Jump to content

mertaugh

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by mertaugh

  1. I believe the problem has been resolved thanks for your help.
  2. Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01 Ran by merta (11-03-2017 15:29:20) Run:1 Running from C:\Users\merta\Desktop\New folder Loaded Profiles: merta (Available Profiles: defaultuser0 & merta) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION C:\Program Files (x86)\cpx HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () C:\Program Files (x86)\svcvmx GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION C:\Program Files (x86)\dataup R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION C:\Program Files (x86)\qdcomsvc R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION C:\Users\merta\AppData\Local\Temp\WS R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION C:\Users\merta\AppData\Local\Temp\20170310 R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION C:\Windows\System32\drivers\drmkpro64.sys 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher 2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07 2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e 2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854 2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0 2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31 C:\Users\merta\AppData\Local\Temp\wowrr.exe FirewallRules: [{DC8E41F0-D624-4A31-9201-4714E5E1BD78}] => (Allow) LPort=50082 FirewallRules: [{54892D3C-6AC3-436C-9E21-7343513D4D03}] => (Allow) LPort=5000 CMD: ipconfig /flushDNS Hosts: EmptyTemp: end ***************** Error: Restore point can only be created in normal mode. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully "C:\Program Files (x86)\cpx" => not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value removed successfully C:\Program Files (x86)\svcvmx => moved successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\User => moved successfully HKLM\System\CurrentControlSet\Services\Dataup => key removed successfully Dataup => service removed successfully C:\Program Files (x86)\dataup => moved successfully HKLM\System\CurrentControlSet\Services\qdcomsvc => key removed successfully qdcomsvc => service removed successfully C:\Program Files (x86)\qdcomsvc => moved successfully HKLM\System\CurrentControlSet\Services\realtek_amd64 => key removed successfully realtek_amd64 => service removed successfully C:\Users\merta\AppData\Local\Temp\WS => moved successfully HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key removed successfully windowsmanagementservice => service removed successfully C:\Users\merta\AppData\Local\Temp\20170310 => moved successfully HKLM\System\CurrentControlSet\Services\drmkpro64 => key removed successfully drmkpro64 => service removed successfully C:\Windows\System32\drivers\drmkpro64.sys => moved successfully C:\Users\merta\AppData\Local\AnonymizerLauncher => moved successfully C:\Users\merta\.proxycheck => moved successfully C:\Users\merta\.AnonymizerLauncher => moved successfully C:\Program Files (x86)\AnonymizerGadget => moved successfully C:\Users\merta\AppData\Roaming\c => moved successfully C:\Users\merta\AppData\Roaming\AGData => moved successfully C:\ProgramData\1489118818 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c => moved successfully C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a => moved successfully C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f => moved successfully C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9 => moved successfully C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31 => moved successfully C:\Users\merta\AppData\Local\Temp\wowrr.exe => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC8E41F0-D624-4A31-9201-4714E5E1BD78} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54892D3C-6AC3-436C-9E21-7343513D4D03} => value removed successfully ========= ipconfig /flushDNS ========= Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. ========= End of CMD: ========= Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10049986 B Java, Flash, Steam htmlcache => 221458798 B Windows/system/drivers => 33301752 B Edge => 155582133 B Chrome => 547114965 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 6974 B NetworkService => -652 B defaultuser0 => 128 B merta => 8701249729 B RecycleBin => 7725623384 B EmptyTemp: => 16.2 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Safe Mode (minimal)) (Date&Time: 11-03-2017 15:33:45) "C:\Windows\System32\Drivers\etc\hosts" => Could not move Could not restore Hosts. ==== End of Fixlog 15:33:45 ====
  3. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01 Ran by merta (administrator) on DESKTOP-VP3SFLM (11-03-2017 12:32:11) Running from C:\Users\merta\Downloads Loaded Profiles: merta (Available Profiles: defaultuser0 & merta) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\dataup\dataup.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe () C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe (Autodesk, Inc.) D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\svcvmx.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (ct Corp.) C:\Users\merta\AppData\Local\Temp\20170310\ct.exe (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Discord] => C:\Users\merta\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [DiscordPTB] => C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe [64290304 2017-01-03] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Akamai NetSession Interface] => C:\Users\merta\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [uTorrent] => C:\Users\merta\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-09] (BitTorrent Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{18f7573c-5615-425c-bbd4-8676c6d09886}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-3308240972-949208329-912309981-1001: jpl.nasa.gov/NASAEyes -> C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-02-15] (Jet Propulsion Laboratory) Chrome: ======= CHR StartupUrls: Default -> "chrome://newtab/" CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default [2017-03-11] CHR Extension: (Google Slides) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15] CHR Extension: (Google Docs) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15] CHR Extension: (Google Drive) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14] CHR Extension: (MEGA) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09] CHR Extension: (YouTube) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14] CHR Extension: (uBlock Origin) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09] CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-03-08] CHR Extension: (Google Sheets) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15] CHR Extension: (Causality Games) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-03-08] CHR Extension: (Fair Ads (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-03-08] CHR Extension: (Chrome Remote Desktop) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-08] CHR Extension: (Google Docs Offline) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15] CHR Extension: (LastPass: Free Password Manager) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-08] CHR Extension: (Steambirds: Survival) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2017-03-08] CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] CHR Extension: (Gmail) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14] CHR Extension: (Chrome Media Router) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] () R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] () R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 mitsijm2017; D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-15] (Electronic Arts) R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-15] (Electronic Arts) R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices) R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA) R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM) R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation ) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:30 - 2017-03-11 12:31 - 00067268 _____ C:\Users\merta\Downloads\Addition.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00016756 _____ C:\Users\merta\Downloads\FRST.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00000000 ____D C:\FRST 2017-03-11 12:27 - 2017-03-11 12:27 - 02424320 _____ (Farbar) C:\Users\merta\Downloads\FRST64.exe 2017-03-11 12:17 - 2017-03-11 12:26 - 00000000 ____D C:\ProgramData\Avg 2017-03-11 12:17 - 2017-03-11 12:18 - 00000000 ____D C:\Users\merta\AppData\Local\AvgSetupLog 2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ____D C:\Users\merta\AppData\Local\Avg 2017-03-11 12:16 - 2017-03-11 12:17 - 03212664 _____ (AVG Technologies CZ, s.r.o.) C:\Users\merta\Downloads\AVG_Antivirus_Free_1918.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 06656568 _____ (AVAST Software) C:\Users\merta\Downloads\avast_pro_antivirus_setup_online.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-11 12:04 - 2017-03-11 12:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-11 12:04 - 2017-03-11 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-11 12:04 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-11 12:03 - 2017-03-11 12:03 - 57131432 _____ (Malwarebytes ) C:\Users\merta\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-11 11:59 - 2017-03-11 12:02 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9A90389-D2EB-4FD2-9123-B48CDAFF5A3F} 2017-03-10 07:23 - 2017-03-10 07:23 - 00000000 ____D C:\Users\merta\AppData\Local\Skyrim Special Edition 2017-03-10 07:22 - 2017-03-10 07:22 - 00000884 _____ C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk 2017-03-10 07:22 - 2017-03-10 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition 2017-03-10 00:12 - 2017-03-10 00:12 - 00000000 ____D C:\Program Files (x86)\regtool 2017-03-09 22:15 - 2017-03-09 22:21 - 00000000 ____D C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX 2017-03-09 22:15 - 2017-03-09 22:15 - 00056846 _____ C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX.torrent 2017-03-09 22:12 - 2017-03-10 16:19 - 00000000 ____D C:\Users\merta\AppData\Local\llssoft 2017-03-09 22:12 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\svcvmx 2017-03-09 22:10 - 2017-03-09 22:10 - 00412348 _____ C:\Windows\Minidump\030917-11390-01.dmp 2017-03-09 22:07 - 2017-03-10 19:13 - 01851904 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\qdcomsvc 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\dataup 2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818 2017-03-09 22:05 - 2017-03-09 22:05 - 00003670 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mertaugh1234@yahoo.com 2017-03-09 22:05 - 2017-03-09 22:05 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c 2017-03-09 22:00 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition-CODEX 2017-03-09 16:15 - 2017-03-09 16:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\Users\merta\Tracing 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-09 16:14 - 2017-03-09 16:14 - 01631200 _____ (Skype Technologies S.A.) C:\Users\merta\Downloads\SkypeSetup.exe 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07 2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e 2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854 2017-03-08 15:54 - 2017-03-08 15:54 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk 2017-03-08 15:18 - 2017-03-08 15:50 - 00000000 ____D C:\Users\merta\Desktop\graphic-design-basics 2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0 2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Adobe 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31 2017-03-08 14:50 - 2017-03-08 14:50 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ___RD C:\Users\merta\Creative Cloud Files 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-03-08 14:10 - 2017-03-08 14:10 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-03-08 14:10 - 2017-03-08 14:10 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-03-08 14:09 - 2017-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-03-08 14:05 - 2017-03-08 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-03-08 14:04 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Adobe 2017-03-08 14:02 - 2017-03-09 22:05 - 00000000 ____D C:\Program Files\Adobe 2017-03-08 14:02 - 2017-03-08 16:16 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-03-08 14:00 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\Adobe 2017-03-08 13:59 - 2017-03-11 12:02 - 00000000 ____D C:\Users\merta\AppData\Local\Adobe 2017-03-08 13:01 - 2017-03-08 15:13 - 00000000 ____D C:\Users\merta\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack 2017-03-04 11:36 - 2017-03-04 11:46 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband Savegames 2017-03-04 11:33 - 2017-03-04 11:43 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband 2017-03-04 11:33 - 2017-03-04 11:33 - 00000000 ____D C:\Users\merta\AppData\Roaming\Mount&Blade Warband 2017-03-03 17:49 - 2017-03-03 17:49 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-03 17:49 - 2017-03-03 17:49 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-03 17:48 - 2017-03-09 22:09 - 00000000 ____D C:\Program Files (x86)\Google 2017-03-03 17:48 - 2017-03-03 17:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-03-03 17:48 - 2017-03-03 17:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-03-03 17:43 - 2017-03-03 17:43 - 01129376 _____ (Google Inc.) C:\Users\merta\Downloads\ChromeSetup.exe 2017-03-02 17:38 - 2017-03-02 17:54 - 00000222 _____ C:\Users\merta\Desktop\TerraTech.url 2017-02-28 16:52 - 2017-02-28 16:52 - 00000222 _____ C:\Users\merta\Desktop\Subnautica.url 2017-02-27 22:13 - 2017-02-27 22:13 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Sound recordings 2017-02-27 20:48 - 2017-02-27 20:48 - 00000000 ____D C:\Users\merta\AppData\Roaming\.mono 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Unity 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Payload 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\Desktop\µTorrent.lnk 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-02-26 16:17 - 2017-03-11 12:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\uTorrent 2017-02-26 16:17 - 2017-02-26 16:17 - 02400960 _____ (BitTorrent Inc.) C:\Users\merta\Downloads\uTorrent.exe 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Jet Propulsion Laboratory 2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys 2017-02-19 21:58 - 2017-02-19 21:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\UnrealEngine 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\SwordWithSauce1_4 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Program Files (x86)\OpenAL 2017-02-19 21:55 - 2017-02-19 21:55 - 00000222 _____ C:\Users\merta\Desktop\Sword With Sauce Alpha.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000222 _____ C:\Users\merta\Desktop\ShellShock Live.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Kyle Champ 2017-02-19 15:52 - 2017-02-19 15:52 - 00000000 ____D C:\Windows\system32\5f3db57aa780ac998e1d90..bin 2017-02-19 07:50 - 2017-02-19 07:50 - 00000000 ____D C:\Users\merta\AppData\Local\My Games 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\MSBuild 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-02-19 07:48 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2017-02-19 07:48 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2017-02-19 07:02 - 2017-02-19 07:02 - 00000220 _____ C:\Users\merta\Desktop\Sid Meier's Civilization V.url 2017-02-19 07:01 - 2017-02-19 07:01 - 00000279 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-02-15 17:51 - 2017-02-15 17:51 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:19 - 2017-01-14 16:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\Skype 2017-03-11 12:08 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\AppReadiness 2017-03-11 12:07 - 2017-01-14 16:28 - 02793706 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-11 12:04 - 2017-01-15 17:26 - 00003656 _____ C:\Windows\System32\Tasks\AutoKMS 2017-03-11 12:04 - 2017-01-14 16:29 - 00000000 ____D C:\Users\merta\AppData\Local\MicrosoftEdge 2017-03-11 12:01 - 2017-01-14 18:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-11 12:00 - 2017-01-15 16:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2017-03-11 12:00 - 2017-01-14 16:25 - 00000000 ____D C:\Users\merta 2017-03-11 12:00 - 2016-07-16 00:04 - 00786432 _____ C:\Windows\system32\config\BBI 2017-03-11 11:06 - 2017-01-14 18:21 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-03-10 07:23 - 2017-01-14 18:28 - 00000000 ____D C:\Users\merta\OneDrive\Documents\My Games 2017-03-09 22:10 - 2017-01-15 16:39 - 1055829501 _____ C:\Windows\MEMORY.DMP 2017-03-09 22:10 - 2017-01-15 16:39 - 00000000 ____D C:\Windows\Minidump 2017-03-09 16:14 - 2017-01-14 17:24 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-08 15:54 - 2017-01-14 16:26 - 00000000 ____D C:\Users\merta\AppData\Roaming\Adobe 2017-03-06 15:24 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-03-03 17:43 - 2017-01-14 16:31 - 00000000 ____D C:\Users\merta\AppData\Local\Google 2017-03-01 21:11 - 2017-01-14 16:29 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-01 21:11 - 2017-01-14 16:28 - 00002363 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-01 21:11 - 2017-01-14 16:28 - 00000000 ___RD C:\Users\merta\OneDrive 2017-02-28 22:28 - 2017-01-16 16:05 - 00000000 ____D C:\ProgramData\Origin 2017-02-28 22:23 - 2017-01-16 16:07 - 00000000 ____D C:\Users\merta\AppData\Roaming\Origin 2017-02-25 21:14 - 2017-01-15 23:37 - 00000000 ____D C:\Windows\system32\MRT 2017-02-25 21:13 - 2017-01-15 23:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-25 21:13 - 2016-07-16 05:36 - 00000000 ____D C:\Windows\CbsTemp 2017-02-19 15:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\rescache 2017-02-19 07:49 - 2016-07-16 05:45 - 00000000 ____D C:\Windows\INF 2017-02-18 21:31 - 2017-01-15 18:39 - 00000000 ____D C:\Users\merta\AppData\Roaming\discordptb 2017-02-16 17:34 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-15 17:51 - 2017-01-25 17:12 - 00000945 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2017-02-14 15:29 - 2017-01-14 17:00 - 00000000 ____D C:\AMD ==================== Files in the root of some directories ======= 2017-01-14 19:26 - 2017-01-14 19:26 - 0140288 _____ () C:\Users\merta\AppData\Roaming\Installer.dat 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\run.txt 2017-01-14 19:25 - 2017-01-14 19:25 - 0000001 _____ () C:\Users\merta\AppData\Local\setupsuccessful.txt 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\stxtname.txt Some files in TEMP: ==================== 2017-03-08 14:09 - 2017-03-08 14:09 - 0288456 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AAMHelper.exe 2017-03-08 14:06 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AdobeApplicationManager.exe 2017-03-09 22:05 - 2017-03-09 22:05 - 1850711 _____ () C:\Users\merta\AppData\Local\Temp\cpa.exe 2017-02-23 16:44 - 2017-02-15 11:58 - 0223160 _____ () C:\Users\merta\AppData\Local\Temp\EyesLauncher.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\merta\AppData\Local\Temp\fox.exe 2017-01-15 17:19 - 2017-01-15 17:19 - 1066336 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\PidGenX.dll 2017-03-09 16:14 - 2017-03-09 16:14 - 14456872 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\vc_redist.x86.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0011273 _____ () C:\Users\merta\AppData\Local\Temp\wowrr.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-08 21:01 ==================== End of FRST.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01 Ran by merta (administrator) on DESKTOP-VP3SFLM (11-03-2017 12:32:11) Running from C:\Users\merta\Downloads Loaded Profiles: merta (Available Profiles: defaultuser0 & merta) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\dataup\dataup.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe () C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe (Autodesk, Inc.) D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\svcvmx.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (ct Corp.) C:\Users\merta\AppData\Local\Temp\20170310\ct.exe (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Discord] => C:\Users\merta\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [DiscordPTB] => C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe [64290304 2017-01-03] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Akamai NetSession Interface] => C:\Users\merta\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [uTorrent] => C:\Users\merta\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-09] (BitTorrent Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{18f7573c-5615-425c-bbd4-8676c6d09886}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-3308240972-949208329-912309981-1001: jpl.nasa.gov/NASAEyes -> C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-02-15] (Jet Propulsion Laboratory) Chrome: ======= CHR StartupUrls: Default -> "chrome://newtab/" CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default [2017-03-11] CHR Extension: (Google Slides) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15] CHR Extension: (Google Docs) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15] CHR Extension: (Google Drive) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14] CHR Extension: (MEGA) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09] CHR Extension: (YouTube) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14] CHR Extension: (uBlock Origin) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09] CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-03-08] CHR Extension: (Google Sheets) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15] CHR Extension: (Causality Games) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-03-08] CHR Extension: (Fair Ads (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-03-08] CHR Extension: (Chrome Remote Desktop) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-08] CHR Extension: (Google Docs Offline) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15] CHR Extension: (LastPass: Free Password Manager) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-08] CHR Extension: (Steambirds: Survival) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2017-03-08] CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] CHR Extension: (Gmail) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14] CHR Extension: (Chrome Media Router) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] () R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] () R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 mitsijm2017; D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-15] (Electronic Arts) R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-15] (Electronic Arts) R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices) R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA) R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM) R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation ) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:30 - 2017-03-11 12:31 - 00067268 _____ C:\Users\merta\Downloads\Addition.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00016756 _____ C:\Users\merta\Downloads\FRST.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00000000 ____D C:\FRST 2017-03-11 12:27 - 2017-03-11 12:27 - 02424320 _____ (Farbar) C:\Users\merta\Downloads\FRST64.exe 2017-03-11 12:17 - 2017-03-11 12:26 - 00000000 ____D C:\ProgramData\Avg 2017-03-11 12:17 - 2017-03-11 12:18 - 00000000 ____D C:\Users\merta\AppData\Local\AvgSetupLog 2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ____D C:\Users\merta\AppData\Local\Avg 2017-03-11 12:16 - 2017-03-11 12:17 - 03212664 _____ (AVG Technologies CZ, s.r.o.) C:\Users\merta\Downloads\AVG_Antivirus_Free_1918.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 06656568 _____ (AVAST Software) C:\Users\merta\Downloads\avast_pro_antivirus_setup_online.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-11 12:04 - 2017-03-11 12:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-11 12:04 - 2017-03-11 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-11 12:04 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-11 12:03 - 2017-03-11 12:03 - 57131432 _____ (Malwarebytes ) C:\Users\merta\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-11 11:59 - 2017-03-11 12:02 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9A90389-D2EB-4FD2-9123-B48CDAFF5A3F} 2017-03-10 07:23 - 2017-03-10 07:23 - 00000000 ____D C:\Users\merta\AppData\Local\Skyrim Special Edition 2017-03-10 07:22 - 2017-03-10 07:22 - 00000884 _____ C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk 2017-03-10 07:22 - 2017-03-10 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition 2017-03-10 00:12 - 2017-03-10 00:12 - 00000000 ____D C:\Program Files (x86)\regtool 2017-03-09 22:15 - 2017-03-09 22:21 - 00000000 ____D C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX 2017-03-09 22:15 - 2017-03-09 22:15 - 00056846 _____ C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX.torrent 2017-03-09 22:12 - 2017-03-10 16:19 - 00000000 ____D C:\Users\merta\AppData\Local\llssoft 2017-03-09 22:12 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\svcvmx 2017-03-09 22:10 - 2017-03-09 22:10 - 00412348 _____ C:\Windows\Minidump\030917-11390-01.dmp 2017-03-09 22:07 - 2017-03-10 19:13 - 01851904 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\qdcomsvc 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\dataup 2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818 2017-03-09 22:05 - 2017-03-09 22:05 - 00003670 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mertaugh1234@yahoo.com 2017-03-09 22:05 - 2017-03-09 22:05 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c 2017-03-09 22:00 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition-CODEX 2017-03-09 16:15 - 2017-03-09 16:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\Users\merta\Tracing 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-09 16:14 - 2017-03-09 16:14 - 01631200 _____ (Skype Technologies S.A.) C:\Users\merta\Downloads\SkypeSetup.exe 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07 2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e 2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854 2017-03-08 15:54 - 2017-03-08 15:54 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk 2017-03-08 15:18 - 2017-03-08 15:50 - 00000000 ____D C:\Users\merta\Desktop\graphic-design-basics 2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0 2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Adobe 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31 2017-03-08 14:50 - 2017-03-08 14:50 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ___RD C:\Users\merta\Creative Cloud Files 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-03-08 14:10 - 2017-03-08 14:10 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-03-08 14:10 - 2017-03-08 14:10 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-03-08 14:09 - 2017-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-03-08 14:05 - 2017-03-08 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-03-08 14:04 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Adobe 2017-03-08 14:02 - 2017-03-09 22:05 - 00000000 ____D C:\Program Files\Adobe 2017-03-08 14:02 - 2017-03-08 16:16 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-03-08 14:00 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\Adobe 2017-03-08 13:59 - 2017-03-11 12:02 - 00000000 ____D C:\Users\merta\AppData\Local\Adobe 2017-03-08 13:01 - 2017-03-08 15:13 - 00000000 ____D C:\Users\merta\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack 2017-03-04 11:36 - 2017-03-04 11:46 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband Savegames 2017-03-04 11:33 - 2017-03-04 11:43 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband 2017-03-04 11:33 - 2017-03-04 11:33 - 00000000 ____D C:\Users\merta\AppData\Roaming\Mount&Blade Warband 2017-03-03 17:49 - 2017-03-03 17:49 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-03 17:49 - 2017-03-03 17:49 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-03 17:48 - 2017-03-09 22:09 - 00000000 ____D C:\Program Files (x86)\Google 2017-03-03 17:48 - 2017-03-03 17:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-03-03 17:48 - 2017-03-03 17:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-03-03 17:43 - 2017-03-03 17:43 - 01129376 _____ (Google Inc.) C:\Users\merta\Downloads\ChromeSetup.exe 2017-03-02 17:38 - 2017-03-02 17:54 - 00000222 _____ C:\Users\merta\Desktop\TerraTech.url 2017-02-28 16:52 - 2017-02-28 16:52 - 00000222 _____ C:\Users\merta\Desktop\Subnautica.url 2017-02-27 22:13 - 2017-02-27 22:13 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Sound recordings 2017-02-27 20:48 - 2017-02-27 20:48 - 00000000 ____D C:\Users\merta\AppData\Roaming\.mono 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Unity 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Payload 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\Desktop\µTorrent.lnk 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-02-26 16:17 - 2017-03-11 12:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\uTorrent 2017-02-26 16:17 - 2017-02-26 16:17 - 02400960 _____ (BitTorrent Inc.) C:\Users\merta\Downloads\uTorrent.exe 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Jet Propulsion Laboratory 2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys 2017-02-19 21:58 - 2017-02-19 21:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\UnrealEngine 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\SwordWithSauce1_4 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Program Files (x86)\OpenAL 2017-02-19 21:55 - 2017-02-19 21:55 - 00000222 _____ C:\Users\merta\Desktop\Sword With Sauce Alpha.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000222 _____ C:\Users\merta\Desktop\ShellShock Live.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Kyle Champ 2017-02-19 15:52 - 2017-02-19 15:52 - 00000000 ____D C:\Windows\system32\5f3db57aa780ac998e1d90..bin 2017-02-19 07:50 - 2017-02-19 07:50 - 00000000 ____D C:\Users\merta\AppData\Local\My Games 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\MSBuild 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-02-19 07:48 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2017-02-19 07:48 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2017-02-19 07:02 - 2017-02-19 07:02 - 00000220 _____ C:\Users\merta\Desktop\Sid Meier's Civilization V.url 2017-02-19 07:01 - 2017-02-19 07:01 - 00000279 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-02-15 17:51 - 2017-02-15 17:51 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:19 - 2017-01-14 16:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\Skype 2017-03-11 12:08 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\AppReadiness 2017-03-11 12:07 - 2017-01-14 16:28 - 02793706 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-11 12:04 - 2017-01-15 17:26 - 00003656 _____ C:\Windows\System32\Tasks\AutoKMS 2017-03-11 12:04 - 2017-01-14 16:29 - 00000000 ____D C:\Users\merta\AppData\Local\MicrosoftEdge 2017-03-11 12:01 - 2017-01-14 18:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-11 12:00 - 2017-01-15 16:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2017-03-11 12:00 - 2017-01-14 16:25 - 00000000 ____D C:\Users\merta 2017-03-11 12:00 - 2016-07-16 00:04 - 00786432 _____ C:\Windows\system32\config\BBI 2017-03-11 11:06 - 2017-01-14 18:21 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-03-10 07:23 - 2017-01-14 18:28 - 00000000 ____D C:\Users\merta\OneDrive\Documents\My Games 2017-03-09 22:10 - 2017-01-15 16:39 - 1055829501 _____ C:\Windows\MEMORY.DMP 2017-03-09 22:10 - 2017-01-15 16:39 - 00000000 ____D C:\Windows\Minidump 2017-03-09 16:14 - 2017-01-14 17:24 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-08 15:54 - 2017-01-14 16:26 - 00000000 ____D C:\Users\merta\AppData\Roaming\Adobe 2017-03-06 15:24 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-03-03 17:43 - 2017-01-14 16:31 - 00000000 ____D C:\Users\merta\AppData\Local\Google 2017-03-01 21:11 - 2017-01-14 16:29 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-01 21:11 - 2017-01-14 16:28 - 00002363 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-01 21:11 - 2017-01-14 16:28 - 00000000 ___RD C:\Users\merta\OneDrive 2017-02-28 22:28 - 2017-01-16 16:05 - 00000000 ____D C:\ProgramData\Origin 2017-02-28 22:23 - 2017-01-16 16:07 - 00000000 ____D C:\Users\merta\AppData\Roaming\Origin 2017-02-25 21:14 - 2017-01-15 23:37 - 00000000 ____D C:\Windows\system32\MRT 2017-02-25 21:13 - 2017-01-15 23:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-25 21:13 - 2016-07-16 05:36 - 00000000 ____D C:\Windows\CbsTemp 2017-02-19 15:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\rescache 2017-02-19 07:49 - 2016-07-16 05:45 - 00000000 ____D C:\Windows\INF 2017-02-18 21:31 - 2017-01-15 18:39 - 00000000 ____D C:\Users\merta\AppData\Roaming\discordptb 2017-02-16 17:34 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-15 17:51 - 2017-01-25 17:12 - 00000945 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2017-02-14 15:29 - 2017-01-14 17:00 - 00000000 ____D C:\AMD ==================== Files in the root of some directories ======= 2017-01-14 19:26 - 2017-01-14 19:26 - 0140288 _____ () C:\Users\merta\AppData\Roaming\Installer.dat 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\run.txt 2017-01-14 19:25 - 2017-01-14 19:25 - 0000001 _____ () C:\Users\merta\AppData\Local\setupsuccessful.txt 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\stxtname.txt Some files in TEMP: ==================== 2017-03-08 14:09 - 2017-03-08 14:09 - 0288456 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AAMHelper.exe 2017-03-08 14:06 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AdobeApplicationManager.exe 2017-03-09 22:05 - 2017-03-09 22:05 - 1850711 _____ () C:\Users\merta\AppData\Local\Temp\cpa.exe 2017-02-23 16:44 - 2017-02-15 11:58 - 0223160 _____ () C:\Users\merta\AppData\Local\Temp\EyesLauncher.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\merta\AppData\Local\Temp\fox.exe 2017-01-15 17:19 - 2017-01-15 17:19 - 1066336 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\PidGenX.dll 2017-03-09 16:14 - 2017-03-09 16:14 - 14456872 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\vc_redist.x86.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0011273 _____ () C:\Users\merta\AppData\Local\Temp\wowrr.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-08 21:01 ==================== End of FRST.txt ============================ FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.