Blasto123
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Blasto123
-
Better then ever! All updates are downloading correctly! Thank you very much!
-
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017 Ran by Blaster Ice (02-06-2017 13:04:19) Run:5 Running from C:\Users\Blaster Ice\Desktop Loaded Profiles: UpdatusUser & Blaster Ice (Available Profiles: UpdatusUser & Blaster Ice & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** REG: REG DELETE "HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SearchProtection" /f REG: REG DELETE "HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Run" /v "SearchProtection" /f REG: REG DELETE "HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection" /f ***************** ========= REG DELETE "HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SearchProtection" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Run" /v "SearchProtection" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection" /f ========= The operation completed successfully. ========= End of Reg: ========= ==== End of Fixlog 13:04:20 ====
-
Farbar Recovery Scan Tool (x64) Version: 28-05-2017 Ran by Blaster Ice (30-05-2017 13:17:24) Running from C:\Users\Blaster Ice\Desktop Boot Mode: Normal ================== Search Registry: "SearchProtection" =========== [HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SearchProtection"="0x030000008AC5BBE11361CF01" [HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Run] "SearchProtection"=""C:\Users\Blaster Ice\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart" [HKEY_USERS\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection] "DisplayIcon"="C:\Users\UpdatusUser\AppData\Roaming\Search Protection\SearchProtection.EXE,0" ====== End of Search ======
-
Sorry Aura, ive been away the past few days.. Ill go do the thing now.
-
I got this 2 FRST.txt Addition.txt
-
It worked! Fixlog.txt
-
Update: After i restart my computer some how updates all worked and same goes to Nvidia Geforce experience. I then updated the driver and the control panel appeared now.
-
I ran it in safe mode and once i pressed fix the log appeared and FRST still stuck on fixing for abt 30 minutes and i just ended task. Another thing is for some reason my nvidia control panel just dissapeared. I cant even find it any where Heres the log btw Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017 Ran by Blaster Ice (20-05-2017 17:40:13) Run:3 Running from C:\Users\Blaster Ice\Desktop Loaded Profiles: Blaster Ice (Available Profiles: UpdatusUser & Blaster Ice & Guest) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Run: [SearchProtection] => "C:\Users\Blaster Ice\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden Task: {14FB9ADD-1DBB-428E-9E15-F95F7DB51733} - \Driver Detective -> No File <==== ATTENTION Task: {2DB92FCA-8E92-44D9-8CA6-6CAD8595CF3B} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-500 -> No File <==== ATTENTION Task: {2FC9630C-C3AE-430F-B167-322639C42E25} - \User_Feed_Synchronization-{771CC023-050F-4237-A636-FF522FD3CCBD} -> No File <==== ATTENTION Task: {39FB1C93-F232-4131-B730-EF36680235D0} - \WpsUpdateTask_Blaster Ice -> No File <==== ATTENTION Task: {5490CE78-AD7A-4989-ACE3-E1EEC51EF887} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-1004 -> No File <==== ATTENTION Task: {6912A6E7-F997-4258-A937-1C03701FA90E} - \ALU -> No File <==== ATTENTION Task: {7D4784D9-B879-423F-9E2C-5AF96E8AB982} - \Launch Manager -> No File <==== ATTENTION Task: {7E3A2E4A-EA19-4947-A255-0EEDEC85DE8C} - \AdobeAAMUpdater-1.0-MicrosoftAccount-Blasterkatana@hotmail.com -> No File <==== ATTENTION Task: {9BF50FB3-9162-4AEB-AB8F-FDC045263DE3} - \Power Management -> No File <==== ATTENTION Task: {A3E2986B-C0E9-42AA-BCF5-2C5162C47313} - \ALUAgent -> No File <==== ATTENTION Task: {D46DC9B3-7A43-42FC-86EF-951B1DA276C2} - \AcerCloud -> No File <==== ATTENTION IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxp://apps.driversupport.com IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxps://apps.driversupport.com HKLM\...\StartupApproved\Run32: => "svcvmx" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "SearchProtection" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "Optimizer Pro" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "BlockNSurf" C:\ProgramData\GreenApp C:\ProgramData\SaVeNeWaAppzu C:\ProgramData\ntuser.pol C:\Users\Blaster Ice\AppData\Local\{F3B23641-B260-476E-BDFA-CE9F1A2A4202} C:\Users\Blaster Ice\AppData\Local\dtdkdz C:\Users\Blaster Ice\AppData\Local\reazbg C:\Users\Blaster Ice\AppData\Local\21563256.exe C:\Users\Blaster Ice\AppData\Local\42874.exe C:\Users\Blaster Ice\AppData\Roaming\c C:\Users\Blaster Ice\AppData\Roaming\Search Protection C:\Windows\SysWOW64\splsrv.exe C:\Windows\system32\tprdpw64.exe EmptyTemp: ***************** Processes closed successfully. Error: Restore point can only be created in normal mode. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
-
Ok i will give it a try.
-
Yes. i use the same profile. On the safemode desktop there are some of my games and razer stuff. And all the folders are gone
-
i downloaded them in the desktop but it wont appear in safe mode
-
I restarted in safe mode,i couldnt find FRST and the fix file so i tryed to download it agn, but apparently internet connection is disabled in safe mode.
-
I use windows 8.1, so the steps are same as windows 10?
-
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017 Ran by Blaster Ice (19-05-2017 17:50:36) Run:1 Running from C:\Users\Blaster Ice\Desktop Loaded Profiles: UpdatusUser & Blaster Ice (Available Profiles: UpdatusUser & Blaster Ice & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Run: [SearchProtection] => "C:\Users\Blaster Ice\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden Task: {14FB9ADD-1DBB-428E-9E15-F95F7DB51733} - \Driver Detective -> No File <==== ATTENTION Task: {2DB92FCA-8E92-44D9-8CA6-6CAD8595CF3B} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-500 -> No File <==== ATTENTION Task: {2FC9630C-C3AE-430F-B167-322639C42E25} - \User_Feed_Synchronization-{771CC023-050F-4237-A636-FF522FD3CCBD} -> No File <==== ATTENTION Task: {39FB1C93-F232-4131-B730-EF36680235D0} - \WpsUpdateTask_Blaster Ice -> No File <==== ATTENTION Task: {5490CE78-AD7A-4989-ACE3-E1EEC51EF887} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-1004 -> No File <==== ATTENTION Task: {6912A6E7-F997-4258-A937-1C03701FA90E} - \ALU -> No File <==== ATTENTION Task: {7D4784D9-B879-423F-9E2C-5AF96E8AB982} - \Launch Manager -> No File <==== ATTENTION Task: {7E3A2E4A-EA19-4947-A255-0EEDEC85DE8C} - \AdobeAAMUpdater-1.0-MicrosoftAccount-Blasterkatana@hotmail.com -> No File <==== ATTENTION Task: {9BF50FB3-9162-4AEB-AB8F-FDC045263DE3} - \Power Management -> No File <==== ATTENTION Task: {A3E2986B-C0E9-42AA-BCF5-2C5162C47313} - \ALUAgent -> No File <==== ATTENTION Task: {D46DC9B3-7A43-42FC-86EF-951B1DA276C2} - \AcerCloud -> No File <==== ATTENTION IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxp://apps.driversupport.com IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxps://apps.driversupport.com HKLM\...\StartupApproved\Run32: => "svcvmx" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "SearchProtection" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "Optimizer Pro" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "BlockNSurf" C:\ProgramData\GreenApp C:\ProgramData\SaVeNeWaAppzu C:\ProgramData\ntuser.pol C:\Users\Blaster Ice\AppData\Local\{F3B23641-B260-476E-BDFA-CE9F1A2A4202} C:\Users\Blaster Ice\AppData\Local\dtdkdz C:\Users\Blaster Ice\AppData\Local\reazbg C:\Users\Blaster Ice\AppData\Local\21563256.exe C:\Users\Blaster Ice\AppData\Local\42874.exe C:\Users\Blaster Ice\AppData\Roaming\c C:\Users\Blaster Ice\AppData\Roaming\Search Protection C:\Windows\SysWOW64\splsrv.exe C:\Windows\system32\tprdpw64.exe EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
-
Yes there is. But the thing is still runnning
-
Is it normal for the fix to last for a few hrs? Its been fixing for like 2hrs. Am i allowed to use other program or play games during the mean time?
-
New folder.rar
-
Aura, when i go to the uninstall a program both of em were not showing up at all. What should i do?
-
Here it is. thx. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017 Ran by Blaster Ice (administrator) on ACER (12-05-2017 20:14:28) Running from C:\Users\Blaster Ice\Desktop Loaded Profiles: UpdatusUser & Blaster Ice (Available Profiles: UpdatusUser & Blaster Ice & Guest) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe (Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (HiAlgo Inc.) C:\Program Files (x86)\HiAlgo\Plugins\BOOST\HiAlgoBOOST.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-01] (Power Software Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Run: [SearchProtection] => "C:\Users\Blaster Ice\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Run: [GarenaPlus] => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\MountPoints2: E - "E:\autorun.exe" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [uTorrent] => C:\Users\Blaster Ice\AppData\Roaming\uTorrent\uTorrent.exe [2144448 2017-05-06] (BitTorrent Inc.) HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [HiAlgoBOOST] => C:\Program Files (x86)\HiAlgo\Plugins\BOOST\HiAlgoBOOST.exe [2118808 2015-09-16] (HiAlgo Inc.) HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [MyComGames] => C:\Users\Blaster Ice\AppData\Local\MyComGames\MyComGames.exe [5377936 2017-05-11] (MY.COM B.V.) HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\MountPoints2: E - "E:\setup.exe" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\MountPoints2: {afccfce6-87db-11e4-8342-089e01f27291} - "E:\iStudio.exe" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [173272 2017-01-20] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [150760 2017-01-20] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{744F671F-7D44-4150-8AD0-5AD8C9305504}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{744F671F-7D44-4150-8AD0-5AD8C9305504}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{B32485CB-2004-4221-8CBC-FB22C77CBA83}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{B32485CB-2004-4221-8CBC-FB22C77CBA83}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E3AC9A2E-F02C-404C-B1EC-CED294EF8041}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E3AC9A2E-F02C-404C-B1EC-CED294EF8041}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> DefaultScope {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> {FFF837FF-998A-4E97-951E-3A0A8E72BB5D} URL = SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1002 -> DefaultScope {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1002 -> {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = hxxp://www.google.com/search?q={searchTerms} BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: a1u1ohdk.default FF ProfilePath: C:\Users\Blaster Ice\AppData\Roaming\Mozilla\Firefox\Profiles\a1u1ohdk.default [2017-05-11] FF Extension: (Adblock Plus) - C:\Users\Blaster Ice\AppData\Roaming\Mozilla\Firefox\Profiles\a1u1ohdk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-26] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] () FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File] FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-978745593-2217527696-1739433291-1002: @my.com/Games -> C:\Users\Blaster Ice\AppData\Local\MyComGames\NPMyComDetector.dll [2017-03-16] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-978745593-2217527696-1739433291-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Blaster Ice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-15] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-978745593-2217527696-1739433291-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}&trackid=sp-006 CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms} CHR Profile: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default [2017-05-12] CHR Extension: (YouTube) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Adblock Plus) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-01] CHR Extension: (Google Search) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07] CHR Extension: (Grammarly for Chrome) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-12] CHR Extension: (Chrome Media Router) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-11] Opera: ======= OPR Extension: (Translate) - C:\Users\Blaster Ice\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2016-12-04] OPR Extension: (Amazon Assistant for Opera) - C:\Users\Blaster Ice\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2017-01-14] OPR Extension: (Adblock Plus) - C:\Users\Blaster Ice\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-25] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1456136 2016-11-27] () R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-04-10] (EasyAntiCheat Ltd) S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated) S4 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.) S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation) S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-03] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-13] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] () R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.) R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc) S2 Snapdo; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Snapdo\Snapdo.exe [85504 2015-04-30] () [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] () R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-12] (Malwarebytes) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] () R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation) R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-22] (Razer Inc) S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.) R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows (R) Win 7 DDK provider) S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [206080 2014-01-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X] S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 wacommousefilter; \SystemRoot\System32\drivers\wacommousefilter.sys [X] S3 wacomvhid; \SystemRoot\System32\drivers\wacomvhid.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-12 20:14 - 2017-05-12 20:15 - 00024106 _____ C:\Users\Blaster Ice\Desktop\FRST.txt 2017-05-12 20:13 - 2017-05-12 20:14 - 00000000 ____D C:\FRST 2017-05-12 20:13 - 2017-05-12 20:13 - 02429440 _____ (Farbar) C:\Users\Blaster Ice\Desktop\FRST64.exe 2017-05-12 17:27 - 2017-05-12 17:27 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-12 17:08 - 2017-05-12 17:08 - 04102600 _____ C:\Users\Blaster Ice\Downloads\adwcleaner_6.046.exe 2017-05-12 17:07 - 2017-05-12 17:21 - 00008147 _____ C:\Users\Blaster Ice\Desktop\asd.txt 2017-05-12 17:07 - 2017-05-12 17:07 - 00001423 _____ C:\Users\Blaster Ice\Desktop\JRT.txt 2017-05-12 17:02 - 2017-05-12 17:02 - 04089296 _____ C:\Users\Blaster Ice\Downloads\AdwCleaner.exe 2017-05-12 17:02 - 2017-05-12 17:02 - 01663672 _____ (Malwarebytes) C:\Users\Blaster Ice\Downloads\JRT.exe 2017-05-11 22:15 - 2017-05-11 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-05-11 21:46 - 2017-05-11 21:46 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\NVIDIA 2017-05-11 21:28 - 2017-05-11 21:28 - 86191168 _____ (NVIDIA Corporation) C:\Users\Blaster Ice\Downloads\GeForce_Experience_v3.6.0.74.exe 2017-05-11 20:17 - 2017-05-03 11:41 - 00001951 _____ C:\Windows\NvContainerRecovery.bat 2017-05-11 18:17 - 2017-05-12 17:27 - 00102828 _____ C:\Windows\ntbtlog.txt 2017-05-11 18:13 - 2017-05-11 18:14 - 32823032 _____ (Tweaking.com) C:\Users\Blaster Ice\Downloads\tweaking.com_windows_repair_aio_setup.exe 2017-05-11 17:08 - 2017-05-11 17:08 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-05-11 01:56 - 2017-05-11 16:39 - 00002000 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-05-11 01:56 - 2017-05-11 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-11 01:56 - 2017-05-11 01:56 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-11 01:56 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-05-10 22:43 - 2017-05-12 17:18 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-05-10 22:43 - 2017-05-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-05-10 22:43 - 2017-05-11 01:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-10 22:42 - 2017-05-11 18:11 - 00000000 ____D C:\Users\Blaster Ice\Desktop\123 2017-05-10 19:01 - 2017-05-10 19:01 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Blaster Ice\Downloads\mbar-1.09.3.1001.exe 2017-05-10 18:45 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-05-10 18:45 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-05-10 18:45 - 2017-05-03 16:21 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-05-08 23:59 - 2017-05-08 23:59 - 00001771 _____ C:\Users\Blaster Ice\Desktop\Unleash the hair-48-v1.rar 2017-05-08 19:07 - 2017-05-08 19:07 - 60107896 _____ (Malwarebytes ) C:\Users\Blaster Ice\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe 2017-05-08 18:57 - 2017-05-11 16:34 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\dtdkdz 2017-05-08 18:57 - 2017-05-11 12:11 - 00001053 _____ C:\Windows\SysWOW64\splsrv.exe 2017-05-08 18:57 - 2017-05-08 18:57 - 00000000 ____D C:\Windows\acer 2017-05-08 18:57 - 2017-05-08 18:57 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\c 2017-05-08 18:57 - 2017-05-08 18:57 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\reazbg 2017-05-06 20:50 - 2017-05-06 20:50 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\SmartSteamEmu 2017-05-06 20:30 - 2017-05-06 20:30 - 00001662 _____ C:\Users\Public\Desktop\Kenshi.lnk 2017-05-06 20:13 - 2017-05-06 20:13 - 00000000 ____D C:\Games 2017-05-06 19:17 - 2017-05-06 19:29 - 00000000 ____D C:\Users\Blaster Ice\Downloads\Kenshi_v0.95.34 2017-05-06 19:16 - 2017-05-06 19:16 - 00014725 _____ C:\Users\Blaster Ice\Desktop\Kenshi.v0.95.34.torrent 2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N (TOSHIBA CORPORATION) C:\Windows\system32\tprdpw64.exe 2017-04-27 17:23 - 2017-04-28 19:12 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-04-23 18:47 - 2017-05-12 17:19 - 00003026 _____ C:\Windows\System32\Tasks\MSIAfterburner 2017-04-23 18:43 - 2017-04-23 18:43 - 00001062 _____ C:\Users\Blaster Ice\Desktop\MSI Afterburner.lnk 2017-04-23 18:41 - 2017-04-23 18:41 - 40376862 _____ C:\Users\Blaster Ice\Downloads\MSIAfterburnerSetup.zip 2017-04-23 18:29 - 2017-04-23 18:29 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\office6 2017-04-23 16:17 - 2017-04-23 16:17 - 00370064 _____ C:\Users\Blaster Ice\Desktop\cc_20170423_161657.reg 2017-04-12 20:28 - 2017-04-12 20:28 - 00883996 _____ C:\Users\Blaster Ice\Downloads\MTS_DmitryMalfatto_1575387_ModConflictDetector8337.zip 2017-04-12 20:28 - 2017-04-12 20:28 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\Malfatto Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-12 19:57 - 2015-08-02 10:59 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt 2017-05-12 19:53 - 2017-01-03 00:59 - 00000000 ____D C:\Users\Blaster Ice\Desktop\osu 2017-05-12 17:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness 2017-05-12 17:33 - 2016-07-28 15:19 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-1002 2017-05-12 17:27 - 2016-11-26 02:06 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-12 17:27 - 2016-11-26 02:06 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-12 17:27 - 2016-11-26 02:06 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-12 17:27 - 2016-11-26 02:06 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-12 17:27 - 2016-11-26 02:06 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-12 17:27 - 2015-10-31 13:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-05-12 17:27 - 2013-11-01 21:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-05-12 17:27 - 2013-11-01 21:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-05-12 17:27 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf 2017-05-12 17:26 - 2015-10-31 13:40 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\NVIDIA 2017-05-12 17:26 - 2013-11-01 21:30 - 00000000 ____D C:\ProgramData\NVIDIA 2017-05-12 17:21 - 2014-09-20 23:28 - 00000000 __RDO C:\Users\Blaster Ice\OneDrive 2017-05-12 17:17 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-12 17:11 - 2016-02-28 10:43 - 00000000 ____D C:\AdwCleaner 2017-05-12 00:58 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-05-11 22:13 - 2015-10-31 13:41 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\NVIDIA Corporation 2017-05-11 22:03 - 2014-04-04 02:47 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\CrashDumps 2017-05-11 21:31 - 2017-03-16 20:11 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\MyComGames 2017-05-11 20:41 - 2015-10-14 21:24 - 00000000 ____D C:\Users\Guest.acer 2017-05-11 19:55 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Help 2017-05-11 16:46 - 2015-09-16 08:20 - 00000000 ____D C:\Program Files (x86)\Steam 2017-05-11 16:37 - 2013-11-01 21:30 - 00000000 ____D C:\Users\UpdatusUser 2017-05-11 16:34 - 2014-03-29 23:00 - 00000000 ____D C:\Users\Blaster Ice 2017-05-11 11:12 - 2014-09-04 06:57 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4 2017-05-11 01:56 - 2014-10-22 04:40 - 00000000 ____D C:\Program Files (x86)\Opera 2017-05-10 23:31 - 2016-10-30 23:03 - 00004430 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-05-10 23:31 - 2016-10-30 23:03 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-05-10 23:31 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-05-10 23:31 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-05-10 18:46 - 2014-03-30 08:25 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2017-05-08 23:27 - 2014-03-30 00:10 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\uTorrent 2017-05-03 15:28 - 2016-12-17 15:03 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-04-29 14:00 - 2014-03-29 11:19 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\Warframe 2017-04-27 17:21 - 2015-10-31 08:24 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\PC_Drivers_Headquarters 2017-04-27 17:21 - 2013-11-01 22:08 - 00000000 ____D C:\Program Files (x86)\Amazon 2017-04-27 17:18 - 2017-01-01 03:40 - 00000000 ____D C:\Program Files\COMODO 2017-04-27 17:18 - 2014-09-24 02:19 - 00000000 ____D C:\ProgramData\SaVeNeWaAppzu 2017-04-27 17:17 - 2014-04-06 00:58 - 00000000 ____D C:\ProgramData\GreenApp 2017-04-26 18:47 - 2013-08-22 10:44 - 04976640 _____ C:\Windows\system32\FNTCACHE.DAT 2017-04-24 18:52 - 2016-08-06 19:44 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\.minecraft 2017-04-23 18:30 - 2015-09-26 21:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-04-23 18:29 - 2014-03-29 23:11 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\Kingsoft 2017-04-23 16:10 - 2014-04-12 07:40 - 00000000 ____D C:\Users\Blaster Ice\Desktop\IMH 2017-04-23 15:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF 2017-04-23 13:23 - 2014-05-04 09:11 - 00000000 ____D C:\Users\Blaster Ice\AppData\LocalLow\Adobe 2017-04-23 13:23 - 2014-04-21 06:03 - 00000000 ____D C:\Users\Blaster Ice\Desktop\phs 2017-04-18 23:22 - 2014-04-25 23:43 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\HandBrake 2017-04-17 23:38 - 2016-03-04 19:03 - 00000000 ____D C:\Users\Blaster Ice\Desktop\[Mikuni Mizuki] Akujo Kousatsu Ch. 2 2017-04-15 21:26 - 2016-06-24 20:04 - 00000000 ____D C:\Users\Blaster Ice\Desktop\Drawings 2017-04-12 16:40 - 2015-09-23 16:25 - 00000000 ____D C:\Users\Blaster Ice\Desktop\sims mod ==================== Files in the root of some directories ======= 2016-04-26 17:58 - 2016-04-26 17:58 - 0000112 _____ () C:\Users\Blaster Ice\AppData\Roaming\JP2K CS6 Prefs 2015-09-22 19:55 - 2016-07-17 11:59 - 0000001 _____ () C:\Users\Blaster Ice\AppData\Roaming\update.dat 2014-03-30 02:17 - 2016-01-25 20:36 - 0000098 _____ () C:\Users\Blaster Ice\AppData\Roaming\WB.CFG 2016-07-28 15:04 - 2016-07-28 15:04 - 0127640 _____ () C:\Users\Blaster Ice\AppData\Local\21563256.exe 2016-07-28 15:04 - 2016-07-28 15:04 - 0034157 _____ () C:\Users\Blaster Ice\AppData\Local\42874.exe 2014-04-05 03:10 - 2014-04-05 03:10 - 0007606 _____ () C:\Users\Blaster Ice\AppData\Local\Resmon.ResmonCfg 2016-04-22 20:05 - 2016-04-22 20:07 - 0000000 _____ () C:\Users\Blaster Ice\AppData\Local\{F3B23641-B260-476E-BDFA-CE9F1A2A4202} 2013-11-01 21:42 - 2013-11-01 21:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-12-17 16:14 - 2017-02-03 14:55 - 0008442 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-17 16:14 - 2017-02-01 00:35 - 0004984 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Some files in TEMP: ==================== 2017-05-08 18:57 - 2017-05-08 18:57 - 7761920 _____ (Disc Soft Ltd) C:\Users\Blaster Ice\AppData\Local\Temp\component.exe 2016-08-16 03:48 - 2016-08-16 03:48 - 0488960 _____ () C:\Users\Blaster Ice\AppData\Local\Temp\sqlite3.exe 2017-05-08 18:57 - 2017-05-08 18:57 - 1199825 _____ () C:\Users\Blaster Ice\AppData\Local\Temp\unins000.exe 2017-05-08 18:57 - 2017-05-08 18:57 - 0597261 _____ (VideoBox ) C:\Users\Blaster Ice\AppData\Local\Temp\vbsetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-04-29 03:47 ==================== End of FRST.txt ============================
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017 Ran by Blaster Ice (12-05-2017 20:15:43) Running from C:\Users\Blaster Ice\Desktop Windows 8.1 (Update) (X64) (2014-03-30 03:00:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-978745593-2217527696-1739433291-500 - Administrator - Disabled) Blaster Ice (S-1-5-21-978745593-2217527696-1739433291-1002 - Administrator - Enabled) => C:\Users\Blaster Ice Guest (S-1-5-21-978745593-2217527696-1739433291-501 - Limited - Enabled) => C:\Users\Guest.acer UpdatusUser (S-1-5-21-978745593-2217527696-1739433291-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated) Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated) Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated) Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.18.0 - Mirillis) Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks) BitTorrent (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.) Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) DesignDoll (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell) eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.) FlvPlayer (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\FlvPlayer) (Version: ${VERSION} - ) <==== ATTENTION Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) HiAlgo BOOST 5.0 (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\HiAlgoBOOST) (Version: 5.0 - HiAlgo Inc.) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Kenshi v0.95.34 (HKLM-x32\...\vsetop.com Kenshi v0.95.34_is1) (Version: 0.95.34 - VseTop.Com) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MediaHuman YouTube to MP3 Converter version 3.9.8.5 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.8.5 - ) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) My.com Game Center (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\MyComGames) (Version: 3.198 - My.com B.V.) NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports) NBA 2K17 (HKLM\...\Steam App 385760) (Version: - Visual Concepts) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG) NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version: - ) NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer) Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software) osu! (HKLM-x32\...\{4c44c71e-034a-4667-a9dd-1b1a501b2804}) (Version: latest - ppy Pty Ltd) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros) Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.6.8.66 - Razer Inc.) Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) Revelation Online (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Revelation Online) (Version: 1.34 - My.com B.V.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games) Search Protection (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Search Protection) (Version: 8.9.0.1 - Spigot, Inc.) <==== ATTENTION SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version: - Bethesda Softworks) The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - ) TrinusVR version 2.0.9b (HKLM-x32\...\{A66AD08F-FC5B-4583-9A7D-4636F5637B2C}_is1) (Version: 2.0.9b - Odd Sheep SL) TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden Unity Web Player (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1467.1 - Microsoft Corporation) Hidden Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation) Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation) Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation) Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-978745593-2217527696-1739433291-1002_Classes\CLSID\{b25e12e0-19d3-4c9a-b245-95ac3d0b1442}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019A3EEC-D33E-45C1-A84C-9803902D519C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation) Task: {0D478C71-2439-4481-A244-77512BEEEC0A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {0E4F8383-0747-44CC-BB0D-5E5FBFB4496C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation) Task: {14FB9ADD-1DBB-428E-9E15-F95F7DB51733} - \Driver Detective -> No File <==== ATTENTION Task: {2DB92FCA-8E92-44D9-8CA6-6CAD8595CF3B} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-500 -> No File <==== ATTENTION Task: {2FC9630C-C3AE-430F-B167-322639C42E25} - \User_Feed_Synchronization-{771CC023-050F-4237-A636-FF522FD3CCBD} -> No File <==== ATTENTION Task: {39FB1C93-F232-4131-B730-EF36680235D0} - \WpsUpdateTask_Blaster Ice -> No File <==== ATTENTION Task: {4D02C793-EAF9-4AD7-99C7-CC501E0A8D98} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-978745593-2217527696-1739433291-1002 Task: {5490CE78-AD7A-4989-ACE3-E1EEC51EF887} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-1004 -> No File <==== ATTENTION Task: {6912A6E7-F997-4258-A937-1C03701FA90E} - \ALU -> No File <==== ATTENTION Task: {70FDC81A-61C5-4EEA-BC1A-595A17BD1464} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] () Task: {7D4784D9-B879-423F-9E2C-5AF96E8AB982} - \Launch Manager -> No File <==== ATTENTION Task: {7E3A2E4A-EA19-4947-A255-0EEDEC85DE8C} - \AdobeAAMUpdater-1.0-MicrosoftAccount-Blasterkatana@hotmail.com -> No File <==== ATTENTION Task: {81B1F040-CA6A-432D-8C13-0FBCF967F850} - System32\Tasks\Opera scheduled Autoupdate 1443411411 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software) Task: {87AFABB3-7801-4071-937A-9ED9548044E1} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation) Task: {9B3F8CEA-A37E-4640-BA98-EB60B17BF151} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated) Task: {9BF50FB3-9162-4AEB-AB8F-FDC045263DE3} - \Power Management -> No File <==== ATTENTION Task: {A09FD551-1AC1-4658-BB3A-EF2C1657FAE2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation) Task: {A3E2986B-C0E9-42AA-BCF5-2C5162C47313} - \ALUAgent -> No File <==== ATTENTION Task: {A89D2B37-B297-4235-BFDA-1FBE3D74C1E4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {D09F73A7-CA87-4C52-BF33-C092FEABC077} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation) Task: {D46DC9B3-7A43-42FC-86EF-951B1DA276C2} - \AcerCloud -> No File <==== ATTENTION Task: {D4AEF3F9-DDEF-4211-AF62-EEDBBA189BF9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation) Task: {EA944FEA-448C-41C6-9D9D-12DBEDF3290F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-10] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Blaster Ice\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2497052491_en-us.lnk -> hxxp://google.co ==================== Loaded Modules (Whitelisted) ============== 2014-05-13 08:44 - 2014-05-13 08:46 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2016-09-24 18:20 - 2016-09-24 18:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2017-05-11 01:56 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-10-24 06:03 - 2016-10-24 06:03 - 00589512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2014-04-22 08:58 - 2014-08-19 15:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2013-09-07 04:48 - 2013-09-07 04:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-07 04:45 - 2013-09-07 04:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-07 04:52 - 2013-09-07 04:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2012-10-16 05:39 - 2012-10-16 05:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe 2013-11-01 22:12 - 2013-07-30 21:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2014-04-20 10:11 - 2014-04-20 10:11 - 00225792 _____ () C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe 2013-11-01 21:26 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-10-10 12:46 - 2016-10-10 12:46 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2016-10-10 12:46 - 2016-10-10 12:46 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2016-10-10 12:46 - 2016-10-10 12:46 - 00228864 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2016-10-10 12:46 - 2016-10-10 12:46 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2016-10-10 12:46 - 2016-10-10 12:46 - 00526848 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2015-09-16 02:43 - 2015-09-16 02:43 - 00065688 _____ () C:\Program Files (x86)\HiAlgo\Plugins\BOOST\HookDll.dll 2012-10-16 05:39 - 2012-10-16 05:39 - 00060504 _____ () C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll 2013-11-01 22:12 - 2013-07-30 21:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2017-03-01 15:14 - 2017-03-01 15:14 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll 2017-03-01 15:14 - 2017-03-01 15:14 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll 2017-03-01 15:14 - 2017-03-01 15:14 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll 2017-03-01 15:14 - 2017-03-01 15:14 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxp://apps.driversupport.com IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxps://apps.driversupport.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2017-05-11 11:51 - 00003623 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com 0.0.0.0 cdn.bisrv.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Blaster Ice\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Audiosrv => 2 MSCONFIG\Services: ePowerSvc => 3 MSCONFIG\Services: ETDService => 2 MSCONFIG\Services: EventLog => 2 MSCONFIG\Services: FontCache => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: WTabletServiceCon => 2 HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "mcpltui_exe" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "RazerGameBooster" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "RazerCortex" HKLM\...\StartupApproved\Run32: => "NvBackend" HKLM\...\StartupApproved\Run32: => "svcvmx" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "SearchProtection" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "LiveSupport" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "Optimizer Pro" HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "BlockNSurf" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "GarenaPlus" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "MyComGames" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{31A7614B-ED1D-4EA5-95D2-3C044F612A0E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{3A2F161E-D967-425B-A2EB-3C4AD3961D19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{07E7B8FF-B819-4F3F-BFBF-8F83AD9F5070}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{09B1CEFE-9CA0-447D-A442-578F59A5C13D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{92245AA3-FEB9-4AFF-B075-191410E37177}] => (Allow) LPort=8370 FirewallRules: [{5895796F-EFCB-4A75-A26B-BF73EE0E16A4}] => (Allow) LPort=8370 FirewallRules: [TCP Query User{5C78F27C-72C4-4878-B953-44F3293CA87B}C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{399305B6-F163-443B-AC0E-FFC94668F50D}C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{A0209CA3-DFFD-4265-82BC-29EFB5C8AA85}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6B791E4B-DE54-47BB-9D4B-CC59CBB9A2B4}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4F602AC3-074E-4BF4-8EB1-EDCE9EEC54B3}] => (Allow) LPort=8370 FirewallRules: [{6388D5F2-189E-45EA-BC26-D52578127881}] => (Allow) LPort=8370 FirewallRules: [{F9FE511E-54AD-4545-B902-50A4381070EB}] => (Allow) LPort=6926 FirewallRules: [{5D8185B8-384F-40F4-B921-1D7313477DFC}] => (Allow) LPort=6926 FirewallRules: [{892C80B9-BCA8-469B-9349-43BCA94EB421}] => (Allow) LPort=6888 FirewallRules: [{6AE4FEF2-8CA0-4520-A552-7AFD86BEBA6D}] => (Allow) LPort=6888 FirewallRules: [{436A32A1-26ED-4308-A1E4-E9420FD21425}] => (Allow) LPort=6884 FirewallRules: [{D6BD0834-4EBB-4306-8A50-5C7E888DF7BF}] => (Allow) LPort=6884 FirewallRules: [TCP Query User{AB946A32-7F87-4715-BA1F-F23E1317253A}C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe FirewallRules: [UDP Query User{45CE7FF9-4461-40A9-9A73-29ECFCDF56EC}C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe FirewallRules: [{03FEA5AA-6FE5-47CF-82A8-D19643461E4A}] => (Allow) LPort=8393 FirewallRules: [{C1955BC6-A212-4B60-93AC-8D45312D8710}] => (Allow) LPort=8393 FirewallRules: [{6A089901-32F0-4D84-89B5-6783AB87D22C}] => (Allow) LPort=8390 FirewallRules: [{C319F948-6B77-4BEB-8A6D-A88AA4D7222F}] => (Allow) LPort=8390 FirewallRules: [{187D40AF-8AFA-4EA5-BCCB-D90D05C5FB97}] => (Allow) LPort=6901 FirewallRules: [{757F8775-F74A-432A-A711-C985A14AEFAF}] => (Allow) LPort=6901 FirewallRules: [{5EE6EAA6-5147-45B4-83D6-1E36660C1136}] => (Allow) LPort=6888 FirewallRules: [{F3E446D2-2471-4A4A-9E88-C43C136F75D8}] => (Allow) LPort=6888 FirewallRules: [{949A003A-6B48-4D1F-911A-87BB3DF6E039}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{6BFFB01E-A2CA-4992-8863-DD3F9C12559C}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{A0DED0FF-335F-452C-BEA2-53AA2867032C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0E855820-E0FC-4B25-B46C-8917FC7A3F22}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe FirewallRules: [{EAA163DF-183E-4F48-A446-494795DB966C}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe FirewallRules: [{7AC2BB09-EC54-42C6-9224-ABB4DDB90258}] => (Allow) LPort=6925 FirewallRules: [{D7CAC109-3AA9-4FDB-9AC5-C8373E38E3E8}] => (Allow) LPort=6925 FirewallRules: [{4035C23E-D20D-434C-8A75-179B27D28241}] => (Allow) C:\GarenaDownload\Games\cmtw\cmtwInstaller.exe FirewallRules: [{456F0943-98B5-4CAD-892F-213620E9CAFE}] => (Allow) C:\GarenaDownload\Games\cmtw\cmtwInstaller.exe FirewallRules: [TCP Query User{9F1B39C7-B72B-4426-911C-93CF0B52BBD7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{60E9C290-63F5-4936-AC01-5A8713835FD3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{8EF08833-3F6E-4367-A165-FDFCA58A05C1}] => (Allow) LPort=6996 FirewallRules: [{870D96B4-134B-4C57-A159-B14B1EDE58E5}] => (Allow) LPort=6996 FirewallRules: [{FDD76614-1A7D-4750-905E-F486B699A493}] => (Allow) LPort=6905 FirewallRules: [{60A2BBF3-C970-463D-ACF4-B64B1E6C6C75}] => (Allow) LPort=6905 FirewallRules: [{70F7079C-A6D8-4378-9570-F1F24AE9B632}] => (Allow) LPort=6965 FirewallRules: [{CC3EA7BB-FAA2-4A40-A175-50C33FB26F55}] => (Allow) LPort=6965 FirewallRules: [{0A5A7FB9-AF6C-472B-A1E0-3095E2CB2130}] => (Allow) C:\GarenaDownload\Games\blackshot\Blackshot_GarenaPlus_Installer.exe FirewallRules: [{35637600-2AD0-4E8B-875A-0CC4EF38D711}] => (Allow) C:\GarenaDownload\Games\blackshot\Blackshot_GarenaPlus_Installer.exe FirewallRules: [{E982FEC8-F4E4-4191-A264-EAF625C8EC48}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe FirewallRules: [{B0D9E8EB-1C4C-4F7C-BD31-AC765DA28398}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe ==================== Restore Points ========================= 28-04-2017 22:48:29 Installed DirectX 11-05-2017 00:35:03 Malwarebytes Anti-Rootkit Restore Point 11-05-2017 01:48:35 Malwarebytes Anti-Rootkit Restore Point 12-05-2017 17:03:33 JRT Pre-Junkware Removal Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/11/2017 10:01:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACER) Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/11/2017 10:01:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACER) Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/31/2015 10:29:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: GTA5.exe, version: 1.0.505.2, time stamp: 0x561d10fa Faulting module name: GTA5.exe, version: 1.0.505.2, time stamp: 0x561d10fa Exception code: 0xc0000005 Fault offset: 0x0000000001189a34 Faulting process id: 0x2dc Faulting application start time: 0x01d113e8458a4ce9 Faulting application path: D:\GTAV\steamapps\common\Grand Theft Auto V\GTA5.exe Faulting module path: D:\GTAV\steamapps\common\Grand Theft Auto V\GTA5.exe Report Id: c80a6af4-7fdb-11e5-84cb-089e01f27291 Faulting package full name: Faulting package-relative application ID: Error: (10/31/2015 07:35:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1418 Start Time: 01d113cf7878c2bc Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 6bd4cd15-7fc3-11e5-84cb-089e01f27291 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (10/31/2015 07:32:22 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe Error: (10/30/2015 04:39:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11a4 Start Time: 01d1135251aa2c05 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 42721f12-7f46-11e5-84ca-089e01f27291 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (10/30/2015 04:37:27 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe Error: (10/29/2015 08:05:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ca4 Start Time: 01d112a5f8dfdbfe Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: ec545327-7e99-11e5-84c9-089e01f27291 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (10/29/2015 08:03:56 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe Error: (10/29/2015 06:18:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACER) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified. Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified. Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified. Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified. Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified. CodeIntegrity: =================================== Date: 2015-09-26 22:48:24.769 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 22:48:22.588 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 22:48:22.453 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 22:48:22.436 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 21:36:32.993 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 18:11:01.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 16:15:18.926 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 15:49:02.509 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 15:49:02.428 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2015-09-26 15:49:02.413 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Percentage of memory in use: 37% Total physical RAM: 8072.27 MB Available physical RAM: 5041.01 MB Total Virtual: 74972.27 MB Available Virtual: 71710.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:456.1 GB) (Free:18.72 GB) NTFS Drive d: (DATA) (Fixed) (Total:456.61 GB) (Free:289.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E521D0E0) Partition: GPT. ==================== End of Addition.txt ============================
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 8.1 x64 Ran by Blaster Ice (Administrator) on Fri 12/05/2017 at 17:03:27.64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 6 Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder) Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\Mozilla\Firefox\Profiles\user.js (File) Successfully deleted: C:\ProgramData\SAvENeWaAppz (Folder) Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\appdataFr2.bin (File) Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\appdataFr25.bin (File) Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\appdataFr3.bin (File) Registry: 3 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 12/05/2017 at 17:07:10.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.046 - Logfile created 12/05/2017 at 17:11:34 # Updated on 24/04/2017 by Malwarebytes # Database : 2017-05-12.1 [Server] # Operating System : Windows 8.1 (X64) # Username : Blaster Ice - ACER # Running from : C:\Users\Blaster Ice\AppData\Local\Temp\scoped_dir3760_31922\adwcleaner_6.046.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: 52ba5fc5c8a727b021b159f6775dec5c [-] Service deleted: DrvAgent64 ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Blaster Ice\AppData\Local\llssoft ***** [ Files ] ***** [-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage [-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal [-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal [-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage [-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal [-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.startgo123.com_0.localstorage [-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.startgo123.com_0.localstorage-journal ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: {DFD0CE34-09CA-42FD-AFDE-D4BEF892177A} ***** [ Registry ] ***** [-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027} [#] Key deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer [#] Key deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection [-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\eSupport.com [-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\INSTALLPATH\STATUS [-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\VideoBox [-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0 [#] Key deleted on reboot: HKCU\Software\eSupport.com [#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: HKCU\Software\VideoBox [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0 [#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com [#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: [x64] HKCU\Software\VideoBox [-] Key deleted: [x64] HKLM\SOFTWARE\Reimage [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-978745593-2217527696-1739433291-1002\Products\363FB0CBBA367FF4E81FEAD0F717B142 [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mpc.am [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mpc.am [#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [livesupport] [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon] [#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro] [#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection] [#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection] [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [cpx] ***** [ Web browsers ] ***** [-] [C:\Users\Blaster Ice\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo [-] [C:\Users\Blaster Ice\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_16_04_ssg02¶m1=1¶m2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAyEtBtAzzyBtCtDtA0AtDtCzytCyBtCtN0D0Tzu0StCyEzzyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0CtB0ByCyDtDtDtGyE0CtD0BtG0BtBtA0AtGyByCyByEtGyD0DyE0BtC0A0CtCtDtByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyD0F0DtByDyDtG0E0AyBtCtGyEyCzz0BtG0B0DyDtCtG0EyBzztByByBtDyEtB0CtB0B2QtN0A0LzuyE%26cr%3D1791268262%26a%3Dwncy_omxmedia_16_04_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1&uref=chmm [-] [C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo.com [-] [C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.mpc.am [-] [C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_16_04_ssg02¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAyEtBtAzzyBtCtDtA0AtDtCzytCyBtCtN0D0Tzu0StCyEzzyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0CtB0ByCyDtDtDtGyE0CtD0BtG0BtBtA0AtGyByCyByEtGyD0DyE0BtC0A0CtCtDtByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyD0F0DtByDyDtG0E0AyBtCtGyEyCzz0BtG0B0DyDtCtG0EyBzztByByBtDyEtB0CtB0B2QtN0A0LzuyE%26cr%3D1791268262%26a%3Dwncy_omxmedia_16_04_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1 ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [83829 Bytes] - [28/02/2016 10:48:15] C:\AdwCleaner\AdwCleaner[C2].txt - [6381 Bytes] - [12/05/2017 17:11:34] C:\AdwCleaner\AdwCleaner[S1].txt - [83403 Bytes] - [28/02/2016 10:43:59] C:\AdwCleaner\AdwCleaner[S2].txt - [5457 Bytes] - [12/05/2017 17:10:45] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6601 Bytes] ##########
-
Oh, after the rootkit was removed and before you replied i already scanned and deleted all those virus. But apparently now i have another problem.... I couldnt update or install my nvidia ge fore experience. I cant update my computer as well. Am i not suppose to delete those things?
-
Apparently this https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ version of the antirootkit worked! The one I used before was this: https://www.malwarebytes.com/antirootkit/ (Totally got blocked by the virus) Thank you very much for looking out! Everything seems to be back to normal!!!
-
Hi guys i think i just contracted this virus. I cant end this task or disable it. I cant even delete the damn file. Ive even tried downloading the rootkit removal program by malwarebytes but it says requested resource is in use. So i gave up wanted to try system restore. Apparently even system restore has been blocked by "requested resource is in use" Now i cant even update or clean anything on my laptop. PLS HELP! Much appreciated.