32\Tasks\tstelefon_wrangletelefon_wrangle => C:\Users\Luke\AppData\Local\biodegradation.exe [2018-03-08] ()
Task: {BC6CBB22-5571-42E2-9788-B9D999352635} - System32\Tasks\tnt siew irritation => C:\Users\Luke\AppData\Local\basti.exe [2018-03-08] ()
Task: {C189CC18-2FF8-4683-952B-BAEC2029947E} - System32\Tasks\tstnt siew irritationtnt siew irritation => C:\Users\Luke\AppData\Local\basti.exe [2018-03-08] ()
Task: {D3C47F5F-9279-4BC5-B5EC-B7FD09ECE2F5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {D58A0C9E-B606-4CB3-882E-2B198A780E41} - System32\Tasks\tspepperidge-discernpepperidge-discern => C:\Program Files (x86)\refectory\biodegradation.exe [2018-03-08] ()
Task: {D967E0D9-7B3C-4F7F-B3D2-65210DA87B22} - System32\Tasks\HMA! Pro VPN Update => E:\Programs\HMA! Pro VPN\VpnUpdate.exe [2017-12-12] (Privax Limited)
Task: {E0EAB610-4301-4B31-BF5C-DFA45E064B17} - System32\Tasks\pepperidge-discern => C:\Program Files (x86)\refectory\biodegradation.exe [2018-03-08] ()
Task: {E28C9DF7-AC94-4318-A532-8AD7A5AA322A} - System32\Tasks\etruscans twas => C:\Program Files (x86)\Whistlers\biodegradation.exe [2018-03-08] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"

==================== Loaded Modules (Whitelisted) ==============

2016-06-30 03:23 - 2016-11-15 10:24 - 000592384 _____ () C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll
2015-03-29 05:25 - 2015-03-29 05:25 - 000043480 _____ () E:\Programs\FileZilla FTP Client\fzshellext_64.dll
2014-04-29 12:47 - 2012-01-20 13:55 - 000678400 _____ () E:\Programs\TeraCopy\TeraCopyExt64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 000222720 _____ () E:\Programs\Notepad++\NppShell_05.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk => C:\Windows\pss\Universal Media Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "E:\Programs\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirDroid 3 => E:\Programs\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: CAM => E:\Programs\NZXT\CAM\CAM_Client.exe -autostart
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "E:\Programs\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Discord => C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Spotify => "C:\Users\Luke\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luke\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: WinampAgent => E:\Programs\Winamp\winampa.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{96614B75-4C1C-4058-A06B-64633F9F7980}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6B060C82-DDEC-4146-86CB-77D1909DCD71}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{261D2D06-898F-4BC3-9824-FECB781248E3}C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{45DF1BC5-9E79-43DB-AEAE-4275A35D18AC}C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{F1CB8049-00BA-4492-8E34-F9D5AE3EC0F5}E:\programs\deluge\deluge.exe] => (Allow) E:\programs\deluge\deluge.exe
FirewallRules: [UDP Query User{8354C47D-334D-4544-90A2-F5C613AD1F47}E:\programs\deluge\deluge.exe] => (Allow) E:\programs\deluge\deluge.exe
FirewallRules: [TCP Query User{0EF0B207-CED7-41F6-96A4-E15DB7A417BC}E:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) E:\games\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{A9D2BFAE-0BD7-4B7A-A56D-E9BF1757D5B6}E:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) E:\games\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{AD509E0C-51B0-4C11-B5D8-5C48D452BFFC}E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{3B6A8693-40D8-4112-AA5F-4BB05E21F2D5}E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{ECEA1505-A80B-40B0-BB6F-719C3C7D8A2A}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [UDP Query User{03DF304F-1879-4DCE-9D95-74EFE0FF5EBA}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [{FF89F15C-AFD9-4F61-A606-67C7DADB689C}] => (Allow) E:\Programs\Steam\Steam.exe
FirewallRules: [{A305306E-13E8-4EAD-8FF0-9DFB831E50E8}] => (Allow) E:\Programs\Steam\Steam.exe
FirewallRules: [{A3524079-32F7-4851-B1E9-39E985528080}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B5E68D21-8A45-462B-8789-FC56BC8F1119}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{83EE8187-A79C-49FD-AFAB-584A6F92150A}] => (Allow) E:\Programs\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{763898F4-6C7C-4D82-841C-66B335F26005}] => (Allow) E:\Programs\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F91F7A6F-65D9-42CB-BF57-5E56A57BCB23}] => (Block) E:\Games\Watch_Dogs 2\bin\WatchDogs2.exe
FirewallRules: [TCP Query User{B86AEDB2-9A9A-4BDA-9E9D-B2BC20058A3E}E:\games\far cry primal\bin\fcprimal.exe] => (Block) E:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{A4948214-FFC4-4777-894B-F09910D494F4}E:\games\far cry primal\bin\fcprimal.exe] => (Block) E:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{26E3FBA7-0C47-4306-AB2C-A4D22ACE59C3}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [UDP Query User{C5103574-517E-427D-99A5-9784E250ACAB}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [TCP Query User{42BF50FA-E613-42B0-8504-6886A0ACC46B}E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe] => (Block) E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe
FirewallRules: [UDP Query User{18F3B210-3885-4ACF-8681-59E519CC2740}E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe] => (Block) E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe
FirewallRules: [TCP Query User{4DF8C9B7-F2EF-4888-B75F-9C4519057BEA}E:\programs\winamp\winamp.exe] => (Block) E:\programs\winamp\winamp.exe
FirewallRules: [UDP Query User{040ECA74-213B-41FE-BB5F-926DD13D351C}E:\programs\winamp\winamp.exe] => (Block) E:\programs\winamp\winamp.exe
FirewallRules: [{583B2418-4661-439A-BF3A-751B6CB0A157}] => (Allow) E:\Programs\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{AA5D0A9D-E18D-4C5C-81E8-DB68D0D8F5C7}] => (Allow) E:\Programs\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{FF0973F6-0F9D-4DBC-9E4A-E4640098308F}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{D7A6A804-1FE5-48C6-84BB-5A455A364B88}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{51BAC774-D55E-4E35-9527-E52B8B1D20C8}E:\programs\dogecoin\dogecoin-qt.exe] => (Allow) E:\programs\dogecoin\dogecoin-qt.exe
FirewallRules: [UDP Query User{56E8A7C1-B3DC-44AC-8152-B214E72DC4C8}E:\programs\dogecoin\dogecoin-qt.exe] => (Allow) E:\programs\dogecoin\dogecoin-qt.exe
FirewallRules: [{3B307690-9A44-4114-9222-59C6581842B2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60E277EF-27F6-4DB1-BB52-4DD0D7497BFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BBBD53E7-CC74-47E7-BE90-DDA9A623F597}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{10B36358-577E-4718-B197-A386784FC5EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0EB88E31-71A2-4790-87A2-F2730B46DCE7}] => (Allow) E:\Programs\Dogecoin\dogecoin-qt.exe
FirewallRules: [TCP Query User{780D4A71-3760-4AD8-A05A-BCE302B3246E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{619570A2-05CA-45D8-A613-30AD4DB114D9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F7A211E9-DB4C-4BBD-BAF8-29923CC8B658}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{CB6D07AF-8541-405D-A1B5-A89A1FB45352}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{4010FE5D-E65D-4955-8591-AC4D6099AE7E}E:\games\payday 2 ultimate edition\payday2_win32_release.exe] => (Block) E:\games\payday 2 ultimate edition\payday2_win32_release.exe
FirewallRules: [UDP Query User{565938D2-80F0-4098-9838-507BCDEEC4FB}E:\games\payday 2 ultimate edition\payday2_win32_release.exe] => (Block) E:\games\payday 2 ultimate edition\payday2_win32_release.exe
FirewallRules: [TCP Query User{C3FE2055-FB4A-4970-99CC-B0270F35CE4C}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{61D3CAC4-41B2-4FC2-8032-29EAB8F79F69}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [{73E39F09-2BF2-46FB-9F6D-575E0FAC2160}] => (Block) E:\Games\Kalypso Media Digital\Tropico 5 - Complete Collection\Tropico5Steam.exe
FirewallRules: [{690B6EF4-A6F7-460A-B818-04AD098B8859}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{53DE54F9-49E8-436F-86DA-49FF0585DB8F}] => (Allow) C:\Program Files (x86)\Pyre\basti.exe
FirewallRules: [{0B9EBD30-4F48-41D0-99F4-C9E5D59010A4}] => (Allow) C:\Program Files (x86)\Whistlers\basti.exe
FirewallRules: [{8DB4B907-4A7D-4C53-A033-E6DE4DAF6891}] => (Allow) C:\Program Files (x86)\refectory\biodegradation.exe
FirewallRules: [{5D8EA20A-9E13-4E1B-A9A0-216DE5FEFA4D}] => (Allow) C:\Program Files (x86)\Whistlers\biodegradation.exe

==================== Restore Points =========================

02-03-2018 18:26:33 Windows Update
06-03-2018 10:15:16 Windows Update
08-03-2018 21:14:52 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2018 06:30:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 10:40:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 10:35:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 10:17:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 09:57:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Luke\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (03/08/2018 09:47:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Luke\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (03/08/2018 09:46:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 09:39:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Luke\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

System errors:
=============
Error: (03/09/2018 06:30:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (03/09/2018 06:30:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (03/09/2018 06:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/09/2018 06:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/09/2018 06:29:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/09/2018 06:29:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 06:29:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 06:29:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 8076.9 MB
Available physical RAM: 6633.28 MB
Total Virtual: 16151.97 MB
Available Virtual: 14808.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.57 GB) (Free:9.46 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:184.13 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (LastResort) (Fixed) (Total:15.54 GB) (Free:15.45 GB) NTFS
Drive h: () (Fixed) (Total:273.3 GB) (Free:202.1 GB) NTFS
Drive i: (Windows 7) (Fixed) (Total:307.23 GB) (Free:187 GB) NTFS
Drive j: (Elements) (Fixed) (Total:931.51 GB) (Free:86.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 27964956)
Partition 1: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=273.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=307.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AAD9AF44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 00024A91)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 09 March 2018 - 07:26 PM

Hi redflgslooklikeflgs :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 09 March 2018 - 07:36 PM

Hi Aura, thanks for helping me today. I've copied the Malwarebytes report below.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2018
Scan Time: 7:32 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2018.03.09.09
Rootkit Database: v2018.03.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Luke

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 498454
Time Elapsed: 2 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.BrowseForTheCause, HKLM\SOFTWARE\MICROSOFT\TRACING\BROWSEFORTHECAUSE_RASAPI32, Quarantined, [d06d8783496f31057fa056eb56aa758b],
PUP.Optional.BrowseForTheCause, HKLM\SOFTWARE\MICROSOFT\TRACING\BROWSEFORTHECAUSE_RASMANCS, Quarantined, [bd80df2bb80086b048d794ada45c37c9],
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2829323167-97675127-1012005819-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [52eb709a8533270fa78bb2248f71c838],
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2829323167-97675127-1012005819-1000\CONSOLE\TASKENG.EXE, Quarantined, [3c0165a5dbdde6503f3cfcd9db25c33d],

Registry Values: 3
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2829323167-97675127-1012005819-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WindowPosition, 201329664, Quarantined, [52eb709a8533270fa78bb2248f71c838]
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2829323167-97675127-1012005819-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WindowPosition, 201329664, Quarantined, [cb72f317dcdc7fb7c1e711c42bd523dd]
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2829323167-97675127-1012005819-1000\CONSOLE\TASKENG.EXE|WindowPosition, 201329664, Quarantined, [3c0165a5dbdde6503f3cfcd9db25c33d]

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.BundleInstaller, C:\Users\Luke\AppData\Local\Temp\19690976, Quarantined, [3d0051b9269280b6e265efe904fe738d],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\content, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\META-INF, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [ee4f44c6d7e17cba55600234619f24dc],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0\_metadata, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\external imgs, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\icons, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\_metadata, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],

Files: 43
Adware.FileTour, C:\Users\Luke\AppData\Local\Temp\instalelerxvid.exe, Quarantined, [59e4c248cdebf83e88d70f023bc87e82],
PUP.Optional.OnlineIO, C:\Users\Luke\AppData\Local\Temp\19690976\ic-0.a14549c7b5bca8.exe, Quarantined, [320bcd3d6c4c5ed830abd989bc455fa1],
Adware.PremierOpinion, C:\Users\Luke\AppData\Local\Temp\19690976\ic-0.aca707e94c23a.exe, Quarantined, [4bf2907a12a6d066daf705abed1318e8],
PUP.Optional.LogicHandler, C:\Users\Luke\AppData\Local\ZamQuadtax.bin, Quarantined, [ce6fa268298fb28411f4d1cb57a914ec],
PUP.Optional.SystemHealer, C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06\SystemHealer.exe, Quarantined, [ee4f4bbf407884b2a1a5fc1fe9174eb2],
PUP.Optional.OnlineIO, C:\Windows\Installer\SourceHash{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [d6679377e2d67db9597578be27d92bd5],
PUP.Optional.SystemHealer, E:\Desktop\Launch System Healer.lnk, Quarantined, [e05d34d67d3b261042e5aacfc141916f],
PUP.Optional.WebDiscoverBrowser, E:\Desktop\WebDiscover Browser.lnk, Quarantined, [e558cb3fbcfc4fe7368f780382808080],
PUP.Optional.BundleInstaller, C:\Users\Luke\AppData\Local\Temp\19690976\ic-0.0e93984d7e3f38.exe, Quarantined, [3d0051b9269280b6e265efe904fe738d],
PUP.Optional.BundleInstaller, C:\Users\Luke\AppData\Local\Temp\19690976\dlreport, Quarantined, [3d0051b9269280b6e265efe904fe738d],
PUP.Optional.BundleInstaller, C:\Users\Luke\AppData\Local\Temp\19690976\ic-0.aca707e94c23a.exe, Quarantined, [3d0051b9269280b6e265efe904fe738d],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\0024397e, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\chrome.manifest, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\install.rdf, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\content\browser.xul, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\content\content.js, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\content\icon-48.png, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\content\icon-64.png, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\META-INF\manifest.mf, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\META-INF\mozilla.rsa, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.FastSearch, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\extensions\amcontextmenu@loucypher\META-INF\mozilla.sf, Quarantined, [e459bc4e86329e98bb0d37ef9d63e917],
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [ee4f44c6d7e17cba55600234619f24dc],
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [ee4f44c6d7e17cba55600234619f24dc],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0\icon128.png, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0\icon16.png, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0\icon32.png, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0\icon48.png, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0\manifest.json, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.TorrentSearch.ChrPRST, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.7_0\_metadata\verified_contents.json, Quarantined, [211ce62498201f17d1002a978181c33d],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\manifest.json, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\background.js, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\external imgs\colza-field-bee.jpg, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\external imgs\laptop-empty.png, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\external imgs\marq.png, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\external imgs\promo.png, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\external imgs\scrns.png, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\icons\128x128.png, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\icons\16x16.png, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\icons\favicon.ico, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\_metadata\computed_hashes.json, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.BazzSearch, C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\_metadata\verified_contents.json, Quarantined, [cd70ac5e7048ba7c11457f20c23eea16],
PUP.Optional.Linkury.ACMB1, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "C:\ProgramData\Quoteexs\ff.HP), Replaced,[6fcee62474443afca17692ff649e639d]
PUP.Optional.Linkury.ACMB1, C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\ProgramData\Quoteexs\ff.NT");), Replaced,[fb4261a98f298da99a422e888082ca36]

Physical Sectors: 0
(No malicious items detected)

(end)



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 09 March 2018 - 08:10 PM

Good :) Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 09 March 2018 - 08:58 PM

Here is the RogueKiller report and the AdwCleaner report after it

RogueKiller V12.12.7.0 (x64) [Mar  5 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Luke [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/09/2018 20:23:55 (Duration : 00:29:39)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 50 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Guest_ON_I_CF58\Software\Cain -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Guest_ON_I_CF58\Software\SpeedBit -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Guest_ON_I_CF58\Software\Cain -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Guest_ON_I_CF58\Software\SpeedBit -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\IM -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\ImInstaller -> Deleted
[PUP.SweetIM|PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\SweetIM -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\WNLT -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\ImInstaller -> Deleted
[PUP.SweetIM|PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\SweetIM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\WNLT -> Deleted
[PUP.Auslogics] (X64) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Auslogics -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Cain -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_I_FD31\Software\SpeedyPC Software -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_I_FD31\Software\YahooPartnerToolbar -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Zugo -> Deleted
[PUP.Auslogics] (X86) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Auslogics -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Cain -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_I_FD31\Software\SpeedyPC Software -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_I_FD31\Software\YahooPartnerToolbar -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Zugo -> Deleted
[Tr.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet001\Services\IBUpdaterService (%SystemRoot%\system32\dmwu.exe) -> Deleted
[Tr.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet002\Services\IBUpdaterService (%SystemRoot%\system32\dmwu.exe) -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={F1E9D3AF-AE40-11E2-8564-001FE23D49A5}  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={F1E9D3AF-AE40-11E2-8564-001FE23D49A5}  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_I_5AE5\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18DB03FC-143D-476E-8EF5-D2A81A63D276} | DhcpNameServer : 128.146.1.9 128.146.48.6 ([United States][United States])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_I_5AE5\ControlSet002\Services\Tcpip\Parameters\Interfaces\{25FE3608-0CE4-4D03-9532-1F91FDC2A009} | DhcpNameServer : 10.50.0.1 10.50.0.2 10.50.0.3 ([][][])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_I_5AE5\ControlSet003\Services\Tcpip\Parameters\Interfaces\{25FE3608-0CE4-4D03-9532-1F91FDC2A009} | DhcpNameServer : 10.50.0.1 10.50.0.2 10.50.0.3 ([][][])  -> Replaced ()
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EC665019-B20A-4C3D-A974-5D81571115C0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {12E5F414-5F2A-4129-848A-FA2E253271D0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2E9C907E-47C8-4038-B955-DA7FABB49C26} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4CAF2FCB-C60F-46EE-ADC6-352BF51D8654} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59D71C1A-A8D1-4B89-B0E8-0C973BAD10EA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1CF233C0-AF5E-4FCD-AA25-64B4C66FA36C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EC665019-B20A-4C3D-A974-5D81571115C0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {12E5F414-5F2A-4129-848A-FA2E253271D0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2E9C907E-47C8-4038-B955-DA7FABB49C26} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[PUP.SearchProtect] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4CAF2FCB-C60F-46EE-ADC6-352BF51D8654} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59D71C1A-A8D1-4B89-B0E8-0C973BAD10EA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_D0F3\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1CF233C0-AF5E-4FCD-AA25-64B4C66FA36C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\RK_Guest_ON_I_CF58\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Guest_ON_I_CF58\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Luke_ON_H_7AB3\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Luke_ON_I_FD31\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Luke\AppData\Roaming\AGData -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Luke\AppData\Roaming\AGData\bin\AGLoader.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Luke\AppData\Roaming\AGData\bin\AnonymizerGadget.zip -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Luke\AppData\Roaming\AGData\bin -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 5 ¤¤¤
[PUP.Gen1][Firefox:Addon] zw7mdomu.default : Fast search [amcontextmenu@loucypher] -> Deleted
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
[PUM.HomePage][Firefox:Config] zw7mdomu.default : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Replaced (about:home)
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://thepiratebay.la/search/%22chaos%20chaos%22/0/99/0] -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://1917.rt.com/#!/en/twitter/lenin] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B0 ATA Device +++++
--- User ---
[MBR] a1a23bc6dd51f86d3a2571d7a2a00db8
[BSP] 230e4447fe78a6ef34a83e576e326b6b : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 15915 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 32595968 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 32800768 | Size: 279860 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 605955735 | Size: 314601 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 9e10dc56a8cce5c9b169dcc68d97a7a2
[BSP] 25b45dc34b46f002f72581cb0c2585e1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 114244 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WD 10EADS External USB Device +++++
--- User ---
[MBR] a00216d9564712bd8d9eb195941f3d34
[BSP] c4e521fe9dbda72e7782e2977b577d0f : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953869 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 10 01:57:13 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-08.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2871 B] - [2017/7/24 3:23:56]
C:/AdwCleaner/AdwCleaner[C1].txt - [1452 B] - [2017/7/25 4:49:44]
C:/AdwCleaner/AdwCleaner[C2].txt - [1447 B] - [2017/7/25 19:23:1]
C:/AdwCleaner/AdwCleaner[C3].txt - [1581 B] - [2017/7/26 0:35:40]
C:/AdwCleaner/AdwCleaner[C4].txt - [2403 B] - [2017/10/5 7:2:40]
C:/AdwCleaner/AdwCleaner[C5].txt - [2078 B] - [2017/11/16 1:56:0]
C:/AdwCleaner/AdwCleaner[C6].txt - [2296 B] - [2018/1/23 0:39:43]
C:/AdwCleaner/AdwCleaner[C7].txt - [5162 B] - [2018/3/9 3:14:40]
C:/AdwCleaner/AdwCleaner[C8].txt - [3809 B] - [2018/3/9 3:34:53]
C:/AdwCleaner/AdwCleaner[S0].txt - [3136 B] - [2017/7/24 3:22:30]
C:/AdwCleaner/AdwCleaner[S10].txt - [2161 B] - [2018/1/23 0:39:25]
C:/AdwCleaner/AdwCleaner[S11].txt - [2162 B] - [2018/1/31 17:45:27]
C:/AdwCleaner/AdwCleaner[S12].txt - [8723 B] - [2018/3/9 2:3:51]
C:/AdwCleaner/AdwCleaner[S13].txt - [7007 B] - [2018/3/9 2:29:11]
C:/AdwCleaner/AdwCleaner[S14].txt - [6421 B] - [2018/3/9 2:49:16]
C:/AdwCleaner/AdwCleaner[S15].txt - [5776 B] - [2018/3/9 2:50:42]
C:/AdwCleaner/AdwCleaner[S16].txt - [5443 B] - [2018/3/9 2:58:10]
C:/AdwCleaner/AdwCleaner[S17].txt - [5510 B] - [2018/3/9 3:14:15]
C:/AdwCleaner/AdwCleaner[S18].txt - [4000 B] - [2018/3/9 3:33:36]
C:/AdwCleaner/AdwCleaner[S1].txt - [1433 B] - [2017/7/25 4:49:30]
C:/AdwCleaner/AdwCleaner[S2].txt - [1401 B] - [2017/7/25 19:22:22]
C:/AdwCleaner/AdwCleaner[S3].txt - [1536 B] - [2017/7/26 0:33:16]
C:/AdwCleaner/AdwCleaner[S4].txt - [1489 B] - [2017/7/26 6:17:48]
C:/AdwCleaner/AdwCleaner[S5].txt - [1556 B] - [2017/8/1 6:40:40]
C:/AdwCleaner/AdwCleaner[S6].txt - [2498 B] - [2017/10/5 7:2:4]
C:/AdwCleaner/AdwCleaner[S7].txt - [1753 B] - [2017/10/16 20:58:23]
C:/AdwCleaner/AdwCleaner[S8].txt - [1822 B] - [2017/10/21 17:20:36]
C:/AdwCleaner/AdwCleaner[S9].txt - [1891 B] - [2017/11/16 1:55:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S19].txt ##########



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 09 March 2018 - 08:59 PM

Good! Now please run a new scan with FRST and provide me a fresh set of logs, I'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 09 March 2018 - 09:19 PM

Alright, FRST.txt and Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Luke (administrator) on LUKE-PC (09-03-2018 21:15:08)
Running from E:\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [trickey] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKLM\...\Run: [trickeystriken] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKLM\...\Run: [trickeytrickey] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [souci] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [souciwise] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [soucisouci] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wise] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wisesouci] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wisewise] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [striken] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [strikentrickey] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [strikenstriken] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [ric] => C:\Program Files (x86)\ambrose\ric.exe [66831 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [controversial] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {7fbd7e68-e113-11e3-a78c-8f97b0442811} - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {cbcd9218-2053-11e6-8751-89338eab2433} - N:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {f45084ee-dfc9-11e5-b230-b9335618642a} - L:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA! Pro VPN.lnk [2018-03-09]
ShortcutTarget: HMA! Pro VPN.lnk -> E:\Programs\HMA! Pro VPN\vpn.exe (Privax Limited)
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swains.lnk [2018-03-09]
ShortcutTarget: swains.lnk -> C:\Program Files (x86)\Pyre\basti.exe ()
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swainsswains.lnk [2018-03-09]
ShortcutTarget: swainsswains.lnk -> C:\Program Files (x86)\refectory\biodegradation.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3C7FEFD2-0AD1-416D-B425-D68DA9463984}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3C7FEFD2-0AD1-416D-B425-D68DA9463984}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{3D817C84-CC44-4F44-ADD4-49F98BDCCDBC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3D817C84-CC44-4F44-ADD4-49F98BDCCDBC}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{49D755C0-838C-412F-9678-34AFCA6E5361}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C429DA9F-55EA-4C0D-B23A-42B9B2E413BA}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C752A9C6-DF18-42F4-AD18-56F390355796}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: zw7mdomu.default
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default [2018-03-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-22] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> E:\Programs\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (Slides) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-08]
CHR Extension: (Duolingo on the Web) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-02-10]
CHR Extension: (Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-04-27]
CHR Extension: (DuckDuckGo) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-03-03]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Play Music) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-02-21]
CHR Extension: (Full Page Screen Capture) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-03-08]
CHR Extension: (Sheets) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Eve News24) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacenaodinjocbceobidngfdopgcpbjh [2014-04-27]
CHR Extension: (Dropbox) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-29]
CHR Extension: (PolitEcho) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcindbcjkekiofoogdiohbdleddkpbbm [2017-03-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-21]
CHR Extension: (Logical Increments Field Agent) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnmfdickgjlfdjmjnaejgkjeebfadc [2014-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Disc Soft Lite Bus Service; E:\Programs\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
S2 HmaProVpn; E:\Programs\HMA! Pro VPN\VpnSvc.exe [5266016 2017-12-12] (Privax Limited)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2017-12-19] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-22] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-21] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [537080 2017-07-19] (Intel Corporation)
R3 hmatap; C:\Windows\System32\DRIVERS\hmatap.sys [45560 2017-10-31] (The OpenVPN Project)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-19] (Logitech Inc.)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2017-09-19] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-09] ()
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)
S3 cpuz137; \??\C:\Users\Luke\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
S3 GPU-Z; \??\C:\Users\Luke\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S0 knsctpzi; System32\drivers\tiixudck.sys [X]
S3 WinRing0_1_2_0; \??\E:\Programs\NZXT\CAM\CAM_Client.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 20:23 - 2018-03-09 20:55 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-09 20:23 - 2018-03-09 20:23 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-09 20:23 - 2018-03-09 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-09 20:23 - 2018-03-09 20:23 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-08 21:20 - 2018-03-09 20:23 - 000648354 _____ C:\Windows\ntbtlog.txt
2018-03-08 20:27 - 2018-03-08 20:27 - 000000000 ____D C:\Users\Luke\AppData\LocalLow\AMD
2018-03-08 20:26 - 2018-03-08 21:15 - 000000000 ____D C:\Program Files (x86)\preceded
2018-03-08 20:26 - 2018-03-08 20:26 - 000140800 _____ C:\Users\Luke\AppData\Local\installer.dat
2018-03-08 20:26 - 2018-03-08 20:26 - 000003926 _____ C:\Windows\System32\Tasks\pepperidge-discern
2018-03-08 20:26 - 2018-03-08 20:26 - 000003910 _____ C:\Windows\System32\Tasks\etruscans twas
2018-03-08 20:26 - 2018-03-08 20:26 - 000003904 _____ C:\Windows\System32\Tasks\telefon_wrangle
2018-03-08 20:26 - 2018-03-08 20:26 - 000003902 _____ C:\Windows\System32\Tasks\tnt siew irritation
2018-03-08 20:26 - 2018-03-08 20:26 - 000003896 _____ C:\Windows\System32\Tasks\doubled_francis
2018-03-08 20:26 - 2018-03-08 20:26 - 000003860 _____ C:\Windows\System32\Tasks\melon
2018-03-08 20:26 - 2018-03-08 20:26 - 000003850 _____ C:\Windows\System32\Tasks\becher
2018-03-08 20:26 - 2018-03-08 20:26 - 000003760 _____ C:\Windows\System32\Tasks\tspepperidge-discernpepperidge-discern
2018-03-08 20:26 - 2018-03-08 20:26 - 000003744 _____ C:\Windows\System32\Tasks\tsetruscans twasetruscans twas
2018-03-08 20:26 - 2018-03-08 20:26 - 000003738 _____ C:\Windows\System32\Tasks\tstelefon_wrangletelefon_wrangle
2018-03-08 20:26 - 2018-03-08 20:26 - 000003736 _____ C:\Windows\System32\Tasks\tstnt siew irritationtnt siew irritation
2018-03-08 20:26 - 2018-03-08 20:26 - 000003730 _____ C:\Windows\System32\Tasks\tsdoubled_francisdoubled_francis
2018-03-08 20:26 - 2018-03-08 20:26 - 000003694 _____ C:\Windows\System32\Tasks\tsmelonmelon
2018-03-08 20:26 - 2018-03-08 20:26 - 000003684 _____ C:\Windows\System32\Tasks\tsbecherbecher
2018-03-08 20:26 - 2018-03-08 20:26 - 000000012 _____ C:\Windows\b57888333
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ___HD C:\Program Files (x86)\Whistlers
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ___HD C:\Program Files (x86)\ambrose
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Windows\SysWOW64\lmeugks
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Windows\system32\lmeugks
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Users\Luke\AppData\Roaming\et
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Program Files (x86)\refectory
2018-03-08 20:26 - 2018-03-08 20:26 - 000000000 ____D C:\Program Files (x86)\Pyre
2018-03-08 20:24 - 2018-03-09 19:35 - 000000000 ____D C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ C:\Windows\lachlan.exe
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ C:\Users\Luke\AppData\Local\biodegradation.exe
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ C:\Users\Luke\AppData\Local\basti.exe
2018-03-07 12:51 - 2018-03-07 12:51 - 000038434 _____ C:\Windows\uninstaller.dat
2018-03-06 14:27 - 2018-03-06 14:27 - 000000218 _____ C:\Users\Luke\AppData\Local\recently-used.xbel
2018-02-20 22:31 - 2018-03-08 18:50 - 000000000 ____D C:\Users\Luke\AppData\Roaming\Tropico 5
2018-02-20 22:31 - 2018-02-20 22:31 - 000000000 ____D C:\Users\Luke\AppData\Roaming\Kalypso Media
2018-02-20 22:23 - 2018-02-20 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media Digital
2018-02-14 11:15 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 11:15 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 11:15 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 11:15 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 11:15 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 11:15 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 11:15 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 11:15 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 11:15 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 11:15 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 11:15 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 11:15 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 11:15 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 11:15 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 11:15 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 11:15 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 11:15 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 11:15 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 11:15 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 11:15 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 11:15 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 11:15 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 11:15 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 11:15 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 11:15 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 11:15 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 11:15 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 11:15 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 11:15 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 11:15 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 11:15 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 11:15 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 11:15 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 11:15 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 11:15 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 11:15 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 11:15 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 11:15 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 11:15 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 11:15 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 11:15 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 11:15 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 11:15 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 11:15 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 11:15 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 11:15 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 11:15 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 11:15 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 11:15 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 11:15 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 11:15 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 11:15 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 11:15 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 11:15 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 11:15 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 11:15 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 11:15 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 11:15 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 11:15 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 11:15 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 11:15 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 11:15 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 11:15 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 11:15 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 11:15 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 11:15 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 11:15 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 11:15 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 11:15 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 11:15 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 11:15 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 11:15 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 11:15 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 11:15 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 11:15 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 11:15 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 11:15 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 11:15 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 11:15 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 11:15 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 11:15 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 11:15 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 11:15 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 11:15 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 11:15 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 11:15 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 11:15 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 11:15 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 11:15 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 11:15 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 11:15 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 11:15 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 11:15 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 11:15 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 11:15 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 11:15 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 11:15 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 11:15 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 11:15 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 11:15 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 11:15 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 11:15 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 11:15 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 11:15 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 11:15 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 11:15 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 11:15 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 11:15 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 11:15 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 11:15 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 11:15 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 11:15 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 11:15 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 11:15 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 11:15 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 11:15 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 11:15 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 11:14 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 11:14 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 11:14 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 11:14 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 21:15 - 2017-07-23 17:37 - 000000000 ____D C:\FRST
2018-03-09 20:57 - 2017-07-23 22:21 - 000000000 ____D C:\AdwCleaner
2018-03-09 19:42 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-09 19:42 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-03-09 19:35 - 2018-01-31 18:00 - 000002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-03-09 19:35 - 2017-07-25 18:48 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-09 19:35 - 2016-07-21 14:19 - 000000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2018-03-09 19:35 - 2016-01-08 19:20 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-09 19:35 - 2015-12-02 20:21 - 000000767 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Media Server.lnk
2018-03-09 19:35 - 2015-06-23 01:36 - 000000779 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2018-03-09 19:35 - 2014-10-08 18:24 - 000000750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2018-03-09 19:35 - 2014-09-29 20:55 - 000001805 _____ C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2018-03-09 19:35 - 2014-07-22 23:58 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2018-03-09 19:35 - 2014-07-22 23:58 - 000001875 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2018-03-09 19:35 - 2014-07-22 23:58 - 000001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2018-03-09 19:35 - 2014-05-06 12:26 - 000000000 ____D C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-03-09 19:35 - 2014-04-27 22:33 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-03-09 19:35 - 2014-04-27 21:46 - 000001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2018-03-09 19:35 - 2014-04-27 18:49 - 000001018 _____ C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-09 19:35 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-09 19:35 - 2009-07-14 00:01 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2018-03-09 19:35 - 2009-07-13 23:57 - 000001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-09 19:35 - 2009-07-13 23:57 - 000001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2018-03-09 19:35 - 2009-07-13 23:57 - 000001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2018-03-09 19:35 - 2009-07-13 23:57 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2018-03-09 19:35 - 2009-07-13 23:54 - 000001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2018-03-09 19:35 - 2009-07-13 23:49 - 000001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2018-03-09 19:32 - 2014-08-14 17:48 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-03-09 18:51 - 2017-07-23 18:17 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-09 18:40 - 2014-08-14 17:48 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-09 18:31 - 2015-03-27 14:23 - 000007677 _____ C:\Users\Luke\AppData\Local\Resmon.ResmonCfg
2018-03-08 22:36 - 2017-09-17 14:16 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-08 22:35 - 2014-06-08 19:40 - 000000000 __SHD C:\Users\Luke\IntelGraphicsProfiles
2018-03-08 22:35 - 2009-07-14 00:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-08 22:35 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-08 22:01 - 2015-05-19 08:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-03-08 22:00 - 2016-05-12 15:34 - 000000000 ____D C:\Users\Luke\AppData\Local\Jagex
2018-03-08 22:00 - 2016-05-12 15:34 - 000000000 ____D C:\ProgramData\Jagex
2018-03-08 20:26 - 2016-01-06 13:37 - 000797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-08 20:26 - 2016-01-06 13:37 - 000142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-08 20:26 - 2016-01-06 13:37 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-08 20:24 - 2015-05-16 23:44 - 000000000 ____D C:\Users\Luke\AppData\Local\CrashDumps
2018-03-08 20:22 - 2014-05-21 19:27 - 000000000 ____D C:\Users\Luke\AppData\Roaming\DAEMON Tools Lite
2018-03-08 15:05 - 2009-07-13 23:45 - 000031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-08 15:05 - 2009-07-13 23:45 - 000031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-07 01:52 - 2017-12-01 16:01 - 000000000 ____D C:\Users\Luke\AppData\Local\Battle.net
2018-03-06 20:36 - 2014-04-28 19:35 - 000000000 ____D C:\Users\Luke\AppData\Roaming\vlc
2018-03-06 10:49 - 2015-06-21 13:07 - 000000000 ____D C:\Users\Luke\AppData\Roaming\deluge
2018-03-04 02:15 - 2014-06-17 18:11 - 000000000 ____D C:\Users\Luke\AppData\Local\ElevatedDiagnostics
2018-02-27 14:58 - 2014-10-08 18:24 - 000000000 ____D C:\Users\Luke\AppData\Roaming\foobar2000
2018-02-20 22:30 - 2015-01-09 14:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-20 14:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-18 02:45 - 2014-05-20 11:29 - 000000000 ____D C:\Users\Luke\AppData\Roaming\EVEMon
2018-02-15 14:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-02-15 12:31 - 2009-07-13 23:45 - 000386896 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-15 12:30 - 2014-12-10 22:07 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-14 19:15 - 2014-04-27 20:08 - 000000000 ____D C:\Windows\system32\MRT
2018-02-14 19:13 - 2017-10-11 00:16 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-14 19:13 - 2014-04-27 20:08 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-14 19:11 - 2014-04-27 20:34 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-11 21:27 - 2016-12-25 13:07 - 000000000 ____D C:\Users\Luke\AppData\Roaming\AirDroid
2018-02-08 12:28 - 2014-04-27 22:16 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-07 14:55 - 2016-10-22 20:37 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-02-07 14:55 - 2016-01-06 13:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 14:55 - 2016-01-06 13:37 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2013-02-16 22:27 - 2013-02-16 22:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2018-01-17 20:25 - 2018-01-17 20:25 - 000000000 _____ () C:\Users\Luke\AppData\Roaming\FC29FA0894FE.ini
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ () C:\Users\Luke\AppData\Local\basti.exe
2018-03-08 18:42 - 2018-03-08 18:42 - 000139264 _____ () C:\Users\Luke\AppData\Local\biodegradation.exe
2018-03-08 20:26 - 2018-03-08 20:26 - 000140800 _____ () C:\Users\Luke\AppData\Local\installer.dat
2015-01-26 09:38 - 2015-05-12 09:16 - 000000600 _____ () C:\Users\Luke\AppData\Local\PUTTY.RND
2018-03-06 14:27 - 2018-03-06 14:27 - 000000218 _____ () C:\Users\Luke\AppData\Local\recently-used.xbel
2015-03-27 14:23 - 2018-03-09 18:31 - 000007677 _____ () C:\Users\Luke\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-03-08 20:22 - 2018-03-08 20:22 - 000024576 _____ (1010 Vine Street) C:\Users\Luke\AppData\Local\Temp\capi.exe
2018-03-09 20:23 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Users\Luke\AppData\Local\Temp\dllnt_dump.dll
2018-03-08 20:22 - 2018-03-08 20:22 - 004103885 _____ (Indigo Rose Corporation) C:\Users\Luke\AppData\Local\Temp\ing.exe
2018-03-08 20:22 - 2018-03-08 20:22 - 001959424 _____ () C:\Users\Luke\AppData\Local\Temp\XvidCodecInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-27 15:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Luke (09-03-2018 21:15:21)
Running from E:\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-27 23:48:58)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2829323167-97675127-1012005819-500 - Administrator - Disabled)
Guest (S-1-5-21-2829323167-97675127-1012005819-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2829323167-97675127-1012005819-1002 - Limited - Enabled)
Luke (S-1-5-21-2829323167-97675127-1012005819-1000 - Administrator - Enabled) => C:\Users\Luke

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
AirDroid 3.3.1.0 (HKLM-x32\...\AirDroid) (Version: 3.3.1.0 - Sand Studio)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ArcGIS 10.2 for Desktop (HKLM-x32\...\{44EF0455-5764-4158-90B3-CA483BCB1F75}) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2 for Desktop (HKLM-x32\...\ArcGIS 10.2 for Desktop) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BOSS Userlist Manager (HKLM-x32\...\{F0AB569C-99EF-4F4D-992D-2206E354C903}) (Version: 6.7.2 - Surazal)
calibre 64bit (HKLM\...\{B16F2206-747F-4758-ADA9-76148D2C0C35}) (Version: 3.7.0 - Kovid Goyal)
CAM (HKLM-x32\...\{751D9BCF-E66B-42AC-ADF3-66ED78649223}) (Version: 1.1.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dogecoin (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dogecoin) (Version: 1.6.0.0 - Dogecoin)
Dogecoin Core (64-bit) (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dogecoin Core (64-bit)) (Version: 1.10.0 - Dogecoin Core project)
Dropbox (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EVE Isk per Hour (HKLM-x32\...\{4A4A176E-F5F4-47D2-9866-2CAF8B09A29D}) (Version: 3.3 - EVE Isk per Hour)
EVE Isk per Hour (HKLM-x32\...\{7A37BE74-5767-407A-8145-098EF7DA02FB}) (Version: 3.3 - EVE IPH)
EVE Online (HKLM-x32\...\{2C60FECF-7254-436F-81A6-BCA9E87760A5}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{7DB2B037-E097-4B03-909D-0431F0250DE0}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{9CFA1749-644E-48EC-B4ED-1BD368198737}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{A556A849-45D4-4F7C-A520-135A060F1A6C}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{BAF7798B-050F-415A-9E84-912C424F747D}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{C680CFD6-1227-46F4-A2F2-0E1FB7402592}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{21baeecc-bb92-4eaa-bc13-6d66469e4477}) (Version: 1.0.0 - CCP)
EVEMon (HKLM-x32\...\EVEMon) (Version: 3.0.4 - EVEMon Development Team)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreeFileSync 7.7 (HKLM-x32\...\FreeFileSync) (Version: 7.7 - www.FreeFileSync.org)
Git version 2.9.3.2 (HKLM\...\Git_is1) (Version: 2.9.3.2 - The Git Development Community)
GitHub (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.1.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearts of Iron IV Death or Dishonor (HKLM-x32\...\Hearts of Iron IV Death or Dishonor_is1) (Version:  - )
HHD Software Free Hex Editor Neo 6.24 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.24.0.5920 - HHD Software, Ltd.)
HMA! Pro VPN (HKLM\...\{60A560F2-CB75-4C94-9C36-39AD2161DE73}_is1) (Version: 3.7.80 - Privax)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intergraph Licensing 11.10.1 (HKLM-x32\...\{E61CBFF0-5B9A-4722-AE2D-E5910CA5A1EA}) (Version: 11.10.0100.00201 - Intergraph Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 13.6.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
LibreOffice 4.4.7.2 (HKLM-x32\...\{94C42982-D118-45DE-B761-3D331428FAB9}) (Version: 4.4.7.2 - The Document Foundation)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version:  - )
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetLogo 5.1.0 (HKLM-x32\...\5730-6571-9917-5170) (Version: 5.1.0 - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Node.js (HKLM\...\{8434AEA1-1294-47E3-9137-848F546CD824}) (Version: 4.4.7 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pokemon GO Live Map (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\pokemon) (Version: 0.3.3 - Mike Christopher)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
pyfa version 1.28.1 (YC119.3 1.0) (HKLM-x32\...\{3DA39096-C08D-49CD-90E0-1D177F32C8AA}_is1) (Version: 1.28.1 (YC119.3 1.0) - pyfa)
Python 2.7 pycurl-7.43.0 (HKLM-x32\...\pycurl-py2.7) (Version:  - )
Python 2.7 PyYAML-3.11 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\PyYAML-py2.7) (Version:  - )
Python 2.7 reverence-1.5.0 (HKLM-x32\...\reverence-py2.7) (Version:  - )
Python 2.7 reverence-1.5.0 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\reverence-py2.7) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
RogueKiller version 12.12.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.7.0 - Adlice Software)
Sniper Elite 4 (HKLM\...\Sniper Elite 4_is1) (Version: 1.0 - )
South Park The Fractured But Whole version 1.0 (HKLM\...\South Park The Fractured But Whole_is1) (Version: 1.0 - CODEPUNKS)
Spotify (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.90968 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.0.0.1 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.12.0 - GOG.com)
Tropico 5 - Complete Collection (HKLM-x32\...\Tropico 5 - Complete Collection_is1) (Version:  - )
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 5.3.1 - Universal Media Server)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\WinDirStat) (Version:  - )
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
Yawcam 0.5.0 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: 0.5.0 - Yawcam)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> E:\Programs\Hex Editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> E:\Programs\Hex Editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> E:\Programs\Hex Editor\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Programs\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Programs\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programs\WinRAR\rarext.dll [2014-04-25] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Programs\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Programs\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Programs\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programs\WinRAR\rarext.dll [2014-04-25] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10741947-3D5B-47B6-9166-699030E39E8C} - System32\Tasks\melon => C:\Program Files (x86)\preceded\preceded.exe
Task: {1BC844E0-850E-4D64-9F10-E04DAB2DA740} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2AC213CF-6CE5-46E8-A868-7145FDAC19D5} - System32\Tasks\tsetruscans twasetruscans twas => C:\Program Files (x86)\Whistlers\biodegradation.exe [2018-03-08] ()
Task: {2C3D58A9-38E8-489B-8F35-1BE176B0E2F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-08] (Adobe Systems Incorporated)
Task: {3F47D89A-7C31-4B5C-B2B2-4447690CC988} - System32\Tasks\telefon_wrangle => C:\Users\Luke\AppData\Local\biodegradation.exe [2018-03-08] ()
Task: {3F71AC83-F0D4-4469-9A2B-0287043AEC89} - System32\Tasks\tsdoubled_francisdoubled_francis => C:\Program Files (x86)\Whistlers\basti.exe [2018-03-08] ()
Task: {40866354-7EC2-4AA7-A8B7-971E7F27C64C} - System32\Tasks\tsbecherbecher => C:\Program Files (x86)\Pyre\basti.exe [2018-03-08] ()
Task: {495DF05D-3FF5-4C8E-AF0E-F25411DB6CB1} - System32\Tasks\becher => C:\Program Files (x86)\Pyre\basti.exe [2018-03-08] ()
Task: {4FA46B8A-DE92-4F75-AF78-FA2811410A02} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-10-18] ()
Task: {4FF4B20F-3028-4C1A-8FB6-A4D1DC7D7152} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {5BB35221-0745-4895-9D9C-4E550A0BF8B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {5CE59C4C-CB7C-4D0D-826B-C33BEF11E073} - System32\Tasks\{19A59D09-F635-4BA4-B25C-EBA8DB5AE042} => C:\Windows\system32\pcalua.exe -a C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {69E79004-1618-4D7B-AEE3-AD3EB192EC6F} - System32\Tasks\doubled_francis => C:\Program Files (x86)\Whistlers\basti.exe [2018-03-08] ()
Task: {6E03092E-C68D-4914-8166-879A2F977B0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {89E210A4-8973-43BA-81BF-67CAD0E8BAEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {A2F7B176-6659-41AA-8CDD-F05D22965200} - System32\Tasks\tsmelonmelon => C:\Program Files (x86)\preceded\preceded.exe
Task: {A680F860-050A-4479-95F6-63EC61EBB91B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {AB27382C-B164-4E61-B3FE-42DE2DDD41FF} - System32\Tasks\tstelefon_wrangletelefon_wrangle => C:\Users\Luke\AppData\Local\biodegradation.exe [2018-03-08] ()
Task: {BC6CBB22-5571-42E2-9788-B9D999352635} - System32\Tasks\tnt siew irritation => C:\Users\Luke\AppData\Local\basti.exe [2018-03-08] ()
Task: {C189CC18-2FF8-4683-952B-BAEC2029947E} - System32\Tasks\tstnt siew irritationtnt siew irritation => C:\Users\Luke\AppData\Local\basti.exe [2018-03-08] ()
Task: {D3C47F5F-9279-4BC5-B5EC-B7FD09ECE2F5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {D58A0C9E-B606-4CB3-882E-2B198A780E41} - System32\Tasks\tspepperidge-discernpepperidge-discern => C:\Program Files (x86)\refectory\biodegradation.exe [2018-03-08] ()
Task: {D967E0D9-7B3C-4F7F-B3D2-65210DA87B22} - System32\Tasks\HMA! Pro VPN Update => E:\Programs\HMA! Pro VPN\VpnUpdate.exe [2017-12-12] (Privax Limited)
Task: {E0EAB610-4301-4B31-BF5C-DFA45E064B17} - System32\Tasks\pepperidge-discern => C:\Program Files (x86)\refectory\biodegradation.exe [2018-03-08] ()
Task: {E28C9DF7-AC94-4318-A532-8AD7A5AA322A} - System32\Tasks\etruscans twas => C:\Program Files (x86)\Whistlers\biodegradation.exe [2018-03-08] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"

==================== Loaded Modules (Whitelisted) ==============

2016-06-30 03:23 - 2016-11-15 10:24 - 000592384 _____ () C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll
2015-03-29 05:25 - 2015-03-29 05:25 - 000043480 _____ () E:\Programs\FileZilla FTP Client\fzshellext_64.dll
2014-04-29 12:47 - 2012-01-20 13:55 - 000678400 _____ () E:\Programs\TeraCopy\TeraCopyExt64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 000222720 _____ () E:\Programs\Notepad++\NppShell_05.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk => C:\Windows\pss\Universal Media Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "E:\Programs\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirDroid 3 => E:\Programs\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: CAM => E:\Programs\NZXT\CAM\CAM_Client.exe -autostart
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "E:\Programs\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Discord => C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Spotify => "C:\Users\Luke\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luke\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: WinampAgent => E:\Programs\Winamp\winampa.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{96614B75-4C1C-4058-A06B-64633F9F7980}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6B060C82-DDEC-4146-86CB-77D1909DCD71}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{261D2D06-898F-4BC3-9824-FECB781248E3}C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{45DF1BC5-9E79-43DB-AEAE-4275A35D18AC}C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{F1CB8049-00BA-4492-8E34-F9D5AE3EC0F5}E:\programs\deluge\deluge.exe] => (Allow) E:\programs\deluge\deluge.exe
FirewallRules: [UDP Query User{8354C47D-334D-4544-90A2-F5C613AD1F47}E:\programs\deluge\deluge.exe] => (Allow) E:\programs\deluge\deluge.exe
FirewallRules: [TCP Query User{0EF0B207-CED7-41F6-96A4-E15DB7A417BC}E:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) E:\games\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{A9D2BFAE-0BD7-4B7A-A56D-E9BF1757D5B6}E:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) E:\games\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{AD509E0C-51B0-4C11-B5D8-5C48D452BFFC}E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{3B6A8693-40D8-4112-AA5F-4BB05E21F2D5}E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) E:\games\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{ECEA1505-A80B-40B0-BB6F-719C3C7D8A2A}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [UDP Query User{03DF304F-1879-4DCE-9D95-74EFE0FF5EBA}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [{FF89F15C-AFD9-4F61-A606-67C7DADB689C}] => (Allow) E:\Programs\Steam\Steam.exe
FirewallRules: [{A305306E-13E8-4EAD-8FF0-9DFB831E50E8}] => (Allow) E:\Programs\Steam\Steam.exe
FirewallRules: [{A3524079-32F7-4851-B1E9-39E985528080}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B5E68D21-8A45-462B-8789-FC56BC8F1119}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{83EE8187-A79C-49FD-AFAB-584A6F92150A}] => (Allow) E:\Programs\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{763898F4-6C7C-4D82-841C-66B335F26005}] => (Allow) E:\Programs\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F91F7A6F-65D9-42CB-BF57-5E56A57BCB23}] => (Block) E:\Games\Watch_Dogs 2\bin\WatchDogs2.exe
FirewallRules: [TCP Query User{B86AEDB2-9A9A-4BDA-9E9D-B2BC20058A3E}E:\games\far cry primal\bin\fcprimal.exe] => (Block) E:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{A4948214-FFC4-4777-894B-F09910D494F4}E:\games\far cry primal\bin\fcprimal.exe] => (Block) E:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{26E3FBA7-0C47-4306-AB2C-A4D22ACE59C3}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [UDP Query User{C5103574-517E-427D-99A5-9784E250ACAB}E:\programs\airdroid\airdroid.exe] => (Allow) E:\programs\airdroid\airdroid.exe
FirewallRules: [TCP Query User{42BF50FA-E613-42B0-8504-6886A0ACC46B}E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe] => (Block) E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe
FirewallRules: [UDP Query User{18F3B210-3885-4ACF-8681-59E519CC2740}E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe] => (Block) E:\games\homefront the revolution\homefront the revolution\bin64\homefront2.exe
FirewallRules: [TCP Query User{4DF8C9B7-F2EF-4888-B75F-9C4519057BEA}E:\programs\winamp\winamp.exe] => (Block) E:\programs\winamp\winamp.exe
FirewallRules: [UDP Query User{040ECA74-213B-41FE-BB5F-926DD13D351C}E:\programs\winamp\winamp.exe] => (Block) E:\programs\winamp\winamp.exe
FirewallRules: [{583B2418-4661-439A-BF3A-751B6CB0A157}] => (Allow) E:\Programs\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{AA5D0A9D-E18D-4C5C-81E8-DB68D0D8F5C7}] => (Allow) E:\Programs\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{FF0973F6-0F9D-4DBC-9E4A-E4640098308F}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{D7A6A804-1FE5-48C6-84BB-5A455A364B88}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{51BAC774-D55E-4E35-9527-E52B8B1D20C8}E:\programs\dogecoin\dogecoin-qt.exe] => (Allow) E:\programs\dogecoin\dogecoin-qt.exe
FirewallRules: [UDP Query User{56E8A7C1-B3DC-44AC-8152-B214E72DC4C8}E:\programs\dogecoin\dogecoin-qt.exe] => (Allow) E:\programs\dogecoin\dogecoin-qt.exe
FirewallRules: [{3B307690-9A44-4114-9222-59C6581842B2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60E277EF-27F6-4DB1-BB52-4DD0D7497BFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BBBD53E7-CC74-47E7-BE90-DDA9A623F597}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{10B36358-577E-4718-B197-A386784FC5EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0EB88E31-71A2-4790-87A2-F2730B46DCE7}] => (Allow) E:\Programs\Dogecoin\dogecoin-qt.exe
FirewallRules: [TCP Query User{780D4A71-3760-4AD8-A05A-BCE302B3246E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{619570A2-05CA-45D8-A613-30AD4DB114D9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F7A211E9-DB4C-4BBD-BAF8-29923CC8B658}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{CB6D07AF-8541-405D-A1B5-A89A1FB45352}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{4010FE5D-E65D-4955-8591-AC4D6099AE7E}E:\games\payday 2 ultimate edition\payday2_win32_release.exe] => (Block) E:\games\payday 2 ultimate edition\payday2_win32_release.exe
FirewallRules: [UDP Query User{565938D2-80F0-4098-9838-507BCDEEC4FB}E:\games\payday 2 ultimate edition\payday2_win32_release.exe] => (Block) E:\games\payday 2 ultimate edition\payday2_win32_release.exe
FirewallRules: [TCP Query User{C3FE2055-FB4A-4970-99CC-B0270F35CE4C}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{61D3CAC4-41B2-4FC2-8032-29EAB8F79F69}E:\games\overwatch\overwatch.exe] => (Allow) E:\games\overwatch\overwatch.exe
FirewallRules: [{73E39F09-2BF2-46FB-9F6D-575E0FAC2160}] => (Block) E:\Games\Kalypso Media Digital\Tropico 5 - Complete Collection\Tropico5Steam.exe
FirewallRules: [{690B6EF4-A6F7-460A-B818-04AD098B8859}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{53DE54F9-49E8-436F-86DA-49FF0585DB8F}] => (Allow) C:\Program Files (x86)\Pyre\basti.exe
FirewallRules: [{0B9EBD30-4F48-41D0-99F4-C9E5D59010A4}] => (Allow) C:\Program Files (x86)\Whistlers\basti.exe
FirewallRules: [{8DB4B907-4A7D-4C53-A033-E6DE4DAF6891}] => (Allow) C:\Program Files (x86)\refectory\biodegradation.exe
FirewallRules: [{5D8EA20A-9E13-4E1B-A9A0-216DE5FEFA4D}] => (Allow) C:\Program Files (x86)\Whistlers\biodegradation.exe

==================== Restore Points =========================

02-03-2018 18:26:33 Windows Update
06-03-2018 10:15:16 Windows Update
08-03-2018 21:14:52 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2018 07:40:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/09/2018 06:30:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 10:40:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 10:35:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 10:17:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/08/2018 09:57:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Luke\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (03/08/2018 09:47:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Luke\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (03/08/2018 09:46:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (03/09/2018 08:57:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/09/2018 08:57:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/09/2018 07:54:02 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (03/09/2018 07:54:02 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (03/09/2018 07:39:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/09/2018 07:39:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/09/2018 07:39:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 07:39:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8076.9 MB
Available physical RAM: 6259.74 MB
Total Virtual: 16151.97 MB
Available Virtual: 14821.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.57 GB) (Free:9.43 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:184.09 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (LastResort) (Fixed) (Total:15.54 GB) (Free:15.45 GB) NTFS
Drive h: () (Fixed) (Total:273.3 GB) (Free:202.09 GB) NTFS
Drive i: (Windows 7) (Fixed) (Total:307.23 GB) (Free:187 GB) NTFS
Drive j: (Elements) (Fixed) (Total:931.51 GB) (Free:86.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 27964956)
Partition 1: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=273.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=307.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AAD9AF44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 00024A91)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 09 March 2018 - 11:30 PM

Almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 10 March 2018 - 01:51 AM

Thanks for your help! Everything seems back to normal, with only one exception. There's a process running called "dfsvc.exe." The description says "ClickOnce," and I'm pretty sure I haven't seen it before. Hopefully it's just paranoia?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Luke (10-03-2018 01:33:37) Run:3
Running from E:\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [trickey] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKLM\...\Run: [trickeystriken] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKLM\...\Run: [trickeytrickey] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [souci] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [souciwise] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKLM-x32\...\Run: [soucisouci] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wise] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wisesouci] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [wisewise] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [striken] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [strikentrickey] => C:\Program Files (x86)\refectory\biodegradation.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [strikenstriken] => C:\Program Files (x86)\Whistlers\basti.exe [139264 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [ric] => C:\Program Files (x86)\ambrose\ric.exe [66831 2018-03-08] ()
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [controversial] => C:\Program Files (x86)\Pyre\basti.exe [139264 2018-03-08] ()
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swains.lnk [2018-03-09]
ShortcutTarget: swains.lnk -> C:\Program Files (x86)\Pyre\basti.exe ()
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swainsswains.lnk [2018-03-09]
ShortcutTarget: swainsswains.lnk -> C:\Program Files (x86)\refectory\biodegradation.exe ()

S3 cpuz137; \??\C:\Users\Luke\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
S3 GPU-Z; \??\C:\Users\Luke\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S0 knsctpzi; System32\drivers\tiixudck.sys [X]

Task: {10741947-3D5B-47B6-9166-699030E39E8C} - System32\Tasks\melon => C:\Program Files (x86)\preceded\preceded.exe
Task: {2AC213CF-6CE5-46E8-A868-7145FDAC19D5} - System32\Tasks\tsetruscans twasetruscans twas => C:\Program Files (x86)\Whistlers\biodegradation.exe [2018-03-08] ()
Task: {3F47D89A-7C31-4B5C-B2B2-4447690CC988} - System32\Tasks\telefon_wrangle => C:\Users\Luke\AppData\Local\biodegradation.exe [2018-03-08] ()
Task: {3F71AC83-F0D4-4469-9A2B-0287043AEC89} - System32\Tasks\tsdoubled_francisdoubled_francis => C:\Program Files (x86)\Whistlers\basti.exe [2018-03-08] ()
Task: {40866354-7EC2-4AA7-A8B7-971E7F27C64C} - System32\Tasks\tsbecherbecher => C:\Program Files (x86)\Pyre\basti.exe [2018-03-08] ()
Task: {495DF05D-3FF5-4C8E-AF0E-F25411DB6CB1} - System32\Tasks\becher => C:\Program Files (x86)\Pyre\basti.exe [2018-03-08] ()
Task: {5CE59C4C-CB7C-4D0D-826B-C33BEF11E073} - System32\Tasks\{19A59D09-F635-4BA4-B25C-EBA8DB5AE042} => C:\Windows\system32\pcalua.exe -a C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {69E79004-1618-4D7B-AEE3-AD3EB192EC6F} - System32\Tasks\doubled_francis => C:\Program Files (x86)\Whistlers\basti.exe [2018-03-08] ()
Task: {A2F7B176-6659-41AA-8CDD-F05D22965200} - System32\Tasks\tsmelonmelon => C:\Program Files (x86)\preceded\preceded.exe
Task: {AB27382C-B164-4E61-B3FE-42DE2DDD41FF} - System32\Tasks\tstelefon_wrangletelefon_wrangle => C:\Users\Luke\AppData\Local\biodegradation.exe [2018-03-08] ()
Task: {BC6CBB22-5571-42E2-9788-B9D999352635} - System32\Tasks\tnt siew irritation => C:\Users\Luke\AppData\Local\basti.exe [2018-03-08] ()
Task: {C189CC18-2FF8-4683-952B-BAEC2029947E} - System32\Tasks\tstnt siew irritationtnt siew irritation => C:\Users\Luke\AppData\Local\basti.exe [2018-03-08] ()
Task: {D58A0C9E-B606-4CB3-882E-2B198A780E41} - System32\Tasks\tspepperidge-discernpepperidge-discern => C:\Program Files (x86)\refectory\biodegradation.exe [2018-03-08] ()
Task: {E0EAB610-4301-4B31-BF5C-DFA45E064B17} - System32\Tasks\pepperidge-discern => C:\Program Files (x86)\refectory\biodegradation.exe [2018-03-08] ()
Task: {E28C9DF7-AC94-4318-A532-8AD7A5AA322A} - System32\Tasks\etruscans twas => C:\Program Files (x86)\Whistlers\biodegradation.exe [2018-03-08] ()

AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

FirewallRules: [{53DE54F9-49E8-436F-86DA-49FF0585DB8F}] => (Allow) C:\Program Files (x86)\Pyre\basti.exe
FirewallRules: [{0B9EBD30-4F48-41D0-99F4-C9E5D59010A4}] => (Allow) C:\Program Files (x86)\Whistlers\basti.exe
FirewallRules: [{8DB4B907-4A7D-4C53-A033-E6DE4DAF6891}] => (Allow) C:\Program Files (x86)\refectory\biodegradation.exe
FirewallRules: [{5D8EA20A-9E13-4E1B-A9A0-216DE5FEFA4D}] => (Allow) C:\Program Files (x86)\Whistlers\biodegradation.exe

C:\Program Files (x86)\Whistlers
C:\Program Files (x86)\ambrose
C:\Program Files (x86)\refectory
C:\Program Files (x86)\Pyre
C:\Program Files (x86)\preceded
C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
C:\Users\Luke\AppData\Local\installer.dat
C:\Users\Luke\AppData\Local\biodegradation.exe
C:\Users\Luke\AppData\Local\basti.exe
C:\Users\Luke\AppData\Roaming\et
C:\Users\Luke\AppData\Roaming\FC29FA0894FE.ini
C:\Windows\b57888333
C:\Windows\lachlan.exe
C:\Windows\uninstaller.dat
C:\Windows\system32\lmeugks
C:\Windows\SysWOW64\lmeugks

EmptyTemp:
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\trickey" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\trickeystriken" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\trickeytrickey" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\souci" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\souciwise" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\soucisouci" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wise" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wisesouci" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wisewise" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\striken" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\strikentrickey" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\strikenstriken" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ric" => removed successfully
"HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\Microsoft\Windows\CurrentVersion\Run\\controversial" => removed successfully
C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swains.lnk => moved successfully
C:\Program Files => FRST is scripted not to move this directory.
C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swainsswains.lnk => moved successfully
C:\Program Files => FRST is scripted not to move this directory.
"HKLM\System\CurrentControlSet\Services\cpuz137" => removed successfully
cpuz137 => service removed successfully
"HKLM\System\CurrentControlSet\Services\GPU-Z" => removed successfully
GPU-Z => service removed successfully
"HKLM\System\CurrentControlSet\Services\knsctpzi" => removed successfully
knsctpzi => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10741947-3D5B-47B6-9166-699030E39E8C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10741947-3D5B-47B6-9166-699030E39E8C}" => removed successfully
C:\Windows\System32\Tasks\melon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\melon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AC213CF-6CE5-46E8-A868-7145FDAC19D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AC213CF-6CE5-46E8-A868-7145FDAC19D5}" => removed successfully
C:\Windows\System32\Tasks\tsetruscans twasetruscans twas => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsetruscans twasetruscans twas" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F47D89A-7C31-4B5C-B2B2-4447690CC988}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F47D89A-7C31-4B5C-B2B2-4447690CC988}" => removed successfully
C:\Windows\System32\Tasks\telefon_wrangle => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\telefon_wrangle" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F71AC83-F0D4-4469-9A2B-0287043AEC89}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F71AC83-F0D4-4469-9A2B-0287043AEC89}" => removed successfully
C:\Windows\System32\Tasks\tsdoubled_francisdoubled_francis => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsdoubled_francisdoubled_francis" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40866354-7EC2-4AA7-A8B7-971E7F27C64C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40866354-7EC2-4AA7-A8B7-971E7F27C64C}" => removed successfully
C:\Windows\System32\Tasks\tsbecherbecher => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsbecherbecher" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{495DF05D-3FF5-4C8E-AF0E-F25411DB6CB1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{495DF05D-3FF5-4C8E-AF0E-F25411DB6CB1}" => removed successfully
C:\Windows\System32\Tasks\becher => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\becher" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CE59C4C-CB7C-4D0D-826B-C33BEF11E073}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CE59C4C-CB7C-4D0D-826B-C33BEF11E073}" => removed successfully
C:\Windows\System32\Tasks\{19A59D09-F635-4BA4-B25C-EBA8DB5AE042} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19A59D09-F635-4BA4-B25C-EBA8DB5AE042}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69E79004-1618-4D7B-AEE3-AD3EB192EC6F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69E79004-1618-4D7B-AEE3-AD3EB192EC6F}" => removed successfully
C:\Windows\System32\Tasks\doubled_francis => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\doubled_francis" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2F7B176-6659-41AA-8CDD-F05D22965200}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2F7B176-6659-41AA-8CDD-F05D22965200}" => removed successfully
C:\Windows\System32\Tasks\tsmelonmelon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsmelonmelon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB27382C-B164-4E61-B3FE-42DE2DDD41FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB27382C-B164-4E61-B3FE-42DE2DDD41FF}" => removed successfully
C:\Windows\System32\Tasks\tstelefon_wrangletelefon_wrangle => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tstelefon_wrangletelefon_wrangle" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC6CBB22-5571-42E2-9788-B9D999352635}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC6CBB22-5571-42E2-9788-B9D999352635}" => removed successfully
C:\Windows\System32\Tasks\tnt siew irritation => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tnt siew irritation" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C189CC18-2FF8-4683-952B-BAEC2029947E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C189CC18-2FF8-4683-952B-BAEC2029947E}" => removed successfully
C:\Windows\System32\Tasks\tstnt siew irritationtnt siew irritation => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tstnt siew irritationtnt siew irritation" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D58A0C9E-B606-4CB3-882E-2B198A780E41}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D58A0C9E-B606-4CB3-882E-2B198A780E41}" => removed successfully
C:\Windows\System32\Tasks\tspepperidge-discernpepperidge-discern => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tspepperidge-discernpepperidge-discern" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0EAB610-4301-4B31-BF5C-DFA45E064B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0EAB610-4301-4B31-BF5C-DFA45E064B17}" => removed successfully
C:\Windows\System32\Tasks\pepperidge-discern => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pepperidge-discern" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E28C9DF7-AC94-4318-A532-8AD7A5AA322A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28C9DF7-AC94-4318-A532-8AD7A5AA322A}" => removed successfully
C:\Windows\System32\Tasks\etruscans twas => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\etruscans twas" => removed successfully
C:\Users\Public\DRM => ":احتضان" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53DE54F9-49E8-436F-86DA-49FF0585DB8F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B9EBD30-4F48-41D0-99F4-C9E5D59010A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DB4B907-4A7D-4C53-A033-E6DE4DAF6891}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D8EA20A-9E13-4E1B-A9A0-216DE5FEFA4D}" => removed successfully
C:\Program Files (x86)\Whistlers => moved successfully
C:\Program Files (x86)\ambrose => moved successfully
C:\Program Files (x86)\refectory => moved successfully
C:\Program Files (x86)\Pyre => moved successfully
C:\Program Files (x86)\preceded => moved successfully
C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06 => moved successfully
C:\Users\Luke\AppData\Local\installer.dat => moved successfully
C:\Users\Luke\AppData\Local\biodegradation.exe => moved successfully
C:\Users\Luke\AppData\Local\basti.exe => moved successfully
C:\Users\Luke\AppData\Roaming\et => moved successfully
C:\Users\Luke\AppData\Roaming\FC29FA0894FE.ini => moved successfully
C:\Windows\b57888333 => moved successfully
C:\Windows\lachlan.exe => moved successfully
C:\Windows\uninstaller.dat => moved successfully
C:\Windows\system32\lmeugks => moved successfully
C:\Windows\SysWOW64\lmeugks => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14383329 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 2194904 B
Edge => 0 B
Chrome => 44471964 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 2748804 B
Luke => 58295717 B

RecycleBin => 0 B
EmptyTemp: => 116.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 01:33:40 ====



#10 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 10 March 2018 - 02:14 AM

You know, I think it has to do with Internet Explorer, which I was using to reinstall Chrome. Feel free to mark this topic closed, and thank you so so much! I don't know if you have this process automated, or if you're creating that FixList by hand, but it seriously seems like magic.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 11 March 2018 - 09:37 AM

Can you do me a favor? Can you .zip the C:\FRST\Quarantine folder and attach it here for me?

Also, dfsvc.exe is a legitimate process from Microsoft, the ClickOnce launcher.

And all the fixlist.txt we create are by hand, not automated :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 15 March 2018 - 07:16 AM

Hi redflgslooklikeflgs,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 19 March 2018 - 06:41 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users