Jump to content

ModerateComputerUser

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I need a rely as soon as possible. Yet i'm going to party. When I'm back I hope to resolve my issue. Thanks
  2. Hello Brian here, My PC is infected with a lot of adware and perhaps a RAT because It just keeps coming. I would like help removing the nagware adware and Trojans on my pc as a MB scan wasn't enough. here are the logs. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2017 01 Ran by Asriel (administrator) on DESKTOP-HBSKNLC (10-06-2017 10:03:58) Running from C:\Users\getme\Downloads Loaded Profiles: Asriel & (Available Profiles: Asriel & Summa) Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe () C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Hammer & Chisel, Inc.) C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe (VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe (Hammer & Chisel, Inc.) C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73}\5880A280-EF2B-152B-AF46-AEB293F45386.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxTsr.exe () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxMail.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-31] (Intel Corporation) HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\RunOnce: [Gahicokub] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\PROGRA~1\COMMON~1\UPDATE~1\Temere.dat" HKLM\...\RunOnce: [Faceten] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\Users\getme\AppData\Local\61DF03~1\Coregun.dat" HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_5XFF436B8] => C:\Program Files\Windows Multimedia Platform\7O13VPTSFNF2SB8N43RKN62JPAWC8RZBH12D0ARI0L4A3BH\V5uSYHwECd.exe [263168 2017-06-09] () HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Discord] => C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [*LABAL*] => [X] HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [41728608 2017-05-23] (VoipConnect) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [ApowersoftScreenRecorder] => C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe /autoStart HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [isMiner V 1.9] => C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe [2976256 2017-06-09] (isMiner worker and updater for windows of isMiner inc ) <===== ATTENTION HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [WH&BOZEU4s.exe] => C:\Program Files\Nox\5Q2RGBIBKDIPAT0ZKB6IQ89WTL\WH&BOZEU4s.exe [260608 2017-06-09] () HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [WBA3KhwG.exe] => C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56\WBA3KhwG.exe [260608 2017-06-09] () HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Hg170bDREkIr6k.exe] => C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe [260608 2017-06-10] () <===== ATTENTION HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\MountPoints2: {e41d0151-04cc-11e7-8331-b986e4ce4c51} - "E:\LaunchU3.exe" -a HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Discord] => C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [*LABAL*] => [X] HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [41728608 2017-05-23] (VoipConnect) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [ApowersoftScreenRecorder] => C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe /autoStart HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [isMiner V 1.9] => C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe [2976256 2017-06-09] (isMiner worker and updater for windows of isMiner inc ) <===== ATTENTION HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [WH&BOZEU4s.exe] => C:\Program Files\Nox\5Q2RGBIBKDIPAT0ZKB6IQ89WTL\WH&BOZEU4s.exe [260608 2017-06-09] () HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [WBA3KhwG.exe] => C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56\WBA3KhwG.exe [260608 2017-06-09] () HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Hg170bDREkIr6k.exe] => C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe [260608 2017-06-10] () <===== ATTENTION HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\MountPoints2: {e41d0151-04cc-11e7-8331-b986e4ce4c51} - "E:\LaunchU3.exe" -a HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Discord] => C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [*LABAL*] => [X] HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [41728608 2017-05-23] (VoipConnect) HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [ApowersoftScreenRecorder] => C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe /autoStart HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [isMiner V 1.9] => C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe [2976256 2017-06-09] (isMiner worker and updater for windows of isMiner inc ) <===== ATTENTION HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [WH&BOZEU4s.exe] => C:\Program Files\Nox\5Q2RGBIBKDIPAT0ZKB6IQ89WTL\WH&BOZEU4s.exe [260608 2017-06-09] () HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [WBA3KhwG.exe] => C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56\WBA3KhwG.exe [260608 2017-06-09] () HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Hg170bDREkIr6k.exe] => C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe [260608 2017-06-10] () <===== ATTENTION HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\MountPoints2: {e41d0151-04cc-11e7-8331-b986e4ce4c51} - "E:\LaunchU3.exe" -a Startup: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2017-03-08] ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files\Nexon\Nexon Launcher\nexon_launcher.exe (No File) Startup: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nехоn Launсher.lnk [2017-06-06] ShortcutTarget: Nехоn Launсher.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) GroupPolicy: Restriction ? <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159 Tcpip\..\Interfaces\{045c18ac-3393-40a4-9cf8-77fb29d96f8e}: [NameServer] 10.9.0.1 Tcpip\..\Interfaces\{174ec0ab-a478-4c7a-b75d-e1db9e2ccd73}: [NameServer] 82.163.143.157 82.163.142.159 Tcpip\..\Interfaces\{174ec0ab-a478-4c7a-b75d-e1db9e2ccd73}: [DhcpNameServer] 82.163.143.157 Tcpip\..\Interfaces\{30227a00-898d-482f-b6e9-f08b8adc1324}: [NameServer] 82.163.143.157 82.163.142.159 Tcpip\..\Interfaces\{30227a00-898d-482f-b6e9-f08b8adc1324}: [DhcpNameServer] 82.163.143.157 Tcpip\..\Interfaces\{6cb359cb-f98d-4524-a84e-eba04fcfde5c}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561166183&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561207548&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561207548&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561207548&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-27] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-27] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001 -> hxxps://www.google.com/ FireFox: ======== FF DefaultProfile: qdjgz72c.default-1495056405566 FF ProfilePath: C:\Users\getme\AppData\Roaming\Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566 [2017-05-27] FF Homepage: Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566 -> user_pref("browser.startup.homepage","hxxp://pesonal-spage.com/sall2/"); FF Extension: (Firefox OnBoard) - C:\Users\getme\AppData\Roaming\Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566\Extensions\@onboard-v2 [2017-05-17] FF Extension: (DuckDuckGo Plus) - C:\Users\getme\AppData\Roaming\Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-05-19] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\duckduckgo.xml [2017-03-17] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-14] () FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-27] (Oracle Corporation) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001: @citrixonline.com/appdetectorplugin -> C:\Users\getme\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-18] (Citrix Online) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001: @nsroblox.roblox.com/launcher -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696: @citrixonline.com/appdetectorplugin -> C:\Users\getme\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-18] (Citrix Online) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696: @nsroblox.roblox.com/launcher -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696: @nsroblox.roblox.com/launcher64 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777: @citrixonline.com/appdetectorplugin -> C:\Users\getme\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-18] (Citrix Online) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777: @nsroblox.roblox.com/launcher -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777: @nsroblox.roblox.com/launcher64 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default [2017-05-12] CHR Extension: (Google Slides) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-08] CHR Extension: (Google Docs) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08] CHR Extension: (Google Drive) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08] CHR Extension: (Skype Calling) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-03-08] CHR Extension: (YouTube) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08] CHR Extension: (Google Sheets) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-08] CHR Extension: (Google Docs Offline) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-08] CHR Extension: (Instant Translate: Select and Translate) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2017-05-12] CHR Extension: (Hotspot Shield VPN Proxy – Unblock Sites) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-05-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] CHR Extension: (Gmail) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08] CHR Extension: (Chrome Media Router) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12] CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [428056 2017-03-03] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [406040 2017-03-03] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [453144 2017-03-03] (BlueStack Systems, Inc.) R3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-05-03] (Intel Corporation) R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83384 2014-12-31] (Intel Corporation) R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [97208 2014-12-31] (Intel Corporation) R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90552 2014-12-31] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-05-03] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes) R2 ovpnagent; C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-29] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2017-04-27] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.) S2 3a6505d76c4845ab634ee923daa42779; "C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe" [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 03ae9eb10bed1bc45673bb2f788455cf; C:\WINDOWS\system32\drivers\03ae9eb10bed1bc45673bb2f788455cf.sys [58648 2017-06-05] (3TZGHS) <==== ATTENTION S3 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [139360 2017-03-03] (BlueStack Systems) S3 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2017-03-03] (Bluestack System Inc. ) R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2015-10-30] (Microsoft Corporation) R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [463360 2015-06-23] (Intel Corporation) S3 cpuz140; C:\Users\getme\AppData\Local\Temp\cpuz140\cpuz140_x32.sys [44352 2017-04-17] (CPUID) S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44472 2014-12-31] (Intel Corporation) S3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [25528 2014-12-31] (Intel Corporation) S3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [28088 2014-12-31] (Intel Corporation) S3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [36280 2014-12-31] (Intel Corporation) R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [80824 2014-12-31] (Intel Corporation) R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [182200 2014-12-31] (Intel Corporation) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-12-24] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-12-24] (Disc Soft Ltd) R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2015-06-23] (Intel Corporation) R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2015-06-23] (Intel Corporation) R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [62464 2015-06-23] (Intel Corporation) R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2015-06-23] (Intel Corporation) R3 IDTP9145; C:\WINDOWS\System32\drivers\IDTP9145.sys [32256 2015-06-23] (Intel Corporation) S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation) R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (Intel(R) Corporation) R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation) R3 kxspb; C:\WINDOWS\System32\drivers\kxspb.sys [34272 2015-06-23] (Kionix, Inc.) S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [57256 2017-03-05] (Visicom Media Inc.) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220576 2017-06-10] (Malwarebytes) R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2015-06-23] (Intel Corporation) S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv.sys [30456 2014-12-28] (Visicom Media Inc.) R1 MpKsl1d592cca; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7BE08A90-F9F2-49AD-A543-6775C2AA2D2F}\MpKsl1d592cca.sys [39168 2017-06-10] (Microsoft Corporation) R1 MpKsl31a8d6b9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F99FB46-0C8C-4BA3-9C57-3214FF351A10}\MpKsl31a8d6b9.sys [39168 2017-06-09] (Microsoft Corporation) R1 MpKsl414632a0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16B61E52-7DE7-4D2A-BFB9-C3B70D1BD2E2}\MpKsl414632a0.sys [39168 2017-06-09] (Microsoft Corporation) R1 MpKsl6308d261; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E176A64D-6C3F-4879-B816-FB8CE4F545B5}\MpKsl6308d261.sys [39168 2017-06-06] (Microsoft Corporation) R1 MpKslb3ed8527; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{542E621D-9479-413B-BF16-B9AD0086C4E6}\MpKslb3ed8527.sys [39168 2017-06-08] (Microsoft Corporation) R1 MpKslf800fa61; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F99FB46-0C8C-4BA3-9C57-3214FF351A10}\MpKslf800fa61.sys [39168 2017-06-09] (Microsoft Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.) R3 ov2680; C:\WINDOWS\System32\drivers\ov2680.sys [40960 2015-06-23] (Intel Corporation) R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [23040 2016-06-15] (The OpenVPN Project) S3 RT-USB; C:\WINDOWS\system32\drivers\RT-USB.SYS [80256 2014-05-12] (Ross-Tech LLC) R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [185560 2015-06-23] (Realtek Semiconductor Corp.) R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [544000 2015-05-21] (Realtek Semiconductor Corporation) R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [3090944 2015-10-30] (Realtek Semiconductor Corporation ) S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [30848 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [184192 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [184192 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [61696 2015-12-13] (DEVGURU Co., LTD.) S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [184192 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [23296 2015-12-13] (DEVGURU Co., LTD.) R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2015-06-23] (Intel Corporation) R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [42400 2016-08-02] (USBPcap) S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [112920 2017-03-15] (Oracle Corporation) R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx86.sys [54696 2017-04-17] () S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation) R1 YSDrv; C:\Program Files\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys [220432 2017-06-01] (BigNox Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-05-11] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-05-11] (Zemana Ltd.) S3 CrucialSMBusScan; \??\C:\Users\getme\AppData\Local\Temp\CrucialSMBusScan_V32.sys [X] S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X] S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-10 10:03 - 2017-06-10 10:05 - 00030604 _____ C:\Users\getme\Downloads\FRST.txt 2017-06-10 10:03 - 2017-06-10 10:03 - 01775104 _____ (Farbar) C:\Users\getme\Downloads\FRST.exe 2017-06-10 10:03 - 2017-06-10 10:03 - 00000000 ____D C:\FRST 2017-06-10 09:49 - 2017-06-10 09:49 - 00000000 _____ C:\Users\getme\Downloads\directads.js 2017-06-10 09:24 - 2017-06-10 09:24 - 00000000 ____D C:\ProgramData\918562c62d514939a55f7c4f15229e41 2017-06-09 19:47 - 2017-06-09 19:47 - 00000000 ____D C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56 2017-06-09 19:47 - 2017-06-09 19:47 - 00000000 ____D C:\Users\getme\AppData\Local\e72126a493d24956be7cb3c8594edb2f 2017-06-09 15:50 - 2017-06-09 15:50 - 00000962 _____ C:\Users\getme\Desktop\Google Chrome.lnk 2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\c50cb8dd-6013-0 2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\c50cb8dd-0987-1 2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\a25d8c00 2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73} 2017-06-09 13:16 - 2017-06-09 13:16 - 00000000 ____D C:\ProgramData\{792b2320-312c-0} 2017-06-09 13:16 - 2017-06-09 13:16 - 00000000 ____D C:\ProgramData\{23b74da3-312c-1} 2017-06-09 13:13 - 2017-06-09 13:13 - 00000000 ____D C:\Program Files\ScreenShared 2017-06-09 13:10 - 2017-06-10 09:25 - 00000294 _____ C:\WINDOWS\Tasks\System HealerStartUp.job 2017-06-09 13:10 - 2017-06-09 15:42 - 00000294 _____ C:\WINDOWS\Tasks\System HealerPeriod.job 2017-06-09 13:08 - 2017-06-09 13:29 - 00000000 ____D C:\ProgramData\631cd7a4-5dc7-1 2017-06-09 13:06 - 2017-06-09 15:43 - 00000000 ____D C:\Users\getme\AppData\Roaming\System Healer 2017-06-09 13:06 - 2017-06-09 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer 2017-06-09 13:04 - 2017-06-10 09:25 - 00000000 ____D C:\Users\getme\AppData\Roaming\isMiner 2017-06-09 13:00 - 2017-06-09 13:06 - 00000000 ____D C:\WINDOWS\system32\SSL 2017-06-09 12:55 - 2017-06-09 13:28 - 00000000 ____D C:\Users\getme\AppData\Local\InetInfo 2017-06-08 01:13 - 2013-11-17 12:37 - 00000000 ____D C:\Users\getme\Desktop\rule34_downloader_win 2017-06-08 01:12 - 2017-06-08 01:13 - 09020383 _____ C:\Users\getme\Downloads\rule34_downloader_win.zip 2017-06-06 20:12 - 2017-06-06 20:12 - 00004001 _____ C:\Users\getme\lol.mid 2017-06-06 20:00 - 2017-06-06 20:00 - 00000000 _____ C:\Users\getme\Desktop\Stiupid.txt 2017-06-06 19:02 - 2017-06-06 19:02 - 00001151 _____ C:\Users\Public\Desktop\XSplit Gamecaster.lnk 2017-06-06 19:02 - 2017-06-06 19:02 - 00000000 ____D C:\ProgramData\SplitMediaLabs 2017-06-06 19:02 - 2017-06-06 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit 2017-06-06 19:02 - 2017-06-06 19:02 - 00000000 ____D C:\Program Files\SplitmediaLabs 2017-06-06 19:00 - 2017-06-06 19:00 - 00000000 ____D C:\Users\getme\AppData\Roaming\SplitmediaLabs 2017-06-06 18:33 - 2017-06-06 19:00 - 76332328 _____ (SplitmediaLabs) C:\Users\getme\Downloads\XSplit_Gamecaster_2.9.1701.1621.exe 2017-06-06 17:35 - 2017-06-10 09:24 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-06 17:35 - 2017-06-06 17:35 - 00002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-06-06 17:35 - 2017-06-06 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-06 17:35 - 2017-05-25 11:58 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys 2017-06-06 17:34 - 2017-06-06 17:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-06 17:34 - 2017-06-06 17:34 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-06 17:26 - 2017-06-06 17:34 - 64232976 _____ (Malwarebytes ) C:\Users\getme\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-06 17:23 - 2017-06-06 17:23 - 00000020 ___SH C:\Users\Summa\ntuser.ini 2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\My Documents 2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\Documents\My Videos 2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\Documents\My Pictures 2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\Documents\My Music 2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 ____D C:\Users\Summa\AppData\Local\VirtualStore 2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 ____D C:\Users\Summa 2017-06-06 17:10 - 2017-06-09 12:55 - 00000000 ____D C:\ProgramData\WindowsVideoErrorReporting 2017-06-06 17:10 - 2017-06-06 18:17 - 00000000 ____D C:\Users\getme\AppData\Local\llssoft 2017-06-06 17:10 - 2017-05-29 16:20 - 00000193 _____ C:\Users\getme\Desktop\Download Video and Audio Online.url 2017-06-06 17:05 - 2017-06-06 18:17 - 00000000 ____D C:\Users\getme\AppData\Local\ntuserlitelist 2017-06-06 17:05 - 2017-06-06 17:05 - 00000000 ____D C:\Users\getme\AppData\Roaming\c 2017-06-06 17:05 - 2017-06-06 17:05 - 00000000 ____D C:\Users\getme\AppData\Local\xqqqj 2017-06-06 17:03 - 2017-06-06 17:03 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_1.2.4_Full_Crack.iso 2017-06-06 17:00 - 2017-06-06 17:00 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_Crack_Free_Download.iso 2017-06-06 17:00 - 2017-06-06 17:00 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_Crack_Free_Download (2).iso 2017-06-06 17:00 - 2017-06-06 17:00 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_Crack_Free_Download (1).iso 2017-06-06 16:58 - 2017-06-06 16:58 - 00001443 _____ C:\Users\Public\Desktop\AceThinker Screen Grabber Pro.lnk 2017-06-06 16:58 - 2017-06-06 16:58 - 00000000 ____D C:\Users\getme\Documents\AceThinker 2017-06-06 16:58 - 2017-06-06 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AceThinker 2017-06-06 16:57 - 2017-06-06 16:57 - 00000000 ____D C:\Users\getme\AppData\Roaming\Apowersoft 2017-06-06 16:55 - 2017-06-06 16:57 - 17030464 _____ (AceThinker Limited ) C:\Users\getme\Downloads\screen-grabber-pro.exe 2017-06-06 16:19 - 2017-06-06 16:19 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2017-06-06 16:19 - 2017-06-06 16:19 - 00001096 _____ C:\Users\Public\Desktop\paint.net.lnk 2017-06-06 16:18 - 2017-06-06 16:20 - 00000000 ____D C:\Users\getme\AppData\Local\paint.net 2017-06-06 16:18 - 2017-06-06 16:19 - 00000000 ____D C:\Program Files\paint.net 2017-06-06 16:17 - 2017-04-16 17:26 - 07094520 _____ C:\Users\getme\Desktop\paint.net.4.0.16.install.exe 2017-06-06 16:15 - 2017-06-06 16:17 - 07067928 _____ C:\Users\getme\Downloads\paint.net.4.0.16.install.zip 2017-06-06 16:03 - 2017-06-06 16:03 - 00000122 _____ C:\Users\getme\Desktop\Welcome.vbs 2017-06-06 16:03 - 2017-06-06 16:03 - 00000122 _____ C:\Users\getme\Desktop\Welcome.txt 2017-06-06 07:33 - 2017-06-06 17:16 - 00000000 ____D C:\Users\getme\Desktop\Txt files 2017-06-06 07:28 - 2017-06-06 07:28 - 00000000 ____D C:\Users\getme\.hydrogen 2017-06-06 07:27 - 2017-06-06 07:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hydrogen - 0.9.7 2017-06-05 19:00 - 2017-06-05 19:00 - 00058648 _____ (3TZGHS) C:\WINDOWS\system32\Drivers\03ae9eb10bed1bc45673bb2f788455cf.sys 2017-06-05 19:00 - 2017-06-05 19:00 - 00037160 _____ C:\WINDOWS\uninstaller.dat 2017-06-03 11:45 - 2017-06-03 11:45 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Drummer Trial 2017-06-03 11:45 - 2017-06-03 11:45 - 00000000 ____D C:\Users\getme\AppData\Local\Benetrue 2017-06-02 21:54 - 2017-06-10 10:05 - 00093344 _____ C:\WINDOWS\ZAM.krnl.trace 2017-06-02 21:54 - 2017-06-10 10:05 - 00062416 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-06-02 15:29 - 2017-06-02 15:36 - 00000000 ____D C:\Users\getme\AppData\Roaming\VoipConnect 2017-06-02 15:29 - 2017-06-02 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect 2017-06-02 15:28 - 2017-06-02 15:28 - 00000000 ____D C:\Program Files\VoipConnect.com 2017-06-01 17:06 - 2017-06-01 17:06 - 00000000 ____D C:\Users\getme\AppData\Local\MultiPlayerManager 2017-06-01 15:39 - 2017-06-06 13:13 - 00000000 ____D C:\Users\getme\vmlogs 2017-06-01 15:39 - 2017-06-01 15:39 - 00000045 _____ C:\Users\getme\nuuid.ini 2017-06-01 15:39 - 2017-06-01 15:39 - 00000041 _____ C:\Users\getme\inst.ini 2017-06-01 15:39 - 2017-06-01 15:39 - 00000000 ____D C:\Users\getme\Nox_share 2017-06-01 15:38 - 2017-06-01 15:38 - 00001095 _____ C:\Users\getme\Desktop\Multi-Drive.lnk 2017-06-01 15:38 - 2017-06-01 15:38 - 00001014 _____ C:\Users\getme\Desktop\Nox.lnk 2017-06-01 15:38 - 2017-06-01 15:38 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Nox 2017-06-01 15:37 - 2017-06-06 13:13 - 00000000 ____D C:\Users\getme\.BigNox 2017-06-01 15:37 - 2017-06-01 15:37 - 00000000 ____D C:\Program Files\Bignox 2017-06-01 15:34 - 2017-06-09 13:13 - 00000000 ____D C:\Program Files\Nox 2017-06-01 15:33 - 2017-06-06 13:17 - 00000000 ____D C:\Users\getme\AppData\Local\Nox 2017-05-31 16:18 - 2017-05-31 16:21 - 00000000 ____D C:\Users\getme\Desktop\Ebooks 2017-05-29 15:57 - 2017-05-29 15:57 - 00154336 _____ C:\Users\getme\Downloads\GetImage (3) 2017-05-29 15:55 - 2017-05-29 15:55 - 00154336 _____ C:\Users\getme\Downloads\GetImage (2) 2017-05-29 15:54 - 2017-05-29 15:54 - 00154336 _____ C:\Users\getme\Downloads\GetImage (1) 2017-05-29 15:54 - 2017-05-29 15:54 - 00154336 _____ C:\Users\getme\Downloads\GetImage 2017-05-29 15:01 - 2017-05-29 15:01 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk 2017-05-29 15:01 - 2017-05-29 15:01 - 00001173 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk 2017-05-29 14:56 - 2017-05-29 14:56 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Tone Generator.lnk 2017-05-29 14:56 - 2017-05-29 14:56 - 00001165 _____ C:\Users\Public\Desktop\NCH Tone Generator.lnk 2017-05-29 14:55 - 2017-06-06 07:27 - 22042297 _____ C:\Users\getme\Downloads\Hydrogen-0.9.7-win32.exe 2017-05-29 14:37 - 2017-05-29 14:37 - 00001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crescendo Music Notation Editor.lnk 2017-05-29 14:37 - 2017-05-29 14:37 - 00001215 _____ C:\Users\Public\Desktop\Crescendo Music Notation Editor.lnk 2017-05-29 14:32 - 2017-05-29 15:01 - 00000000 ____D C:\Program Files\NCH Software 2017-05-29 14:32 - 2017-05-29 14:32 - 00002087 _____ C:\Users\Public\Desktop\NCH Suite.lnk 2017-05-29 14:32 - 2017-05-29 14:32 - 00001191 _____ C:\Users\Public\Desktop\MixPad Multitrack Recording Software.lnk 2017-05-29 14:08 - 2017-06-03 18:03 - 00000000 ____D C:\Users\getme\AppData\Roaming\Music Editor Free 2017-05-29 14:08 - 2017-05-29 14:08 - 00002062 _____ C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Music Editor Free.lnk 2017-05-29 14:08 - 2017-05-29 14:08 - 00002038 _____ C:\Users\getme\Desktop\Music Editor Free.lnk 2017-05-29 14:08 - 2017-05-29 14:08 - 00000000 ____D C:\Users\getme\AppData\Roaming\Music Editor Free New Version Available 2017-05-29 14:08 - 2017-05-29 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Editor Free 2017-05-29 14:07 - 2006-03-23 12:56 - 00113486 _____ C:\WINDOWS\system32\NCTWMAProfiles.prx 2017-05-29 14:07 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioInformation2.dll 2017-05-29 14:07 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\WINDOWS\system32\NCTAudioFile2.dll 2017-05-29 14:07 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioRecord2.dll 2017-05-29 14:07 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioPlayer2.dll 2017-05-29 14:07 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioEditor2.dll 2017-05-29 14:07 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioTransform2.dll 2017-05-29 14:07 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioVisualization2.dll 2017-05-29 14:07 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTTextToAudio2.dll 2017-05-29 14:07 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\WINDOWS\system32\NCTWMAFile2.dll 2017-05-29 14:07 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\WINDOWS\system32\NCTAudioCDGrabber2.dll 2017-05-29 14:07 - 2002-01-05 16:37 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr70.dll 2017-05-29 14:06 - 2017-05-29 14:08 - 00000000 ____D C:\Program Files\Music Editor Free 2017-05-27 20:23 - 2017-05-27 20:23 - 00000000 ____D C:\Users\getme\AppData\Roaming\Axolot Games 2017-05-27 20:23 - 2017-05-27 20:23 - 00000000 ____D C:\Users\getme\AppData\Local\Axolot Games 2017-05-27 20:06 - 2017-06-08 00:45 - 00000000 ____D C:\WINDOWS\Minidump 2017-05-27 18:55 - 2017-05-27 19:03 - 00000557 _____ C:\Users\getme\TestWeb.html 2017-05-27 18:53 - 2017-05-28 21:00 - 00000000 ____D C:\Users\getme\AppData\Roaming\NetBeans 2017-05-27 18:53 - 2017-05-27 18:53 - 00000000 ____D C:\Users\getme\AppData\Local\NetBeans 2017-05-27 17:56 - 2017-05-27 17:56 - 00000000 ____D C:\Program Files\Common Files\Java 2017-05-27 17:53 - 2017-05-27 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2017-05-27 17:52 - 2017-05-27 17:52 - 00000000 ____D C:\Users\getme\AppData\LocalLow\Oracle 2017-05-27 15:51 - 2017-05-27 15:51 - 00000000 ____D C:\Users\getme\AppData\Local\EasyWays 2017-05-24 09:02 - 2017-04-27 23:59 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-05-24 09:02 - 2017-04-27 22:56 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-05-24 09:02 - 2017-04-27 21:51 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-05-24 09:02 - 2017-04-27 21:40 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-05-24 09:02 - 2017-04-27 21:33 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-05-24 09:02 - 2017-04-27 21:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-05-24 09:02 - 2017-04-27 21:18 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-05-24 09:02 - 2017-04-27 20:59 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-05-24 09:02 - 2017-04-27 20:59 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-05-24 09:02 - 2017-04-27 20:50 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-05-24 09:02 - 2017-04-27 20:47 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-05-24 09:02 - 2017-04-27 20:25 - 01901568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-05-24 09:02 - 2017-04-27 19:51 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-05-24 09:01 - 2017-04-28 00:01 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-05-24 09:01 - 2017-04-27 23:59 - 05791584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-05-24 09:01 - 2017-04-27 23:35 - 02885680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2017-05-24 09:01 - 2017-04-27 23:04 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-05-24 09:01 - 2017-04-27 22:56 - 02945648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-05-24 09:01 - 2017-04-27 22:45 - 01536600 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2017-05-24 09:01 - 2017-04-27 21:39 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-05-24 09:01 - 2017-04-27 21:23 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-05-24 09:01 - 2017-04-27 21:18 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-05-24 09:01 - 2017-04-27 21:12 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-05-24 09:01 - 2017-04-27 21:07 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-05-24 09:01 - 2017-04-27 21:01 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2017-05-24 09:01 - 2017-04-27 20:56 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-05-24 09:01 - 2017-04-27 20:55 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-05-24 09:01 - 2017-04-27 20:55 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-05-24 09:01 - 2017-04-27 20:54 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-05-24 09:01 - 2017-04-27 20:46 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-05-24 09:01 - 2017-04-27 20:32 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-05-24 09:01 - 2017-04-27 20:25 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-05-24 09:01 - 2017-04-27 20:21 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-05-24 09:01 - 2017-04-27 20:20 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-05-24 09:01 - 2017-04-27 20:19 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2017-05-24 09:01 - 2017-04-27 20:06 - 12139008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-05-24 09:01 - 2017-04-27 20:06 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-05-24 09:01 - 2017-04-27 20:04 - 03660288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-05-24 09:01 - 2017-04-27 19:53 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2017-05-24 09:00 - 2017-04-27 23:59 - 01862000 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2017-05-24 09:00 - 2017-04-27 23:56 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-05-24 09:00 - 2017-04-27 22:57 - 01813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-05-24 09:00 - 2017-04-27 22:57 - 00959144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-05-24 09:00 - 2017-04-27 22:56 - 00024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2017-05-24 09:00 - 2017-04-27 22:53 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-05-24 09:00 - 2017-04-27 22:52 - 05240448 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-05-24 09:00 - 2017-04-27 22:51 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-05-24 09:00 - 2017-04-27 22:51 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2017-05-24 09:00 - 2017-04-27 22:50 - 05598832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2017-05-24 09:00 - 2017-04-27 22:49 - 00995296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2017-05-24 09:00 - 2017-04-27 22:49 - 00510880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-05-24 09:00 - 2017-04-27 22:20 - 01711456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-05-24 09:00 - 2017-04-27 21:50 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll 2017-05-24 09:00 - 2017-04-27 21:45 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcl.dll 2017-05-24 09:00 - 2017-04-27 21:32 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2017-05-24 09:00 - 2017-04-27 21:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2017-05-24 09:00 - 2017-04-27 21:21 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp 2017-05-24 09:00 - 2017-04-27 21:21 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll 2017-05-24 09:00 - 2017-04-27 21:15 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-05-24 09:00 - 2017-04-27 21:15 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-05-24 09:00 - 2017-04-27 21:14 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2017-05-24 09:00 - 2017-04-27 21:13 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-05-24 09:00 - 2017-04-27 21:12 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2017-05-24 09:00 - 2017-04-27 21:11 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-05-24 09:00 - 2017-04-27 21:11 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-05-24 09:00 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-05-24 09:00 - 2017-04-27 21:07 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-05-24 09:00 - 2017-04-27 21:04 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2017-05-24 09:00 - 2017-04-27 20:57 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll 2017-05-24 09:00 - 2017-04-27 20:55 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2017-05-24 09:00 - 2017-04-27 20:53 - 01150976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-05-24 09:00 - 2017-04-27 20:53 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-05-24 09:00 - 2017-04-27 20:51 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-05-24 09:00 - 2017-04-27 20:50 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-05-24 09:00 - 2017-04-27 20:49 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2017-05-24 09:00 - 2017-04-27 20:47 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-05-24 09:00 - 2017-04-27 20:46 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe 2017-05-24 09:00 - 2017-04-27 20:34 - 02972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-05-24 09:00 - 2017-04-27 20:22 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-05-24 09:00 - 2017-04-27 20:22 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-05-24 09:00 - 2017-04-27 20:07 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-05-24 09:00 - 2017-04-27 20:05 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-05-24 09:00 - 2017-04-27 20:04 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-05-24 09:00 - 2017-04-27 20:03 - 18673152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-05-24 09:00 - 2017-04-27 19:57 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-05-24 09:00 - 2017-04-27 19:55 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2017-05-24 09:00 - 2017-04-27 19:50 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2017-05-24 09:00 - 2017-04-27 19:47 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-05-24 09:00 - 2017-04-27 19:42 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-05-24 08:59 - 2017-04-27 22:19 - 01394544 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2017-05-24 08:59 - 2017-04-27 21:31 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-05-24 08:59 - 2017-04-27 21:15 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2017-05-24 08:59 - 2017-04-27 21:13 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-05-24 08:59 - 2017-04-27 20:56 - 01746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2017-05-24 08:59 - 2017-04-27 20:34 - 01801216 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-05-19 23:47 - 2017-05-19 23:47 - 00118525 _____ C:\Users\getme\Documents\recording.wma 2017-05-19 23:44 - 2017-05-19 23:44 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Loop Recorder 2017-05-19 23:44 - 2002-08-29 06:14 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\system32\W95Inf16.DLL 2017-05-19 23:44 - 2001-08-17 21:43 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\W95Inf32.DLL 2017-05-19 16:53 - 2017-05-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps 2017-05-19 16:47 - 2017-05-19 16:47 - 11633320 _____ C:\Users\getme\Downloads\Edit-1.wav 2017-05-19 10:01 - 2017-05-19 10:01 - 00001826 _____ C:\Users\getme\Desktop\Cain.lnk 2017-05-17 17:26 - 2017-05-17 17:26 - 00000000 ____D C:\Users\getme\Desktop\Old Firefox Data 2017-05-17 11:32 - 2017-05-17 11:32 - 00125952 _____ C:\Users\getme\AppData\Local\report 2017-05-15 23:53 - 2017-05-15 23:53 - 00000000 ____D C:\Program Files\MSECache 2017-05-14 18:34 - 2017-05-31 10:25 - 00000000 ____D C:\Users\getme\AppData\Roaming\RealVNC 2017-05-14 18:34 - 2017-05-14 18:34 - 00000000 ____D C:\Users\getme\AppData\Local\RealVNC 2017-05-14 17:20 - 2017-05-14 17:20 - 02402457 _____ () C:\Users\getme\Desktop\ipscan-win32-3.5.1.exe 2017-05-14 17:20 - 2017-05-14 17:20 - 00000000 ____D C:\Users\getme\.swt 2017-05-12 23:05 - 2017-05-12 22:58 - 02053120 _____ (TODO: <Company name>) C:\Users\getme\AppData\Local\InSility.exe 2017-05-12 22:56 - 2017-05-12 22:56 - 00719521 _____ C:\WINDOWS\unins000.exe 2017-05-12 22:56 - 2017-05-12 22:56 - 00003833 _____ C:\WINDOWS\unins000.dat 2017-05-12 22:20 - 2017-05-12 22:27 - 00004981 _____ C:\Users\getme\Desktop\lol.vbs 2017-05-11 15:16 - 2017-05-14 19:17 - 00000000 ____D C:\Users\getme\Desktop\Omegle-Chat-Hack-master 2017-05-11 14:58 - 2017-05-28 21:01 - 00000000 ____D C:\Users\getme\.nbi 2017-05-11 10:38 - 2017-05-11 10:38 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys 2017-05-11 10:38 - 2017-05-11 10:38 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys 2017-05-11 10:38 - 2017-05-11 10:38 - 00001965 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-05-11 10:38 - 2017-05-11 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-05-11 10:37 - 2017-05-11 10:38 - 00000000 ____D C:\Program Files\Zemana AntiMalware 2017-05-11 10:37 - 2017-05-11 10:37 - 00000000 ____D C:\Users\getme\AppData\Local\Zemana ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-10 10:04 - 2016-12-24 16:34 - 00000282 _____ C:\WINDOWS\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD}.job 2017-06-10 09:37 - 2017-03-08 09:37 - 00000294 _____ C:\WINDOWS\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6}.job 2017-06-10 09:27 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-10 09:25 - 2017-03-08 11:20 - 00000000 ____D C:\Program Files\Steam 2017-06-10 09:24 - 2016-12-22 18:09 - 00000000 ____D C:\Users\getme 2017-06-10 09:23 - 2016-12-22 21:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-09 23:15 - 2016-12-22 18:15 - 00000000 ____D C:\Users\getme\AppData\Roaming\Skype 2017-06-09 19:49 - 2017-04-18 21:58 - 00000000 ____D C:\Users\getme\AppData\Roaming\discord 2017-06-09 13:28 - 2017-04-17 19:30 - 00000000 ____D C:\Users\getme\AppData\Local\ElevatedDiagnostics 2017-06-09 13:28 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-09 13:19 - 2016-12-22 20:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-09 13:13 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2017-06-08 00:46 - 2016-12-26 18:43 - 00000330 _____ C:\Users\getme\AppData\Roaming\WB.CFG 2017-06-08 00:46 - 2016-12-24 16:34 - 00000000 ____D C:\Program Files\Common Files\UpdateTask 2017-06-08 00:45 - 2016-12-22 20:12 - 00182291 ____N C:\WINDOWS\Minidump\060817-12625-01.dmp 2017-06-06 19:12 - 2016-12-22 20:12 - 00098883 ____N C:\WINDOWS\Minidump\060617-14187-01.dmp 2017-06-06 18:19 - 2016-12-22 20:12 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2017-06-06 18:18 - 2017-04-17 13:57 - 00000000 ____D C:\Program Files\Cain 2017-06-06 17:05 - 2017-04-20 00:49 - 00000000 ____D C:\Users\getme\Desktop\Everything 2017-06-06 17:05 - 2017-04-19 17:22 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-06-06 17:05 - 2017-04-18 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2017-06-06 17:05 - 2017-03-11 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2017-06-06 17:05 - 2017-03-08 14:52 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon 2017-06-06 15:54 - 2016-12-22 21:00 - 00000000 ____D C:\Intel 2017-06-06 15:14 - 2016-12-22 18:12 - 00000000 __SHD C:\Users\getme\IntelGraphicsProfiles 2017-06-06 13:13 - 2017-03-08 16:33 - 00000000 ____D C:\Users\getme\.android 2017-06-06 07:53 - 2016-12-22 20:27 - 00000000 ____D C:\WINDOWS\INF 2017-06-06 07:53 - 2016-12-22 18:13 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-06 07:35 - 2015-05-08 22:28 - 00000000 ____D C:\Users\getme\Desktop\Ysflight 2017-06-04 04:08 - 2017-03-09 12:15 - 00000000 ____D C:\Users\getme\Documents\My Games 2017-06-02 15:17 - 2016-12-22 20:30 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-01 17:07 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-06-01 15:37 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\Registration 2017-05-31 15:07 - 2016-12-22 18:12 - 00000000 ____D C:\Users\getme\AppData\Local\Packages 2017-05-30 16:45 - 2016-12-22 19:00 - 00456360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-05-30 13:47 - 2017-03-18 13:47 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Itch Corp 2017-05-30 13:47 - 2017-03-18 13:46 - 00000000 ____D C:\Users\getme\AppData\Local\itch 2017-05-29 15:01 - 2017-03-17 14:19 - 00000000 ____D C:\Users\getme\AppData\Roaming\NCH Software 2017-05-29 15:01 - 2017-03-17 14:18 - 00000000 ____D C:\ProgramData\NCH Software 2017-05-29 14:32 - 2017-03-17 14:18 - 00001203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Multitrack Recording Software.lnk 2017-05-29 14:30 - 2017-04-30 18:55 - 00000000 ____D C:\Users\getme\AppData\Roaming\Audacity 2017-05-27 18:18 - 2017-04-27 18:41 - 00000000 ____D C:\Users\getme\AppData\Local\Mixxx 2017-05-27 17:56 - 2017-04-17 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-05-27 17:55 - 2017-04-17 17:15 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2017-05-27 17:55 - 2017-04-17 17:14 - 00000000 ____D C:\Program Files\Java 2017-05-27 17:49 - 2017-03-18 13:58 - 00000000 ____D C:\Users\getme\.oracle_jre_usage 2017-05-27 13:05 - 2017-03-09 11:24 - 00000000 ____D C:\Users\getme\VirtualBox VMs 2017-05-27 13:04 - 2017-03-19 18:19 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daring Development Inc 2017-05-27 13:04 - 2017-03-19 18:18 - 00000000 ____D C:\Users\getme\AppData\Local\Infinity 2017-05-27 13:04 - 2017-03-17 20:14 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-05-27 13:04 - 2017-03-08 18:26 - 00000000 ____D C:\Users\getme\AppData\Local\SkypePlugin 2017-05-27 13:04 - 2016-12-22 18:15 - 00000000 ___RD C:\Users\getme\OneDrive 2017-05-27 13:03 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-05-26 22:39 - 2017-03-18 13:44 - 00000000 ____D C:\Users\getme\AppData\LocalLow\Mozilla 2017-05-25 03:25 - 2016-12-22 20:17 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-05-25 00:39 - 2016-12-22 20:59 - 00192856 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ___SD C:\WINDOWS\system32\F12 2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Windows Defender 2017-05-24 02:06 - 2016-12-22 18:57 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-05-24 02:00 - 2016-12-22 18:57 - 129479984 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-05-23 01:57 - 2017-04-24 07:51 - 00000853 _____ C:\Users\getme\Desktop\Starbound.v1.2.4 - Shortcut.lnk 2017-05-22 19:27 - 2017-03-08 15:24 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-05-17 19:21 - 2017-04-17 19:21 - 00000438 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job 2017-05-17 14:52 - 2017-03-08 18:33 - 00000000 ____D C:\ProgramData\Skype 2017-05-16 07:32 - 2017-03-08 09:52 - 00000000 ____D C:\Program Files\Google 2017-05-14 14:40 - 2017-03-09 11:23 - 00000000 ____D C:\Users\getme\AppData\Local\Adobe 2017-05-14 14:39 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-05-13 10:42 - 2017-03-18 13:32 - 00000000 ____D C:\Users\getme\AppData\Local\Mozilla 2017-05-11 17:37 - 2017-03-08 09:37 - 00000000 ____D C:\Users\getme\AppData\Local\61DF03E7-9545-0044-8045-1B7C1EEEE9A6 2017-05-11 14:51 - 2017-03-08 09:52 - 00000000 ____D C:\Users\getme\AppData\Local\Google 2017-05-11 10:42 - 2017-03-14 15:16 - 00000104 _____ C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2017-05-11 10:42 - 2017-03-08 09:42 - 00000104 _____ C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk ==================== Files in the root of some directories ======= 2017-03-26 09:25 - 2017-03-26 09:25 - 0199659 _____ () C:\Users\getme\AppData\Roaming\MixPad.dmp 2016-12-26 18:43 - 2017-06-08 00:46 - 0000330 _____ () C:\Users\getme\AppData\Roaming\WB.CFG 2017-05-06 18:58 - 2017-05-06 18:58 - 0003584 _____ () C:\Users\getme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-05-12 23:05 - 2017-05-12 22:58 - 2053120 _____ (TODO: <Company name>) C:\Users\getme\AppData\Local\InSility.exe 2017-03-14 19:40 - 2017-03-14 19:57 - 0000600 _____ () C:\Users\getme\AppData\Local\PUTTY.RND 2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\getme\AppData\Local\report 2017-03-08 15:26 - 2017-03-10 13:20 - 0000552 _____ () C:\Users\getme\AppData\Local\TroubleshooterConfig.json Files to move or delete: ==================== C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe? C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe C:\Windows\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6}.job C:\Windows\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD}.job Some files in TEMP: ==================== 2017-04-20 22:49 - 2017-04-20 22:49 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\6-vntd0o.dll 2017-06-09 13:16 - 2017-06-09 13:16 - 1335808 _____ () C:\Users\getme\AppData\Local\Temp\9711983.t.exe 2017-03-26 22:28 - 2017-03-26 22:29 - 0000000 _____ () C:\Users\getme\AppData\Local\Temp\GUR363C.exe 2017-03-09 08:24 - 2017-03-09 08:24 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\hvckwgtz.dll 2017-03-19 18:12 - 2017-03-19 18:18 - 52914288 _____ (Daring Development Inc.) C:\Users\getme\AppData\Local\Temp\Infinity-Setup.exe 2017-03-09 08:23 - 2017-03-09 08:24 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\ko2l1xbm.dll 2017-03-08 17:05 - 2017-03-08 17:05 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\mfqde3ww.dll 2017-03-12 18:25 - 2017-03-12 18:25 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\skcnxvw4.dll 2017-04-17 18:04 - 2017-04-17 18:04 - 0541696 _____ () C:\Users\getme\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll 2017-06-06 17:10 - 2017-06-06 17:09 - 1199825 _____ () C:\Users\getme\AppData\Local\Temp\unins000.exe 2014-09-11 17:32 - 2014-09-11 17:32 - 6498200 _____ (Microsoft Corporation) C:\Users\getme\AppData\Local\Temp\vcredist_x86.exe 2017-03-08 18:18 - 2017-03-08 18:21 - 14456872 _____ (Microsoft Corporation) C:\Users\getme\AppData\Local\Temp\vc_redist.x86.exe 2017-04-20 22:49 - 2017-04-20 22:49 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\xg2jniao.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-22 20:59 ==================== End of FRST.txt ============================ And Addition.TXT Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2017 01 Ran by Asriel (10-06-2017 10:06:58) Running from C:\Users\getme\Downloads Microsoft Windows 10 Home Version 1511 (X86) (2016-12-22 22:07:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1420558640-2585559921-1678375398-500 - Administrator - Disabled) Asriel (S-1-5-21-1420558640-2585559921-1678375398-1001 - Administrator - Enabled) => C:\Users\getme DefaultAccount (S-1-5-21-1420558640-2585559921-1678375398-503 - Limited - Disabled) Guest (S-1-5-21-1420558640-2585559921-1678375398-501 - Limited - Disabled) Summa (S-1-5-21-1420558640-2585559921-1678375398-1002 - Administrator - Enabled) => C:\Users\Summa ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AceThinker Screen Grabber Pro V1.0.7 (HKLM\...\{dc9006db-6b05-4f0f-833b-79ef3f284c28}_is1) (Version: 1.0.7 - AceThinker Limited) Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 2.6.104.6367 - BlueStack Systems, Inc.) Cain & Abel 4.9.56 (HKLM\...\Cain & Abel 4.9.56) (Version: - ) Citrix Online Launcher (HKLM\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix) Crescendo Music Notation Editor (HKLM\...\Crescendo) (Version: 2.00 - NCH Software) D3DGear (HKLM\...\D3DGear_is1) (Version: 5.0.0.2066 - D3DGear Technologies) Debut Video Capture Software (HKLM\...\Debut) (Version: 4.00 - NCH Software) Discord (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Discord (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Discord (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Driver Easy 5.5.0 (HKLM\...\DriverEasy_is1) (Version: 5.5.0 - Easeware) Electa Live Screen Recorder (HKLM\...\{ACBEFFFE-9499-407A-8D44-C1DDB3DB94F0}) (Version: 1.2 - ELECTA COMMUNICATIONS LTD) Express Scribe Transcription Software (HKLM\...\Scribe) (Version: 6.00 - NCH Software) ffdshow v1.3.4532 [2014-07-17] (HKLM\...\ffdshow_is1) (Version: 1.3.4532.0 - ) Fraps (remove only) (HKLM\...\Fraps) (Version: - ) FrostWire 6.4.7 (HKLM\...\FrostWire 6) (Version: 6.4.7.229 - FrostWire LLC) Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden HeavyLoad V3.3 (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software) Hydrogen (Advanced drum machine for GNU/Linux) (HKLM\...\ON) (Version: 0.9.7 - Hydrogen Developers) Isminer 19 (HKLM\...\isMiner) (Version: 19 - isMiner inc ) <==== ATTENTION Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java SE Development Kit 8 Update 131 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation) League of Legends (HKLM\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (Version: 4.1.2 - Riot Games) Hidden Loop Recorder (HKLM\...\Loop Recorder) (Version: 2.08 - ) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MixPad Multitrack Recording Software (HKLM\...\MixPad) (Version: 4.31 - NCH Software) Mixxx 2.0.0 (HKLM\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team) Music Editor Free v10.8.0 (HKLM\...\Music Editor Free_is1) (Version: - Copyright(C) 2005-2017 MEFMedia, Inc.) NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.26 - NCH Software) Nexon Launcher (HKLM\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon) Nox APP Player (HKLM\...\Nox) (Version: 3.8.2.0 - Duodian Technology Co. Ltd.) paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F36}) (Version: 4.0.16 - dotPDN LLC) PC Drummer Trial 6.01 (HKLM\...\{D9D4E4D8-7947-4CF2-9A18-1C8B131BB3CD}) (Version: 6.01 - Benetrue, Inc.) Prism Video File Converter (HKLM\...\Prism) (Version: 2.63 - NCH Software) PrivateTunnel (HKLM\...\PrivateTunnel) (Version: 2.8.2.0 - OpenVPN Technologies) PuTTY release 0.68 (HKLM\...\{55717628-7AE6-4BCF-A046-FA2768945E76}) (Version: 0.68.0.0 - Simon Tatham) Python Launcher (HKLM\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation) RAR Password Cracker (HKLM\...\RAR Password Cracker) (Version: 4.20 - dnSoft Research Group) RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 5.35 - NCH Software) ROBLOX Player for getme (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for getme (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for getme (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Screen Recorder Free 8.8.1 (HKLM\...\Screen Recorder Free_is1) (Version: - VisionLot Co., Ltd.) Skype™ 7.35 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stencyl (HKLM\...\Stencyl) (Version: /root/.jenkins/jobs/Stencyl-Windows/workspace/build - Stencyl, LLC) Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) Switch Sound File Converter (HKLM\...\Switch) (Version: 5.20 - NCH Software) System Healer (HKLM\...\SystemHealer) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION The Windows Intel Fastest Mouse Clicker version 1.7.0.0 (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\The Windows Intel Fastest Mouse Clicker_is1) (Version: 1.7.0.0 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB)) The Windows Intel Fastest Mouse Clicker version 1.7.0.0 (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\The Windows Intel Fastest Mouse Clicker_is1) (Version: 1.7.0.0 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB)) The Windows Intel Fastest Mouse Clicker version 1.7.0.0 (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\The Windows Intel Fastest Mouse Clicker_is1) (Version: 1.7.0.0 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB)) UE4 Prerequisites (x86) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x86) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden USBPcap 1.1.0.0-g794bf26-5 (HKLM\...\USBPcap) (Version: 1.1.0.0-g794bf26-5 - ) VCDS Release 16.8.4 (HKLM\...\VCDS Release) (Version: 16.8.4 - Ross-Tech) VideoPad Video Editor (HKLM\...\VideoPad) (Version: 5.01 - NCH Software) VoipConnect (HKLM\...\VoipConnect_is1) (Version: 4.14 build 779 - Finarea S.A. Switzerland) Voxal Voice Changer (HKLM\...\Voxal) (Version: 2.00 - NCH Software) Warp Speed PC Tune-up Software (HKLM\...\Warp) (Version: 1.14 - NCH Software) WavePad Sound Editor (HKLM\...\WavePad) (Version: 7.05 - NCH Software) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wireshark 2.2.6 (32-bit) (HKLM\...\Wireshark) (Version: 2.2.6 - The Wireshark developer community, hxxps://www.wireshark.org) Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) XSplit Gamecaster (HKLM\...\{0385E519-A43B-4F2A-B592-48F2B4668B48}) (Version: 2.9.1701.1621 - SplitmediaLabs) Yahoo! Powered (HKLM\...\{1D5DF59D-4DDD-241D-FC5D-549D2CDD871D}) (Version: - ) <==== ATTENTION YS FLIGHT SIMULATOR (HKLM\...\YS FLIGHT SIMULATOR) (Version: - ) Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {15869919-D02C-436E-A1A1-1BDE3AFAF250} - System32\Tasks\SystemHealer Monitor => C:\Program Files\SystemHealer\HealerConsole.exe <==== ATTENTION Task: {1CF7DAA3-F923-457B-BE85-41F81BE1C1DF} - System32\Tasks\{7DDBED96-60D4-EA9F-DDB8-0CC50E3D1638} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\a25d8c00\865d76a7.dll" <==== ATTENTION Task: {3F0C6678-D0D7-41C2-8AE6-B597459DADDE} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: {42133233-89FF-43CD-928A-C9791F420B8B} - System32\Tasks\System HealerStartUp => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION Task: {66509DC6-BFB9-407B-82C6-CAB79C5A6816} - System32\Tasks\System Healer Task => C:\PROGRA~1\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION Task: {72E06A02-A162-4605-BEC3-CF50A90EC51F} - \{0D797847-0A79-7A7D-0911-0D04087F1108} -> No File <==== ATTENTION Task: {7748CEB5-7911-4E9F-9194-D42F370C6CCC} - System32\Tasks\SystemHealer Run Delay => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION Task: {83C5F6A3-5BAD-4ED6-8D93-EE8FCC518869} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-14] (Adobe Systems Incorporated) Task: {C74611C6-6C99-47EB-947F-6D789A0ECA26} - System32\Tasks\System HealerPeriod => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION Task: {E65AA93D-C431-44F4-A309-B79939DBF886} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\PROGRA~1\D3DGear\d3dGear.exe Task: {E6A12039-93D2-45A6-8E43-9BFFBBBA1606} - System32\Tasks\{1189A674-A622-11DF-B1C4-C87E55639589} => C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73}\5880A280-EF2B-152B-AF46-AEB293F45386.exe [2017-06-09] () <==== ATTENTION Task: {F1E6E542-4FA4-49BD-A993-55E8105DBFB7} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\VideErroroReporting => C:\\ProgramData\\WindowsVideoErrorReporting\\wvermgr.exe [2017-06-06] () Task: {F5FC3FCA-45CB-4F2E-B351-EDF592BFBE59} - System32\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6} => C:\Users\getme\AppData\Local\61DF03~1\Sync.exe <==== ATTENTION Task: {FCB27063-0C81-4B0E-AD7F-84F64991BF6E} - System32\Tasks\3a6505d76c4845ab634ee923daa42779 => sc start 3a6505d76c4845ab634ee923daa42779 Task: {FD4530D1-ACEB-4560-A21C-28BB8584D71E} - System32\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD} => C:\Program Files\Common Files\UpdateTask\updane.exe [2013-04-25] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\WINDOWS\Tasks\System HealerPeriod.job => <==== ATTENTION Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6}.job => C:\Users\getme\AppData\Local\61DF03~1\Sync.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD}.job => C:\PROGRA~1\COMMON~1\UPDATE~1\updane.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\getme\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm Shortcut: C:\Users\getme\Desktop\Everything\Gоogle Сhrоme.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\Desktop\Everything\RОBLОX Рlаyer.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\Desktop\Everything\Мineсraft.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnualtfarcenim.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\Desktop\Everything\Мozillа Firеfох.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\Desktop\Everything\VPNS & Anon stuff\Stаrt Тor Brоwser.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\Desktop\Everything\VPNS & Anon stuff\Tor Browser\Stаrt Тоr Вrоwser.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\Desktop\Everything\Anti virus!\Games\Lеаguе оf Legеnds.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual.lol.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nехоn Launсher.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\RОВLOХ Plаyer.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nеxоn Lаuncher.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.4.7-SafeMode.lnk -> C:\Program Files\FrostWire 6\frostwire.bat (No File) Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Exрlorеr.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Chrоmе.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:44 - 2015-10-30 01:44 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-08-29 13:31 - 2016-08-29 13:31 - 00949480 _____ () C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe 2017-05-24 09:00 - 2017-04-27 23:59 - 01862000 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-05-11 10:38 - 2017-05-11 10:38 - 00130928 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll 2015-12-18 20:20 - 2015-12-07 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-09-15 07:24 - 2016-06-30 23:31 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2017-03-15 01:41 - 2017-03-03 23:21 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 01:41 - 2017-03-03 23:18 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-04-17 11:14 - 2017-03-28 00:27 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-24 09:01 - 2017-04-27 19:45 - 02657792 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-15 01:41 - 2017-03-03 23:18 - 00696832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-06-10 09:24 - 2017-06-10 09:24 - 00260608 _____ () C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe 2017-04-18 21:58 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\getme\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-04-18 21:59 - 2017-04-18 21:59 - 01082880 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-04-18 21:59 - 2017-04-18 21:59 - 03750400 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-04-18 21:59 - 2017-04-18 21:59 - 00914432 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-04-18 21:59 - 2017-04-18 21:59 - 01127424 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2017-04-18 21:58 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\getme\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-04-18 21:58 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\getme\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-06-09 13:17 - 2017-06-09 13:17 - 01335808 _____ () C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73}\5880A280-EF2B-152B-AF46-AEB293F45386.exe 2017-03-17 15:12 - 2017-03-17 15:14 - 01632256 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxMail.exe 2017-03-17 15:12 - 2017-03-17 15:16 - 07139008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll 2017-03-17 15:12 - 2017-03-17 15:17 - 00636608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll 2015-10-30 01:45 - 2015-10-30 01:45 - 00164224 _____ () c:\windows\system32\WerEtw.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-12-22 20:31 - 2017-06-10 09:24 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093741657\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801591\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093742114\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801681\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-1420558640-2585559921-1678375398-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093746649\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1420558640-2585559921-1678375398-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093804491\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: Chromium => c:\users\getme\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session --restore-last-session MSCONFIG\startupreg: ManyCam => "C:\Program Files\ManyCam\ManyCam.exe" --silent HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{36F6E896-A4FD-4C68-A2C2-B640FDE488D8}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{FF7A0B8E-8CCB-41BA-ACFC-F5F70862A97E}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{7CBB6BE4-6F5D-4C0F-8BD8-BA5BAF1A9F89}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{26E63C6F-70F8-40D1-B71A-44F816D4147B}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{3DD1CDAB-9B6A-44D9-829F-2089909A1913}C:\users\getme\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\getme\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{62109385-E2B7-4DEC-87A4-ABBF03A3DF76}C:\users\getme\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\getme\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [{AC6FFB0F-2E39-4278-8D42-D6BB542812D0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{A4472880-C496-48D5-8CB8-1AAEFA18C10F}] => (Allow) C:\Program Files\FrostWire 6\FrostWire.exe FirewallRules: [{0E0A7CAC-69EF-4F63-9167-C7F17CC1D3D3}] => (Allow) C:\Program Files\FrostWire 6\FrostWire.exe FirewallRules: [TCP Query User{A8C4A8DA-DE3F-4921-B16D-B427B0E29836}C:\users\getme\desktop\hack\server\bfs.exe] => (Allow) C:\users\getme\desktop\hack\server\bfs.exe FirewallRules: [UDP Query User{3CD74157-503F-4DFA-9880-779E5F729280}C:\users\getme\desktop\hack\server\bfs.exe] => (Allow) C:\users\getme\desktop\hack\server\bfs.exe FirewallRules: [{FB572211-8864-4D60-92D5-F5187195AC8A}] => (Allow) C:\Users\getme\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{59B7AD2C-AAEA-411A-AFAE-AE825AFECF99}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe FirewallRules: [{8EEE5D3F-68AA-46CE-8C2B-DF84D7F5A2DF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{1C306956-3439-4C81-9ABC-7DF2C6344CAB}C:\program files\cain\cain.exe] => (Allow) C:\program files\cain\cain.exe FirewallRules: [UDP Query User{3F6EBF0C-1A70-439D-8CBC-42167BC0BF08}C:\program files\cain\cain.exe] => (Allow) C:\program files\cain\cain.exe FirewallRules: [TCP Query User{13E833F2-2A34-44C0-8431-A681E176EECF}C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe] => (Allow) C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe FirewallRules: [UDP Query User{C376C6FF-D170-4B18-BFA4-AC5937AB75C1}C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe] => (Allow) C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe FirewallRules: [TCP Query User{DC34E745-1D83-46ED-BB56-18114744B28B}C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe] => (Allow) C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe FirewallRules: [UDP Query User{5F8C280E-6F66-4D66-A623-981842B9EA8B}C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe] => (Allow) C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe FirewallRules: [{F432B2A0-A954-45CE-87F3-4D9A1651F54C}] => (Allow) C:\Program Files\Nox\bin\Nox.exe FirewallRules: [{8CC00328-37BF-4021-A004-B594BF4E5BA3}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe FirewallRules: [TCP Query User{DF4A799A-8E7C-4CE1-9779-AF33CC3C3D20}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [UDP Query User{783CC14B-CE8F-4E34-A541-A6BFE4041209}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [{B1D71576-9975-4278-955B-6F92D8859F5E}] => (Allow) C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe FirewallRules: [{59822619-2887-43C3-A0F5-D7EAF4636C99}] => (Allow) C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe FirewallRules: [{F7CD0ACD-D2C5-4B92-9F1B-0BC6FC1B730C}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe FirewallRules: [{840B6506-1168-444E-AB93-370B5083A3D6}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe FirewallRules: [{1A7B527B-82B0-492F-A9AB-8F2E2E977880}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe FirewallRules: [{AB7355D6-2881-45B3-9F02-EAE6BF51B916}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/10/2017 09:43:56 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\SplitmediaLabs\XSplit Gamecaster\instvad64.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/10/2017 09:43:55 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\SplitmediaLabs\XSplit Gamecaster\instvad32.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/10/2017 09:42:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HxMail.exe, version: 0.0.0.0, time stamp: 0x58c07c42 Faulting module name: combase.dll, version: 10.0.10586.916, time stamp: 0x59028b2e Exception code: 0xc000027b Fault offset: 0x00163d1e Faulting process id: 0x21b0 Faulting application start time: 0x01d2e1ef65892552 Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxMail.exe Faulting module path: C:\WINDOWS\system32\combase.dll Report Id: c9284033-24c1-45bd-96c1-7450957357d0 Faulting package full name: microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe Faulting package-relative application ID: microsoft.windowslive.mail Error: (06/10/2017 09:42:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HBSKNLC) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147023441 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/10/2017 09:42:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HxTsr.exe, version: 16.0.8008.4200, time stamp: 0x58c07c42 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000012d Fault offset: 0x00000000 Faulting process id: 0x2208 Faulting application start time: 0x01d2e1ef636455ef Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxTsr.exe Faulting module path: unknown Report Id: 0f118244-e352-4d14-b3bf-361acbb0c870 Faulting package full name: microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (06/10/2017 09:26:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x01f6d0d3 Faulting process id: 0x18e8 Faulting application start time: 0x01d2e1ed1b328ce2 Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe Faulting module path: unknown Report Id: 095582a4-3495-42f6-a085-a40d375a3ed1 Faulting package full name: Faulting package-relative application ID: Error: (06/10/2017 09:25:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x01e5d0d3 Faulting process id: 0x1930 Faulting application start time: 0x01d2e1ed0e7f7d5e Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe Faulting module path: unknown Report Id: 0f5c1104-03e2-4a42-a87c-a5cbddeccbf5 Faulting package full name: Faulting package-relative application ID: Error: (06/10/2017 09:25:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x01e1d0d3 Faulting process id: 0x1c8c Faulting application start time: 0x01d2e1ed030ea59a Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe Faulting module path: unknown Report Id: 7ab7cdf6-5b68-42ae-bd2c-f4fc6839be94 Faulting package full name: Faulting package-relative application ID: Error: (06/10/2017 09:25:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x006ad0d3 Faulting process id: 0x1640 Faulting application start time: 0x01d2e1ecf2ddf84f Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe Faulting module path: unknown Report Id: 4570bdc2-5945-4a31-8cff-b6a1b02f39b4 Faulting package full name: Faulting package-relative application ID: Error: (06/10/2017 09:24:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x0238d0d3 Faulting process id: 0x17b0 Faulting application start time: 0x01d2e1ecea4a1759 Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe Faulting module path: unknown Report Id: ea9217b5-973d-4355-b74f-9144434e7ef6 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (06/10/2017 09:42:38 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HBSKNLC) Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error: "1455" Happened while starting this command: "C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider Error: (06/10/2017 09:42:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Error Reporting Service service terminated with the following error: The paging file is too small for this operation to complete. Error: (06/10/2017 09:30:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HBSKNLC) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-HBSKNLC\Asriel SID (S-1-5-21-1420558640-2585559921-1678375398-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool. Error: (06/10/2017 09:30:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HBSKNLC) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-HBSKNLC\Asriel SID (S-1-5-21-1420558640-2585559921-1678375398-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool. Error: (06/10/2017 09:27:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The 3a6505d76c4845ab634ee923daa42779 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/10/2017 09:27:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the 3a6505d76c4845ab634ee923daa42779 service to connect. Error: (06/10/2017 09:26:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (06/10/2017 09:25:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (06/10/2017 09:25:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (06/10/2017 09:25:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2017-05-27 18:57:58.025 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-25 00:40:17.782 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-16 12:54:02.446 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-10 03:40:05.748 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-04-19 15:17:56.571 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\getme\AppData\Local\Temp\CrucialSMBusScan_V32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-19 13:38:57.269 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-04-19 11:38:33.371 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-04-19 00:43:24.992 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-17 11:17:28.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-16 15:41:21.707 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz Percentage of memory in use: 87% Total physical RAM: 1991.14 MB Available physical RAM: 255.64 MB Total Virtual: 3603.11 MB Available Virtual: 306.43 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:28.46 GB) (Free:0.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 29.1 GB) (Disk ID: E8CDE996) Partition: GPT. ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.