Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A "Mozilla Firefox" Site with Porn Ads started to Popup during Windows Startup


  • This topic is locked This topic is locked
5 replies to this topic

#1 Lodiicolo

Lodiicolo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 01 June 2018 - 10:19 PM

Recently my laptop (like 2 days ago), when booted and loads the Startup, a Mozilla Firefox website pops up with the tab name like this "jagdjkabjfvhgasjdfkwhgiu". Hovering on it reveals it contains porn ads, but it can't be maximized. It appears only a couple of seconds before it automatically closes. As usual, I scanned using Malwarebytes Free, and quarantined everything it scanned.

I thought it's done, but now, the problem is still there, and it appears it causes my laptop to black out the desktop. No folders and programs can be accessed there. The site does not close automatically either. Thankfully I have all my important programs are placed as shortcuts on my Taskbar. 

If I were to access Google Chrome while the Firefox site is active, it forcefully closes Google Chrome. I have to use Task Manager to forcefully close the Firefox site, and then access Google Chrome properly.

From there on I'm here asking for help to get rid of it. My desktop is still a black void, and the Firefox site is probably still there when I restart this laptop. I can still access my files in File Explorer.

Here are the logs from Farbar:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Tristan (administrator) on LAPTOP-F93ACI8O (02-06-2018 10:49:57)
Running from C:\Users\Tristan\Downloads
Loaded Profiles: Tristan (Available Profiles: Tristan)
Platform: Windows 10 Home Single Language Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(SweetLabs, Inc) C:\Users\Tristan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(f.lux Software LLC) C:\Users\Tristan\AppData\Local\FluxSoftware\Flux\flux.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rstrui.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-23] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-03] (Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [230104 2015-07-11] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-02] (Power Software Ltd)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UD.exe [538728 2014-04-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-09-03] (Tonec Inc.)
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\Run: [firefox] => C:\Users\Tristan\AppData\Roaming\FFPortable\update.exe [910296 2010-03-31] (Mozilla Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-04-13]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIY Editor's Mouse - Shortcut.lnk [2017-08-05]
ShortcutTarget: DIY Editor's Mouse - Shortcut.lnk -> C:\Users\Tristan\Desktop\Documents\Marcus Document Kai Mk.2\1)PAPERCRAFT\1)Programs\DIY Editor's Mouse.ahk ()
Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f.lux.lnk [2017-11-02]
ShortcutTarget: f.lux.lnk -> C:\Users\Tristan\AppData\Local\FluxSoftware\Flux\flux.exe (f.lux Software LLC)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{739cef4b-81c6-4326-b5f5-1b3e157fbdf4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f93a74ff-318e-471c-a7b1-96c137abe2a5}: [DhcpNameServer] 150.203.1.3
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {53AC25E9-C45D-49CF-A0CA-A7F8D6A85068} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {53AC25E9-C45D-49CF-A0CA-A7F8D6A85068} URL = 
SearchScopes: HKU\S-1-5-21-2594559411-2321929550-1583555420-1001 -> DefaultScope {53AC25E9-C45D-49CF-A0CA-A7F8D6A85068} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-08-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-08-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Tristan\AppData\Roaming\AMozilla\AFirefox\Profiles\tv7trr1u.default [2018-06-02]
FF HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tristan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Tristan\AppData\Roaming\IDM\idmmzcc5 [2016-09-04] [Legacy] [not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default [2018-06-02]
CHR Extension: (Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-04]
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-04]
CHR Extension: (Adblock for Youtube™) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2018-01-18]
CHR Extension: (Magic Enhancer For YouTube™) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2018-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-11]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-11]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-03] (Realtek Semiconductor Corporation)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-29] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-29] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-29] (BlueStack Systems, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [120024 2015-07-03] ()
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe [166504 2014-04-23] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [143584 2016-09-21] (ELAN Microelectronics Corp.)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373680 2017-05-26] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-04-24] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-08] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [474768 2017-03-01] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-29] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-28] (Bluestack System Inc. )
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
R3 eppvad_simple; C:\WINDOWS\system32\drivers\EMP_UDAU.sys [23040 2014-04-23] (SEIKO EPSON CORPORATION)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32344 2016-07-20] (ELAN Microelectronic Corp.)
R3 gkernel; C:\Users\Tristan\AppData\Local\Temp\gkernel.sys [44544 2018-06-02] () [File not signed] <==== ATTENTION
R3 glavcam; C:\WINDOWS\system32\DRIVERS\glavcam.sys [3476736 2015-10-16] (Windows ® Codename Longhorn DDK provider)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2018-06-02] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S3 RtkA2dp; C:\WINDOWS\system32\drivers\RtkA2dp.sys [182288 2015-05-21] (Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [60944 2015-05-12] (Realtek Semiconductor Corporation)
S3 RtkAvrcpCtrlr; C:\WINDOWS\System32\drivers\RtkAvrcpCtrlr.sys [70672 2015-05-12] (Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [607512 2015-07-09] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corporation )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-02 10:49 - 2018-06-02 10:51 - 000021966 _____ C:\Users\Tristan\Downloads\FRST.txt
2018-06-02 10:49 - 2018-06-02 10:49 - 002413056 _____ (Farbar) C:\Users\Tristan\Downloads\FRST64.exe
2018-06-02 10:49 - 2018-06-02 10:49 - 000000000 ____D C:\FRST
2018-06-01 23:42 - 2018-06-01 23:47 - 020628685 _____ C:\Users\Tristan\Downloads\potemkin-ogre.zip
2018-06-01 23:01 - 2018-06-01 23:02 - 006328744 _____ C:\Users\Tristan\Downloads\mugen-1_1b1.zip
2018-06-01 23:00 - 2018-06-01 23:00 - 002726135 _____ C:\Users\Tristan\Downloads\saitama.rar
2018-06-01 22:45 - 2018-06-01 22:48 - 063945495 _____ C:\Users\Tristan\Desktop\Tager_S.rar
2018-06-01 21:30 - 2018-06-01 21:30 - 000001979 _____ C:\Users\Tristan\Desktop\mugen - Shortcut.lnk
2018-06-01 21:26 - 2018-06-01 21:26 - 000119296 _____ C:\WINDOWS\SysWOW64\zlib.dll
2018-06-01 21:26 - 2018-06-01 21:26 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\PowerUp Software
2018-06-01 21:26 - 2018-06-01 21:26 - 000000000 ____D C:\ProgramData\PowerUp Software
2018-06-01 21:26 - 2016-01-03 12:32 - 001227264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dx8vb.dll
2018-06-01 21:26 - 2016-01-03 12:32 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capicom.dll
2018-06-01 21:26 - 2016-01-03 12:32 - 000091632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsofile.dll
2018-06-01 21:26 - 2016-01-03 12:32 - 000057344 _____ () C:\WINDOWS\SysWOW64\ADsSecurity.dll
2018-06-01 21:26 - 2016-01-03 12:32 - 000045056 _____ (vbAccelerator) C:\WINDOWS\SysWOW64\SSubTmr6.dll
2018-06-01 21:26 - 2016-01-03 12:32 - 000045056 _____ (Microsoft) C:\WINDOWS\SysWOW64\NTSVC.ocx
2018-06-01 21:24 - 2018-06-01 21:24 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Output
2018-06-01 21:24 - 2018-06-01 21:24 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\FFPortable
2018-06-01 21:24 - 2018-06-01 21:24 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\ff
2018-06-01 21:24 - 2018-06-01 21:24 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\AMozilla
2018-06-01 21:24 - 2018-06-01 21:24 - 000000000 ____D C:\Users\Tristan\AppData\Local\AMozilla
2018-06-01 21:24 - 2018-06-01 21:24 - 000000000 _____ C:\WINDOWS\nsreg.dat
2018-06-01 21:24 - 2017-12-28 00:24 - 011924282 _____ (InstallShield Software Corporation) C:\Users\Tristan\AppData\Roaming\pinnacle-setup.exe
2018-06-01 17:14 - 2018-06-01 17:15 - 001295391 _____ C:\Users\Tristan\Desktop\Geter.pdf
2018-06-01 16:36 - 2018-06-01 16:36 - 000458239 _____ C:\Users\Tristan\Desktop\big_bang_stand 2.pdf
2018-06-01 16:36 - 2018-06-01 16:36 - 000019461 _____ C:\Users\Tristan\Desktop\big_bang_stand.pdo
2018-06-01 13:06 - 2018-06-01 13:06 - 000000000 _____ C:\WINDOWS\SysWOW64\stub.json
2018-05-28 14:05 - 2018-05-28 14:05 - 001051978 _____ C:\Users\Tristan\Desktop\[big_bang_stand.pdf
2018-05-28 14:04 - 2018-05-28 14:04 - 000103565 _____ C:\Users\Tristan\Desktop\[articulation_stand.pdf
2018-05-27 19:19 - 2018-05-27 19:19 - 000723460 _____ C:\Users\Tristan\Desktop\normal stand.obj
2018-05-25 12:26 - 2018-05-25 12:27 - 034915422 _____ C:\Users\Tristan\Desktop\Photos_downloaded_by_AirDroid.zip
2018-05-23 14:02 - 2018-05-23 14:02 - 001101530 _____ C:\Users\Tristan\Desktop\[Paper God Scrander 1.pdf
2018-05-23 13:34 - 2018-05-23 13:34 - 000000000 ____D C:\Users\Tristan\AppData\Local\D3DSCache
2018-05-23 13:16 - 2018-05-23 13:16 - 000000000 ____D C:\Users\Tristan\Desktop\Untitled
2018-05-23 10:47 - 2018-05-23 10:47 - 000238808 _____ C:\Users\Tristan\Downloads\TT_QuadFaceTools - (0.13.1).rbz
2018-05-23 03:15 - 2018-05-22 11:54 - 000000000 ____D C:\Windows.old
2018-05-22 11:59 - 2018-05-22 11:59 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-22 11:54 - 2018-05-22 11:54 - 000000020 ___SH C:\Users\Tristan\ntuser.ini
2018-05-22 11:52 - 2018-06-02 10:23 - 000003608 _____ C:\WINDOWS\System32\Tasks\Garena+ Plugin Host Service
2018-05-22 11:52 - 2018-06-02 10:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-22 11:52 - 2018-05-22 11:54 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2594559411-2321929550-1583555420-1001
2018-05-22 11:52 - 2018-05-22 11:53 - 000003498 _____ C:\WINDOWS\System32\Tasks\EPSON L360 Series Update {17D65DED-F43C-43A2-8438-FF333512F843}
2018-05-22 11:52 - 2018-05-22 11:53 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-22 11:52 - 2018-05-22 11:53 - 000002514 _____ C:\WINDOWS\System32\Tasks\{B4C901B1-A1D8-4CCC-A038-1245A7F6D8F7}
2018-05-22 11:52 - 2018-05-22 11:53 - 000002182 _____ C:\WINDOWS\System32\Tasks\{C245A6EB-F3EF-42F9-880E-F977047F0945}
2018-05-22 11:52 - 2018-05-22 11:53 - 000002182 _____ C:\WINDOWS\System32\Tasks\{68A483F1-857D-410F-BA4E-A663951EB2D2}
2018-05-22 11:52 - 2018-05-22 11:53 - 000002182 _____ C:\WINDOWS\System32\Tasks\{45F6315F-3E77-4537-BAB4-3B7047ACEF1B}
2018-05-22 11:52 - 2018-05-22 11:52 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-22 11:52 - 2018-05-22 11:52 - 000002408 _____ C:\WINDOWS\System32\Tasks\App Explorer
2018-05-22 11:52 - 2018-05-22 11:52 - 000002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2018-05-22 11:52 - 2018-05-22 11:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-05-22 11:52 - 2018-05-22 11:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-05-22 11:52 - 2018-05-22 11:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\CyberLink
2018-05-22 11:51 - 2018-05-22 11:52 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-22 11:51 - 2018-05-22 11:52 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-22 11:39 - 2018-06-02 10:28 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-22 11:32 - 2018-05-22 11:32 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-22 11:28 - 2018-06-02 09:48 - 000000000 ____D C:\Users\Tristan\AppData\Local\Host App Service
2018-05-22 11:28 - 2018-05-24 00:59 - 000000000 ____D C:\Users\Tristan
2018-05-22 11:28 - 2018-04-12 07:34 - 000001105 _____ C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-22 11:27 - 2018-05-22 11:27 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-22 11:27 - 2016-12-29 20:28 - 000133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-05-22 11:27 - 2016-09-10 02:25 - 000269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-05-22 11:27 - 2016-09-10 02:25 - 000261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-05-22 11:27 - 2016-09-10 02:25 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-05-22 11:27 - 2016-09-10 02:24 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-05-22 11:24 - 2018-05-22 11:24 - 000000000 ____D C:\ProgramData\USOShared
2018-05-22 11:24 - 2017-05-26 05:12 - 000103888 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-05-22 11:24 - 2017-05-26 05:12 - 000099792 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-22 11:23 - 2018-04-12 07:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-22 11:17 - 2018-06-02 00:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-22 11:17 - 2018-05-22 11:36 - 000420088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-21 22:21 - 2018-05-23 03:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-21 22:16 - 2018-05-21 22:21 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-21 22:07 - 2018-05-21 22:07 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-21 22:07 - 2018-05-21 22:07 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-21 22:06 - 2018-05-21 22:06 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-21 22:05 - 2018-05-21 22:05 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-21 22:05 - 2018-05-21 22:05 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-21 22:05 - 2018-05-21 22:05 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-21 22:05 - 2018-05-21 22:05 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-21 22:05 - 2018-05-21 22:05 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-21 22:05 - 2018-05-21 22:05 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-21 22:05 - 2018-05-21 22:05 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-21 22:05 - 2018-05-21 22:05 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-21 22:05 - 2018-05-21 22:05 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-21 22:04 - 2018-05-21 22:04 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-21 22:04 - 2018-05-21 22:04 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-21 22:04 - 2018-05-21 22:04 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-21 22:04 - 2018-05-21 22:04 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-21 22:04 - 2018-05-21 22:04 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-21 22:04 - 2018-05-21 22:04 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-21 22:04 - 2018-05-21 22:04 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-21 22:04 - 2018-05-21 22:04 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-21 21:36 - 2018-05-23 03:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-21 21:36 - 2018-05-21 21:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-21 21:36 - 2018-05-21 21:36 - 000000000 ____D C:\Program Files\MSBuild
2018-05-21 21:36 - 2018-05-21 21:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-21 21:33 - 2018-05-21 21:33 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-21 21:33 - 2018-05-21 21:33 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-21 21:33 - 2018-05-21 21:33 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-21 21:33 - 2018-05-21 21:33 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-21 21:33 - 2018-05-21 21:33 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-21 21:33 - 2018-05-21 21:33 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-21 21:29 - 2018-05-21 21:29 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-21 21:29 - 2018-05-21 21:29 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-21 21:28 - 2018-05-21 21:28 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-21 21:28 - 2018-05-21 21:28 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-21 21:28 - 2018-05-21 21:28 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-21 21:28 - 2018-05-21 21:28 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-21 21:28 - 2018-05-21 21:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-21 21:28 - 2018-05-21 21:28 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-21 20:57 - 2018-05-21 20:57 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-20 20:53 - 2018-05-22 11:55 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-18 16:06 - 2018-05-18 16:06 - 000061755 _____ C:\Users\Tristan\Downloads\Voice_0081.m4a
2018-05-17 23:37 - 2018-05-17 23:37 - 000046140 _____ C:\Users\Tristan\Downloads\50db1611-9f5a-438c-8366-3d54ec38c95d.tmp
2018-05-17 19:25 - 2018-05-22 11:34 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeshLab
2018-05-17 19:25 - 2018-05-17 19:25 - 000000000 ____D C:\Program Files\VCG
2018-05-16 19:39 - 2018-05-16 19:39 - 000001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-05-16 13:36 - 2018-06-02 10:21 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-16 13:01 - 2018-05-20 00:05 - 000000000 ____D C:\Users\Tristan\Desktop\New folder (3)
2018-05-16 12:25 - 2018-05-16 12:25 - 000187440 _____ C:\Users\Tristan\Downloads\Unconfirmed 314410.crdownload
2018-05-16 00:01 - 2018-05-16 19:05 - 000000000 ____D C:\Users\Tristan\AppData\Local\TeamViewer
2018-05-15 23:44 - 2018-05-16 19:04 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\TeamViewer
2018-05-15 23:06 - 2018-05-15 23:41 - 009616448 _____ (TeamViewer GmbH) C:\Users\Tristan\Downloads\TeamViewer_Setup_en.exe
2018-05-15 21:24 - 2018-05-23 03:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2018-05-15 21:24 - 2018-05-15 21:24 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2018-05-15 21:04 - 2018-05-15 21:04 - 000000000 ____D C:\Program Files\SAMSUNG
2018-05-15 21:03 - 2018-05-15 21:03 - 000000000 ____D C:\ProgramData\Samsung
2018-05-06 16:34 - 2018-05-06 16:36 - 000000000 ____D C:\Users\Tristan\Desktop\New folder (2)
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-02 10:49 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-02 10:40 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-02 10:28 - 2018-04-12 07:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-02 10:27 - 2016-11-17 06:42 - 000717316 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-06-02 10:21 - 2017-07-30 10:09 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-06-02 10:21 - 2017-07-16 10:10 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-02 10:21 - 2016-10-12 19:31 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-02 10:21 - 2016-09-05 03:38 - 000000000 __SHD C:\Users\Tristan\IntelGraphicsProfiles
2018-06-02 10:20 - 2018-04-12 05:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-02 10:20 - 2016-09-04 23:39 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\DMCache
2018-06-02 10:10 - 2017-02-21 20:04 - 000000000 ____D C:\Program Files\ByteFence
2018-06-02 10:08 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-06-02 10:08 - 2016-09-26 21:28 - 000000000 ____D C:\Program Files (x86)\BlazBlue Chronophantasma Extend
2018-06-02 02:03 - 2016-09-04 23:39 - 000000000 ____D C:\Users\Tristan\Downloads\Compressed
2018-06-02 01:29 - 2016-09-12 00:31 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\vlc
2018-06-01 21:59 - 2018-04-12 07:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-01 21:44 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-01 21:37 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-01 21:27 - 2016-09-04 21:46 - 000000000 ____D C:\Users\Tristan\AppData\Local\CrashDumps
2018-06-01 21:26 - 2016-03-31 04:53 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-01 21:24 - 2016-10-10 11:19 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Mozilla
2018-05-31 22:49 - 2017-07-26 22:47 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\5BB779D3-B015-5D9D-1AEE-02AFC41A46C0
2018-05-31 22:15 - 2018-04-12 07:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-31 18:57 - 2018-02-22 22:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-28 12:47 - 2017-02-22 04:48 - 000000556 _____ C:\Users\Tristan\AppData\Roaming\WB.CFG
2018-05-24 08:51 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-23 03:16 - 2018-04-12 07:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-23 03:16 - 2018-04-12 07:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-23 03:16 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-05-23 03:16 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-23 03:16 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-23 03:16 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\System
2018-05-23 03:16 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-23 03:16 - 2018-02-04 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2018-05-23 03:16 - 2017-10-01 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-05-23 03:16 - 2017-07-30 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-23 03:16 - 2017-07-08 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 6.0
2018-05-23 03:16 - 2017-05-29 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2018-05-23 03:16 - 2017-02-28 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2018-05-23 03:16 - 2017-02-22 04:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2018-05-23 03:16 - 2017-02-21 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales of Zestiria
2018-05-23 03:16 - 2017-02-21 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2018-05-23 03:16 - 2016-09-28 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2018-05-23 03:16 - 2016-09-28 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-23 03:16 - 2016-09-12 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 4
2018-05-23 03:16 - 2016-09-12 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2018-05-23 03:16 - 2016-09-12 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
2018-05-23 03:16 - 2016-09-07 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-23 03:16 - 2016-09-04 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-23 03:16 - 2016-09-04 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-05-23 03:16 - 2016-09-04 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2018-05-23 03:16 - 2016-03-31 05:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-05-23 03:16 - 2016-03-31 05:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-23 03:16 - 2016-03-31 05:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2018-05-23 03:16 - 2016-03-31 04:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-05-23 03:16 - 2015-10-30 17:05 - 000000000 ____D C:\WINDOWS\ShellNew
2018-05-23 03:15 - 2018-04-12 07:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-23 03:15 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-23 03:15 - 2017-07-16 10:10 - 000000000 ____D C:\Program Files\Intel
2018-05-23 03:15 - 2017-07-16 10:09 - 000000000 ____D C:\Program Files\CONEXANT
2018-05-23 03:15 - 2017-05-24 10:58 - 000000000 ____D C:\Program Files\UNP
2018-05-23 03:15 - 2015-10-30 15:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-05-22 19:10 - 2016-10-12 19:57 - 000000000 ____D C:\Users\Tristan\AppData\Local\ConnectedDevicesPlatform
2018-05-22 18:06 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-22 13:38 - 2018-04-23 13:14 - 000000000 ____D C:\Users\Tristan\Desktop\New folder
2018-05-22 12:23 - 2017-12-03 22:26 - 000000000 ____D C:\Users\Tristan\AppData\Local\Packages
2018-05-22 12:12 - 2017-02-21 20:04 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-05-22 11:55 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-22 11:55 - 2017-03-31 20:00 - 000000000 ___RD C:\Users\Tristan\3D Objects
2018-05-22 11:55 - 2015-11-04 03:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-22 11:54 - 2018-04-12 05:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-22 11:52 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-22 11:44 - 2018-04-12 07:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-22 11:42 - 2018-04-12 07:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-22 11:42 - 2016-10-12 19:49 - 000024320 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-22 11:40 - 2016-09-04 21:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-22 11:39 - 2016-03-31 05:55 - 000838560 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-05-22 11:34 - 2017-07-08 16:14 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
2018-05-22 11:34 - 2017-04-21 16:39 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 3
2018-05-22 11:34 - 2016-09-28 15:16 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-22 11:34 - 2016-09-12 19:10 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pop-Up Card Designer PRO
2018-05-22 11:34 - 2016-09-04 23:39 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-22 11:31 - 2017-02-28 19:24 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2018-05-22 11:27 - 2017-07-16 10:11 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-05-22 11:27 - 2017-07-16 10:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-22 11:25 - 2017-07-16 10:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-22 11:25 - 2017-07-16 10:10 - 000000000 ____D C:\Program Files\Elantech
2018-05-22 11:24 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-22 11:24 - 2017-07-16 10:10 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-21 22:24 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-21 22:23 - 2018-03-18 15:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-05-21 22:22 - 2018-04-13 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2018-05-21 22:22 - 2018-01-27 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-05-21 22:22 - 2017-09-05 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2018-05-21 22:22 - 2017-07-11 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moxa
2018-05-21 22:22 - 2017-02-13 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-05-21 22:22 - 2016-09-12 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2018-05-21 22:22 - 2016-09-07 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2018-05-21 22:22 - 2016-09-07 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2018-05-21 22:22 - 2016-03-31 05:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-21 22:10 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-21 22:10 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-21 21:29 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-17 19:26 - 2016-03-31 04:50 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-17 15:26 - 2016-09-14 20:46 - 000000132 _____ C:\Users\Tristan\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-05-16 22:17 - 2016-09-04 23:39 - 000000000 ____D C:\Users\Tristan\AppData\Roaming\IDM
2018-05-14 17:14 - 2016-10-07 19:26 - 000000000 ____D C:\Users\Tristan\AppData\Local\Arduino15
2018-05-09 19:57 - 2017-10-11 23:36 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 19:57 - 2016-09-07 12:30 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-09 19:57 - 2016-09-07 12:30 - 000000000 ____D C:\WINDOWS\system32\MRT
 
==================== Files in the root of some directories =======
 
2016-09-14 20:46 - 2018-05-17 15:26 - 000000132 _____ () C:\Users\Tristan\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-06-01 21:24 - 2017-12-28 00:24 - 011924282 _____ (InstallShield Software Corporation) C:\Users\Tristan\AppData\Roaming\pinnacle-setup.exe
2017-02-22 04:48 - 2018-05-28 12:47 - 000000556 _____ () C:\Users\Tristan\AppData\Roaming\WB.CFG
2017-05-14 15:53 - 2017-05-21 13:12 - 000001456 _____ () C:\Users\Tristan\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-05 03:38 - 2018-06-02 10:23 - 002649271 _____ () C:\Users\Tristan\AppData\Local\BTServer.log
2017-12-23 10:47 - 2017-12-23 10:47 - 000000052 _____ () C:\Users\Tristan\AppData\Local\d92vrnjfb7
2017-12-12 20:47 - 2017-12-14 21:04 - 000000052 _____ () C:\Users\Tristan\AppData\Local\TTTTTTTTTT
 
Some files in TEMP:
====================
2018-06-01 21:24 - 2018-06-01 21:24 - 000015360 _____ () C:\Users\Tristan\AppData\Local\Temp\tFdfxPr20.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-22 11:17
 
==================== End of FRST.txt ============================

Additional.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Tristan (02-06-2018 10:51:55)
Running from C:\Users\Tristan\Downloads
Windows 10 Home Single Language Version 1803 17134.48 (X64) (2018-05-22 03:54:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2594559411-2321929550-1583555420-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2594559411-2321929550-1583555420-503 - Limited - Disabled)
Guest (S-1-5-21-2594559411-2321929550-1583555420-501 - Limited - Disabled)
Tristan (S-1-5-21-2594559411-2321929550-1583555420-1001 - Administrator - Enabled) => C:\Users\Tristan
VUSR_LAPTOP-F93ACI8O (S-1-5-21-2594559411-2321929550-1583555420-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2594559411-2321929550-1583555420-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2.1.2.3 (HKLM-x32\...\Setup_is1) (Version:  - )
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.9 - Arduino LLC)
AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.61.6289 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon P200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_P200_series) (Version: 1.02 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.29.50 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
EPSON L360 Series Printer Uninstall (HKLM\...\EPSON L360 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.70.000 - SEIKO EPSON CORPORATION)
f.lux (HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\Flux) (Version:  - f.lux Software LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Lenovo App Explorer (HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\Host App Service) (Version: 0.273.2.683 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo EasyCamera (HKLM-x32\...\{E8266049-8C7B-4A09-9E11-8BD100E0076A}) (Version: 8.0.1.2376 - GenesysLogic)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{F925868A-2F2C-414B-A5A7-C613039CE9E4}) (Version: 3.1.001.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MeshLab_64b 2016 (HKLM-x32\...\MeshLab_64b) (Version: 2016 - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version:  - )
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PComm Lite Ver1.6 (HKLM\...\PComm Lite Ver1.6_is1) (Version:  - Moxa Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Pepakura Designer 4 (HKLM-x32\...\pepakura_designer4en) (Version:  - TamaSoftware)
Pepakura Viewer 3 (HKLM-x32\...\pepakura_viewer3en) (Version:  - TamaSoftware)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.14.0 - Prolific Technology Inc.)
Pop-Up Card Designer PRO (HKLM-x32\...\popupcard-pro_en) (Version:  - Tama Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.868.867.071015 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.213.243 - REALTEK Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secured Yahoo Powered (HKLM-x32\...\{B46B5CAB-E4EB-8D2B-556B-FDAB85EB2E2B}) (Version:  - )
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
SteelSeries Engine 3.12.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.2 - SteelSeries ApS)
Tales of Zestiria (HKLM-x32\...\{104D902A-F2BA-44F2-AF39-25A8B366BFEA}_is1) (Version:  - Bandai Namco)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2594559411-2321929550-1583555420-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-07-04] (Realtek Semiconductor Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-22] (Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-26] (Lenovo)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-22] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-26] (Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-26] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {21C5BEA5-69A8-4DFF-BFED-6BBD536A1332} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-02-22] ()
Task: {234ED12F-7361-44BF-B12D-590D5E30C6E9} - System32\Tasks\App Explorer => C:\Users\Tristan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-04-23] (SweetLabs, Inc) <==== ATTENTION
Task: {245DCCDB-0C54-47F1-9BCA-CB17B18D36CD} - System32\Tasks\{68A483F1-857D-410F-BA4E-A663951EB2D2} => C:\WINDOWS\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {2D30F62D-2DA9-4F55-B3D4-53841963106E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-08] (Lenovo)
Task: {3490D3D2-1A63-450C-A26F-0453CBB26824} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {3B69BD1C-430C-431C-A1AA-7FF3F2199AA9} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
Task: {3E5DB0E1-1AAA-40F4-B5B8-C1BF0AC08B67} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-04-24] (Lenovo Group Limited)
Task: {546A23FA-B083-47F8-B8B3-A34C39F72E09} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-08] ()
Task: {63481F6A-7DEF-42DC-BEC4-9A156360051F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {68A8A891-BC7D-43B5-BF1D-25C8E2F4152C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {6F5DE41E-9025-42AA-879D-2D6D39F0F654} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6F607D6C-686E-4FC1-B7C2-BBA5DE73992A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0f53d834-0506-48c2-bca2-dde7baf0b51a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {72A0B916-8950-4D69-AFBC-858BB9381C06} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {7E446414-5C63-4B53-AC5C-3F72E2378E48} - System32\Tasks\{B4C901B1-A1D8-4CCC-A038-1245A7F6D8F7} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\MICROS~3\Common\Tools\APE\apemreg.exe -d C:\WINDOWS\SysWOW64 -c /S "Visual Studio APE Package" "C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\APE\AEMTSSVC.PAK"
Task: {828C2CE0-DBB9-46C3-93F4-318D67071489} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {8D1BE44D-CF59-4E94-B2F9-8F9D1983B8BC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {92D2F257-888F-4598-9B00-6D27B238A9F1} - System32\Tasks\{C245A6EB-F3EF-42F9-880E-F977047F0945} => C:\WINDOWS\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {96976C91-5132-4FAE-A669-F008D0A303E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {9905E909-F35F-41E2-BE6A-41517A6EB62F} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {9BEF4BD9-D323-4405-96FE-BCFE1BF76F0F} - System32\Tasks\EPSON L360 Series Update {17D65DED-F43C-43A2-8438-FF333512F843} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN0E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {A71B0B09-E478-4E6D-9DD9-9F1A84D7CDF7} - System32\Tasks\{45F6315F-3E77-4537-BAB4-3B7047ACEF1B} => C:\WINDOWS\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {A8782CCD-058C-42D3-80B4-F1686EFFF337} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {A928CB25-30CA-441E-8E19-5CF9196EC426} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cb72b72d-86a7-44be-9cfd-b1ccf5e3a529 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {B0594F09-53E3-4506-B6C5-D538E0352D0C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B1F52C6C-1D22-40FC-AA39-CD0AC2013325} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-26] ()
Task: {BC3B7457-02CC-4A7F-8CFD-D13C958C649F} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)
Task: {D1F55B77-D1A6-4639-BE67-3F7EA0500E39} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8b216fc8-f9eb-4938-8e31-1d6d2cc500ca => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {DAD6205B-0E39-45B7-ABAA-362C577AAF31} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-08] (Lenovo)
Task: {F5E5BCC5-76AF-41DA-A28B-80426AB8D0C8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\30d46ffa-752a-4a28-b771-f59b3f62ac5b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {FC343EC4-1C25-41A6-B08E-75A30A8AED8C} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {FEF7CAD7-CB78-403A-B9AB-70DC7717EAA1} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-26] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON L360 Series Update {17D65DED-F43C-43A2-8438-FF333512F843}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN0E.EXE:/EXE:{17D65DED-F43C-43A2-8438-FF333512F843} /F:UpdateWORKGROUP\LAPTOP-F93ACI8O$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-31 06:02 - 2015-07-03 00:41 - 000120024 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2017-07-16 10:11 - 2016-12-29 21:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-16 11:58 - 2016-02-22 19:24 - 000174632 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2018-04-12 07:34 - 2018-04-12 07:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-26 05:11 - 2017-05-26 05:11 - 000401840 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-01-15 16:24 - 2016-01-15 16:24 - 000043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 07:35 - 2018-04-12 17:19 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-12 18:13 - 2016-08-02 18:49 - 001208832 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2018-05-17 15:11 - 2018-05-15 11:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-17 15:11 - 2018-05-15 11:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2015-02-16 11:59 - 2016-07-01 20:01 - 003423584 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2016-03-31 05:53 - 2016-06-15 04:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-31 05:02 - 2014-07-04 12:35 - 000627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-05 03:35 - 2014-07-05 03:35 - 000016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\exefile:  <==== ATTENTION
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\.exe:  =>  <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 15:24 - 2018-06-01 21:38 - 000003384 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tristan\Desktop\Documents\Marcus Document Kai Mk.2\4)MISC\{3}Useful\Wallpaper\ikaros_windows_7_wallpaper_by_musicgirl482-d6t15y0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\StartupApproved\Run: => "GarenaPlus"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{258E4154-2369-4F25-A49B-E3BA089D5BBA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8B44C7AC-0899-452D-9A6A-310820C3F124}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12636444-CC98-4020-857C-BC7B92D45E13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7C4EF443-F913-4ACB-8667-C8DB9EF49FC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{573F964B-6E19-4B92-A3AA-5D16EBE7051F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{79693F82-938B-42A4-B7CD-0CEE28D73ABC}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe
FirewallRules: [{22F7FB3F-590A-4AF4-A07D-26AF00F0F457}] => (Block) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe
FirewallRules: [UDP Query User{934AEA21-5F7B-4EC9-95C1-F2F81CE55A4A}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe
FirewallRules: [TCP Query User{9C6AAC05-D669-4063-B9FA-0CBE2CBB42B6}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe
FirewallRules: [{6DC8F0A7-4CC2-4101-8DC1-C7504038B59B}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe
FirewallRules: [{CCEAE0B2-AF58-48AB-8677-641F3BF7C87A}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe
FirewallRules: [{9212C4C4-D8A0-4CE0-94FD-5ADCA76D0D80}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe
FirewallRules: [{5CABEF0E-44C8-4C02-ABA2-F4C8C70AAF22}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe
FirewallRules: [{7466D6D0-4517-4286-8681-FBB0F439A813}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{A194D104-19D1-4B50-9936-1139BEBA9EFA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{E318082F-E23C-4E9E-96C2-A6FA4A066FCE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{73C58247-9D59-4926-B3ED-470E1158A1E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{1966428A-F7D2-43CF-A39C-897B0D29062F}C:\users\tristan\desktop\serial camera\processing-3.3.5\java\bin\java.exe] => (Allow) C:\users\tristan\desktop\serial camera\processing-3.3.5\java\bin\java.exe
FirewallRules: [TCP Query User{8361ED33-8CE3-4B90-851F-D0A1BD1C3C01}C:\users\tristan\desktop\serial camera\processing-3.3.5\java\bin\java.exe] => (Allow) C:\users\tristan\desktop\serial camera\processing-3.3.5\java\bin\java.exe
FirewallRules: [UDP Query User{AA6847B8-B4BB-4303-A2BA-5AEC4C4A82D6}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
FirewallRules: [TCP Query User{3250B29F-BC6E-4DE9-9210-AE43A343DFEE}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
FirewallRules: [{9ED88ED1-06D8-4011-9A81-5DE01E505665}] => (Block) H:\arduino\java\bin\javaw.exe
FirewallRules: [{138FF7E4-924B-43FE-A84F-DBDAD8B7F2E0}] => (Block) H:\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{BD976D73-6512-4791-AC2B-FB1FC412AF8C}H:\arduino\java\bin\javaw.exe] => (Allow) H:\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{5AABAF00-03FD-49A5-930B-D59FF8A6706F}H:\arduino\java\bin\javaw.exe] => (Allow) H:\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{9391C9C9-432C-41D2-8732-566CBF4B5E94}C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\java.exe] => (Allow) C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\java.exe
FirewallRules: [TCP Query User{D29A3D06-4ED7-4415-B7E9-D4C145C3CFC3}C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\java.exe] => (Allow) C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\java.exe
FirewallRules: [UDP Query User{BEB8A3E6-4B4A-4B46-849E-510072BAD3CC}C:\users\tristan\desktop\documents\marcus document kai mk.2\4)misc\ygopro-1.033.7-v2-percy\ygopro_vs.exe] => (Block) C:\users\tristan\desktop\documents\marcus document kai mk.2\4)misc\ygopro-1.033.7-v2-percy\ygopro_vs.exe
FirewallRules: [TCP Query User{CE6EB2DC-9F92-4427-BA84-75BDC02A9DE7}C:\users\tristan\desktop\documents\marcus document kai mk.2\4)misc\ygopro-1.033.7-v2-percy\ygopro_vs.exe] => (Block) C:\users\tristan\desktop\documents\marcus document kai mk.2\4)misc\ygopro-1.033.7-v2-percy\ygopro_vs.exe
FirewallRules: [{0FE6AA1E-8773-41F5-8371-2CB2CEDA4170}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4B248134-5F85-4CAE-8200-D736756D7FF9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{6A49082C-83EC-418C-B3A4-8735F7697093}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E8E37F88-87B6-4535-B641-3A1A7F26886C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{535DA8CD-1EAF-4C71-91D6-B84A808EAD3B}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{127B584E-2C05-45DD-9F6E-AF06AA717812}] => (Allow) LPort=8370
FirewallRules: [{B04F533D-BF74-4C14-8FDA-9FBBAED8F0E3}] => (Allow) LPort=8370
FirewallRules: [{A2F90121-1DED-4EE4-8EFB-7B357E89FBA3}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{92C2B9C3-0586-4A7D-B7F7-0D5357FEAD90}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{D19FEB04-7895-49FF-8949-EF8B53169BEC}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{772C8B0D-1543-41B6-B9A3-9F8025F1449A}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [TCP Query User{30DFB62D-E061-442F-88DD-6773BA83DBDB}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{12C4028C-F482-449E-A598-7AAA3E26DF0A}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{5BA1AFE3-BDA3-4FAB-8418-A8BA45FF77DB}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{DA5514DA-1D1D-4D6A-A591-3B3EAAD80DE1}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{45595144-03B2-4782-9E06-9BD6A9FDB303}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{90A0CE45-45EB-40FE-AF26-C49FF5F1DDA7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{FF483354-4A0C-4FE8-ACA4-91D30E3BB861}C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\javaw.exe] => (Allow) C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\javaw.exe
FirewallRules: [UDP Query User{461A69FC-B2CD-4817-A1A8-E7E4A869AF48}C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\javaw.exe] => (Allow) C:\users\tristan\desktop\documents\marcus document kai mk.2\3)arduino\arduino-1.6.5-r5\java\bin\javaw.exe
 
==================== Restore Points =========================
 
22-05-2018 15:05:46 Windows Update
01-06-2018 13:13:55 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2018 10:19:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program pinnacle-setup_2.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 23d0
 
Start Time: 01d3f9b2c327bdba
 
Termination Time: 4294967295
 
Application Path: C:\Users\Tristan\AppData\Local\Temp\is-DOPLL.tmp\pinnacle-setup_2.tmp
 
Report Id: 95194692-df39-4527-a6af-8f4f3c83c26d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/01/2018 09:59:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program pinnacle-setup_2.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1858
 
Start Time: 01d3f9b0667896bf
 
Termination Time: 4294967295
 
Application Path: C:\Users\Tristan\AppData\Local\Temp\is-NPH8A.tmp\pinnacle-setup_2.tmp
 
Report Id: 12754a19-4d9b-46c1-ba1b-b0fc2f4535f6
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/01/2018 09:27:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pinnacle.exe, version: 8.2.0.8, time stamp: 0x56fc66bd
Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
Exception code: 0xc000041d
Fault offset: 0x0010d722
Faulting process id: 0x2424
Faulting application start time: 0x01d3f9ac35d82b91
Faulting application path: C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e7513bb9-8777-437d-a01e-12fe8a2d0c08
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/01/2018 09:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pinnacle.exe, version: 8.2.0.8, time stamp: 0x56fc66bd
Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
Exception code: 0xc000008f
Fault offset: 0x0010d722
Faulting process id: 0x2424
Faulting application start time: 0x01d3f9ac35d82b91
Faulting application path: C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 636d3b21-5a65-44db-a296-803af1f9dc84
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/31/2018 06:43:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 230254422
 
Error: (05/31/2018 06:43:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 230254422
 
Error: (05/31/2018 06:43:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/27/2018 09:13:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Reseting to Probing:   16 LAPTOP-F93ACI8O.local. AAAA FE80:0000:0000:0000:689D:8086:C5BD:397C
 
 
System errors:
=============
Error: (06/02/2018 10:28:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/02/2018 10:27:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/02/2018 10:25:37 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-F93ACI8O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-F93ACI8O\Tristan SID (S-1-5-21-2594559411-2321929550-1583555420-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/02/2018 10:24:12 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-F93ACI8O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-F93ACI8O\Tristan SID (S-1-5-21-2594559411-2321929550-1583555420-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/02/2018 10:21:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/02/2018 10:19:49 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-F93ACI8O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-F93ACI8O\Tristan SID (S-1-5-21-2594559411-2321929550-1583555420-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/02/2018 10:17:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/02/2018 10:15:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-05-31 22:49:18.867
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Emelent.B!cl
ID: 2147725602
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Tristan\AppData\Roaming\5BB779D3-B015-5D9D-1AEE-02AFC41A46C0\UpdTask.exe;file:_C:\WINDOWS\System32\Tasks\{5BB779D3-B015-5D9D-1AEE-02AFC41A46C0};file:_C:\WINDOWS\Tasks\{5BB779D3-B015-5D9D-1AEE-02AFC41A46C0}.job;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B354DE14-E0EF-488E-BE79-7606A92D0F5F};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5BB779D3-B015-5D9D-1AEE-02AFC41A46C0};taskscheduler:_C:\WINDOWS\System32\Tasks\{5BB779D3-B015-5D9D-1AEE-02AFC41A46C0};taskscheduler:_C:\WINDOWS\Tasks\{5BB779D3-B015-5D9D-1AEE-02AFC41A46C0}.job
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.400.0, AS: 1.269.400.0, NIS: 1.269.400.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-05-31 22:48:15.625
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Emelent.B!cl
ID: 2147725602
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Tristan\AppData\Roaming\5BB779D3-B015-5D9D-1AEE-02AFC41A46C0\UpdTask.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.400.0, AS: 1.269.400.0, NIS: 1.269.400.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-05-23 17:03:07.539
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B23B1CB7-06AD-46D5-85AC-A0FDF044BF0C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-23 16:51:35.245
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0323E5B5-44A1-4EB0-AEC4-EEAB58F03911}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-23 16:50:57.394
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C5BED7AF-C028-4965-95BB-0B3B51EFFE57}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 61%
Total physical RAM: 4010.7 MB
Available physical RAM: 1552.21 MB
Total Virtual: 6186.7 MB
Available Virtual: 3337.53 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:888.04 GB) (Free:629.74 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.25 GB) NTFS
Drive g: (TalesOfZestiria) (CDROM) (Total:11.7 GB) (Free:0 GB) CDFS
 
\\?\Volume{23f962f1-7d6e-4198-936a-22573a68db3f}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{a1230d5a-7ea1-4900-a1f2-a339e9e84715}\ (LENOVO_PART) (Fixed) (Total:16.25 GB) (Free:3.69 GB) NTFS
\\?\Volume{26c3aae3-40a2-4d70-91f7-a4db5e4d269c}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FF182AB8)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:40 AM

Posted 02 June 2018 - 07:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-2594559411-2321929550-1583555420-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {234ED12F-7361-44BF-B12D-590D5E30C6E9} - System32\Tasks\App Explorer => C:\Users\Tristan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-04-23] (SweetLabs, Inc) <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\exefile:  <==== ATTENTION
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\.exe:  =>  <==== ATTENTION[/B]

(SweetLabs, Inc) C:\Users\Tristan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
R3 gkernel; C:\Users\Tristan\AppData\Local\Temp\gkernel.sys [44544 2018-06-02] () [File not signed] <==== ATTENTION
C:\Windows\System32\Tasks\App Explorer

C:\Users\Tristan\AppData\Local\Host App Service
C:\Users\Tristan\AppData\Local\Temp\gkernel.sys
C:\Users\Tristan\AppData\Local\Temp\tFdfxPr20.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

You may have to reset these browsers

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
---

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
<<<>>>

Please post the logs let me know what problem persists with this computer.

#3 Lodiicolo

Lodiicolo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 02 June 2018 - 09:53 AM

Ok I got it all done to a T. Now, it seems it's all the same. After I restarted several times (some due to request from anti-malware programs like Farbar, others by me), it still popping up, and still leaves my desktop black and unusable. 

I forgot to add that I haven't any Mozilla Firefox browsers installed, so it's creepy for me that a Firefox browser pops up during startup.

Here are the logs you told me to add:

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by Tristan (02-06-2018 21:49:50) Run:1
Running from C:\Users\Tristan\Downloads
Loaded Profiles: Tristan (Available Profiles: Tristan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CustomCLSID: HKU\S-1-5-21-2594559411-2321929550-1583555420-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {234ED12F-7361-44BF-B12D-590D5E30C6E9} - System32\Tasks\App Explorer => C:\Users\Tristan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-04-23] (SweetLabs, Inc) <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\exefile:  <==== ATTENTION
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\.exe:  =>  <==== ATTENTION[/B]
 
(SweetLabs, Inc) C:\Users\Tristan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
R3 gkernel; C:\Users\Tristan\AppData\Local\Temp\gkernel.sys [44544 2018-06-02] () [File not signed] <==== ATTENTION
C:\Windows\System32\Tasks\App Explorer
 
C:\Users\Tristan\AppData\Local\Host App Service
C:\Users\Tristan\AppData\Local\Temp\gkernel.sys
C:\Users\Tristan\AppData\Local\Temp\tFdfxPr20.dll
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2594559411-2321929550-1583555420-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{234ED12F-7361-44BF-B12D-590D5E30C6E9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{234ED12F-7361-44BF-B12D-590D5E30C6E9}" => removed successfully
C:\WINDOWS\System32\Tasks\App Explorer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => removed successfully
C:\WINDOWS\SysWOW64\zlib.dll => ":DocumentSummaryInformation" ADS could not remove.
C:\WINDOWS\SysWOW64\zlib.dll => ":SummaryInformation" ADS could not remove.
C:\WINDOWS\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
"HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\exefile" => removed successfully
"HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Classes\.exe" => removed successfully
C:\Users\Tristan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => Could not close process
gkernel => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\gkernel" => removed successfully
gkernel => service removed successfully
"C:\Windows\System32\Tasks\App Explorer" => not found
C:\Users\Tristan\AppData\Local\Host App Service => moved successfully
C:\Users\Tristan\AppData\Local\Temp\gkernel.sys => moved successfully
C:\Users\Tristan\AppData\Local\Temp\tFdfxPr20.dll => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57237963 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 47788 B
Edge => 1537700 B
Chrome => 897813172 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1042 B
LocalService => 0 B
NetworkService => 41786 B
NetworkService => 0 B
Tristan => 37922571 B
 
RecycleBin => 464348226 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:54:15 ====
 
AdwCleaner[C01].txt:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-06-01.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-02-2018
# Duration: 00:05:02
# OS:       Windows 10 Home Single Language
# Cleaned:  23
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\Host App Service
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
Deleted       C:\ProgramData\ByteFence
Deleted       C:\Program Files\ByteFence
 
***** [ Files ] *****
 
Deleted       C:\Windows\System32\Tasks_Migrated\App Explorer
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted       HKCU\Software\Host App Service
Deleted       HKU\S-1-5-18\Software\ByteFence
Deleted       HKCU\Software\ByteFence
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKLM\Software\Wow6432Node\ByteFence
Deleted       HKLM\Software\ByteFence
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
Deleted       HKCU\Software\csastats
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Setup_is1
Deleted       HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
Deleted       HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted       HKLM\Software\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted       HKLM\Software\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
AdwCleaner[S00].txt:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-06-01.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-02-2018
# Duration: 00:00:50
# OS:       Windows 10 Home Single Language
# Scanned:  40997
# Detected: 23
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki                    C:\ProgramData\Host App Service
PUP.Optional.ByteFence          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
PUP.Optional.ByteFence          C:\ProgramData\ByteFence
PUP.Optional.ByteFence          C:\Program Files\ByteFence
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\Windows\System32\Tasks_Migrated\App Explorer
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
Adware.pokki                    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki                    HKCU\Software\Host App Service
PUP.Optional.ByteFence          HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence          HKCU\Software\ByteFence
PUP.Optional.ByteFence          HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\ByteFence
PUP.Optional.ByteFence          HKLM\Software\ByteFence
PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.ByteFence          HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Setup_is1
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

AdwCleaner[S01].txt:
 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-06-01.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-02-2018
# Duration: 00:00:14
# OS:       Windows 10 Home Single Language
# Scanned:  40997
# Detected: 23
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki                    C:\ProgramData\Host App Service
PUP.Optional.ByteFence          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
PUP.Optional.ByteFence          C:\ProgramData\ByteFence
PUP.Optional.ByteFence          C:\Program Files\ByteFence
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\Windows\System32\Tasks_Migrated\App Explorer
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
Adware.pokki                    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki                    HKCU\Software\Host App Service
PUP.Optional.ByteFence          HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence          HKCU\Software\ByteFence
PUP.Optional.ByteFence          HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\ByteFence
PUP.Optional.ByteFence          HKLM\Software\ByteFence
PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.ByteFence          HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Setup_is1
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Edited by Lodiicolo, 02 June 2018 - 09:56 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:40 AM

Posted 02 June 2018 - 10:47 AM

Hi,

Well will remove all references to Firefox and mozilla.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\Run: [firefox] => C:\Users\Tristan\AppData\Roaming\FFPortable\update.exe [910296 2010-03-31] (Mozilla Corporation)
FF ProfilePath: C:\Users\Tristan\AppData\Roaming\AMozilla\AFirefox\Profiles\tv7trr1u.default [2018-06-02]
FF HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tristan\AppData\Roaming\IDM\idmmzcc5

C:\Users\Tristan\AppData\Roaming\FFPortable
C:\Users\Tristan\AppData\Roaming\IDM\idmmzcc5

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#5 Lodiicolo

Lodiicolo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 03 June 2018 - 03:16 AM

Hey nasduq, you did it!!! It's good as new! \(^o^)/

Here is probably my last log:
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by Tristan (03-06-2018 00:03:46) Run:1
Running from C:\Users\Tristan\Downloads
Loaded Profiles: Tristan (Available Profiles: Tristan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\Run: [firefox] => C:\Users\Tristan\AppData\Roaming\FFPortable\update.exe [910296 2010-03-31] (Mozilla Corporation)
FF ProfilePath: C:\Users\Tristan\AppData\Roaming\AMozilla\AFirefox\Profiles\tv7trr1u.default [2018-06-02]
FF HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tristan\AppData\Roaming\IDM\idmmzcc5
 
C:\Users\Tristan\AppData\Roaming\FFPortable
C:\Users\Tristan\AppData\Roaming\IDM\idmmzcc5
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Microsoft\Windows\CurrentVersion\Run\\firefox" => removed successfully
C:\Users\Tristan\AppData\Roaming\AMozilla\AFirefox\Profiles\tv7trr1u.default => moved successfully
C:\Users\Tristan\AppData\Roaming\AMozilla\AFirefox\Profiles\tv7trr1u.default => path removed successfully
"HKU\S-1-5-21-2594559411-2321929550-1583555420-1001\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com" => removed successfully
C:\Users\Tristan\AppData\Roaming\FFPortable => moved successfully
C:\Users\Tristan\AppData\Roaming\IDM\idmmzcc5 => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 00:04:55 ====

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:40 AM

Posted 03 June 2018 - 06:38 AM

Hi,

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users