Jump to content

Persistent Virus Hiding in Hidden Directory -rmdir Access Denied


Recommended Posts

Hello, 

Downloaded something from github, and appears to have a virus (I was drunk, don't nag me). It's pretty persistent, and didn't get picked up by Malwarebytes. 

I've managed to find the location of the file and program, but fail to delete it permanently. The directory is 100% accessible, but invisible and looks empty.If you right click it, it'll show it has 1 file at 900kb's. 

rmdir gives me "Access Denied." 
I've set search options to "Show hidden files and folders", yet it still fails to show. 
I've changed permissions. 

Any help is appreciated. I want to get this off my machine asap.

 

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-03-2017
Ran by George (administrator) on GEORGE-PC (04-03-2017 14:02:04)
Running from C:\Users\George\Downloads
Loaded Profiles: George (Available Profiles: George)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(FileZilla Project) C:\xampp\FileZillaFTP\FileZillaServer.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
() C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\vpnsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
(The Wireshark developer community, hxxp://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHostx64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\ScriptedSandbox64.exe
(The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NbPUrC Inc) C:\Program Files (x86)\Client\GoogleWebUpdater.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\RunOnce: [GoogleWebUpdater] => cmd /c "start "GoogleWebUpdater" "C:\Program Files (x86)\Client\GoogleWebUpdater.exe"
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\system32\GoogleWebUpdaters.exe" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-09-29] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0AB9BFD7-37B8-4619-987F-5419D8C73919}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0AB9BFD7-37B8-4619-987F-5419D8C73919}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4D836AAB-23DF-4B8E-906F-6CB99834E832}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-01] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
IE Session Restore: HKU\S-1-5-21-4232678915-1373507776-2741593813-1000 -> is enabled.

FireFox:
========
FF DefaultProfile: e9dqe9zy.default
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\e9dqe9zy.default [2017-02-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-19] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_101\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-29]
CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-29]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-29]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-02-12]
CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-29]
CHR Extension: (Steam Inventory Helper) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-02-22]
CHR Extension: (Websecurify) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\emclbdbpcnhmopfkidjhlinikkohlkpn [2017-02-24]
CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-29]
CHR Extension: (GAuth Authenticator) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcnhelpchnceeipipijaljkblbcobl [2017-01-30]
CHR Extension: (SteamWizard) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\kojolejmgolbhakghocbgjemjgbmcjig [2017-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-29]
CHR Extension: (Chrome Media Router) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [23040 2016-12-20] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-12] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-19] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-26] (EasyAntiCheat Ltd)
R2 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\vpnsvc.exe [221392 2017-02-01] (eVenture Limited)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [11755976 2017-01-17] ()
S3 OpenVpnService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-24] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [70272 2017-01-30] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [70272 2017-01-30] (The OpenVPN Project)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-02-15] (Copyright (c) 2017 Plays.tv, LLC)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197776 2016-12-13] (Sandboxie Holdings, LLC)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53240 2016-12-06] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-10-01] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-25] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [205968 2016-12-13] (Sandboxie Holdings, LLC)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 14:02 - 2017-03-04 14:02 - 00019910 _____ C:\Users\George\Downloads\FRST.txt
2017-03-04 14:01 - 2017-03-04 14:02 - 00000000 ____D C:\FRST
2017-03-04 14:01 - 2017-03-04 14:01 - 02423296 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2017-03-04 14:01 - 2017-03-04 14:01 - 01765376 _____ (Farbar) C:\Users\George\Downloads\FRST.exe
2017-03-04 13:51 - 2017-03-04 13:51 - 00000000 ____D C:\Users\George\AppData\LocalLow\Temp
2017-03-04 13:42 - 2017-03-04 13:42 - 00017028 _____ C:\Users\George\Downloads\autorunexterminator-1.8.zip
2017-03-04 13:23 - 2017-03-04 13:23 - 00000000 ____D C:\Program Files (x86)\New folder
2017-03-04 13:06 - 2017-03-04 13:06 - 04031440 _____ C:\Users\George\Downloads\adwcleaner_6.044.exe
2017-03-04 13:06 - 2017-03-04 13:06 - 04031440 _____ C:\Users\George\Downloads\adwcleaner_6.044 (1).exe
2017-03-04 13:02 - 2017-03-04 13:19 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-04 13:02 - 2017-03-04 13:19 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-04 13:02 - 2017-03-04 13:19 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-04 13:02 - 2017-03-04 13:19 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-04 13:02 - 2017-03-04 13:03 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-04 13:02 - 2017-03-04 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-04 13:02 - 2017-03-04 13:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-04 13:02 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-04 13:00 - 2017-03-04 13:00 - 57131432 _____ (Malwarebytes ) C:\Users\George\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-03 21:54 - 2017-03-03 22:40 - 01011712 __RSH (NbPUrC Inc) C:\Windows\SysWOW64\GoogleWebUpdaters.exe
2017-03-03 21:54 - 2016-02-18 18:33 - 00000505 _____ C:\Windows\SysWOW64\GoogleWebUpdaters.exe.config
2017-03-03 21:51 - 2017-03-04 12:53 - 00000000 _RSHD C:\Program Files (x86)\Client
2017-03-03 21:51 - 2017-03-03 21:51 - 00003574 _____ C:\Windows\System32\Tasks\GoogleWebUpdater
2017-03-03 21:51 - 2017-03-03 21:51 - 00000000 _RSHD C:\Users\George\AppData\Roaming\Monitor
2017-03-03 21:50 - 2017-03-04 07:52 - 00000779 _____ C:\Users\George\canSendCoins.php
2017-03-03 21:49 - 2017-03-03 21:49 - 17019560 _____ C:\Users\George\Downloads\CSGORAKE.rar
2017-03-03 12:02 - 2017-03-03 12:02 - 00000000 ____D C:\Users\George\AppData\Local\HackRUN
2017-03-03 11:47 - 2017-03-03 11:47 - 23168110 _____ C:\Users\George\Downloads\ruletka.zip
2017-03-03 10:34 - 2017-03-03 10:35 - 95131307 _____ C:\Users\George\Downloads\backup.rar
2017-03-03 09:10 - 2017-03-03 09:10 - 00000000 ____D C:\Users\George\AppData\Local\hack_me
2017-03-03 08:55 - 2017-03-03 08:55 - 24574229 _____ C:\Users\George\Downloads\exchange_script (1).zip
2017-03-03 08:35 - 2017-03-03 08:35 - 00000000 ____D C:\Users\George\AppData\Local\NuGet
2017-03-03 08:35 - 2017-03-03 08:35 - 00000000 ____D C:\Users\George\.nuget
2017-03-03 08:33 - 2017-03-03 08:33 - 03102030 _____ C:\Users\George\Downloads\NuGet.Tools (1).vsix
2017-03-03 08:28 - 2017-03-03 08:28 - 00000000 ____D C:\Users\George\.dnx
2017-03-02 21:12 - 2017-03-02 21:12 - 10097436 _____ C:\Users\George\Downloads\CSGOWIX (legal remake).zip
2017-03-02 21:09 - 2017-03-02 21:09 - 00005232 _____ C:\Users\George\Downloads\csgofit.org_trader_--_installation.txt
2017-03-02 21:05 - 2017-03-02 21:05 - 23340329 _____ C:\Users\George\Downloads\CSGOFIT.ORG - LIKE CSGOSELL.rar
2017-03-02 19:54 - 2017-03-02 19:54 - 00610729 _____ C:\Users\George\Downloads\fidget-star-by-mathgrrl.zip
2017-03-02 19:52 - 2017-03-02 19:52 - 01632579 _____ C:\Users\George\Downloads\print-in-place-fidget-cube-by-mathgrrl.zip
2017-03-02 18:26 - 2017-03-02 20:44 - 00000920 _____ C:\Users\George\default
2017-03-02 18:20 - 2017-03-02 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2017-03-02 18:18 - 2017-03-02 20:59 - 00000000 ____D C:\xampp
2017-03-02 18:17 - 2017-03-02 18:18 - 114827840 _____ (Bitnami) C:\Users\George\Downloads\xampp-win32-5.6.30-0-VC11-installer.exe
2017-03-02 17:40 - 2017-03-02 17:42 - 06971584 _____ (Tim Kosse) C:\Users\George\Downloads\FileZilla_3.24.1_win64-setup.exe
2017-03-02 17:35 - 2017-03-02 17:35 - 24574229 _____ C:\Users\George\Downloads\exchange_script.zip
2017-03-02 15:56 - 2017-03-02 15:56 - 00000978 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-03-02 15:56 - 2017-03-02 15:56 - 00000970 _____ C:\Users\George\Desktop\join.me.lnk
2017-03-02 15:39 - 2017-03-02 15:56 - 00000000 ____D C:\Users\George\AppData\Local\join.me
2017-02-28 21:51 - 2017-02-28 21:51 - 02006713 _____ C:\Users\George\Downloads\DE_Chicken.pdf
2017-02-28 16:33 - 2017-02-28 16:33 - 00001068 _____ C:\Users\George\Desktop\Purifier.lnk
2017-02-28 16:33 - 2017-02-28 16:33 - 00001054 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Purifier.lnk
2017-02-28 16:33 - 2017-02-28 16:33 - 00000000 ____D C:\Users\George\AppData\Roaming\Daftcode
2017-02-28 16:33 - 2017-02-28 16:33 - 00000000 ____D C:\Users\George\AppData\Local\IsolatedStorage
2017-02-28 16:33 - 2017-02-28 16:33 - 00000000 ____D C:\Users\George\AppData\Local\Daftcode
2017-02-28 16:32 - 2017-02-28 16:32 - 02173048 _____ (Daftcode) C:\Users\George\Downloads\Purifier.exe
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 13:11 - 2017-02-27 13:11 - 00507051 _____ C:\Users\George\Downloads\SmartSource_Coupon_February27.fdf
2017-02-27 11:53 - 2017-02-27 11:53 - 00000000 ____D C:\Users\George\Documents\My SugarSync
2017-02-27 11:52 - 2017-02-27 11:53 - 00000000 ____D C:\Users\George\AppData\Local\SugarSync
2017-02-27 11:52 - 2017-02-27 11:52 - 15440616 _____ (SugarSync, Inc.) C:\Users\George\Downloads\SugarSyncSetup.exe
2017-02-27 11:52 - 2017-02-27 11:52 - 00001917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk
2017-02-27 11:52 - 2017-02-27 11:52 - 00001905 _____ C:\Users\Public\Desktop\SugarSync.lnk
2017-02-27 11:52 - 2017-02-27 11:52 - 00000000 ____D C:\Users\George\Documents\SugarSync Shared Folders
2017-02-27 11:52 - 2017-02-27 11:52 - 00000000 ____D C:\Program Files (x86)\SugarSync
2017-02-26 15:17 - 2017-02-26 15:32 - 1174483160 _____ C:\Users\George\Downloads\NOOBS_v2_1_0.zip
2017-02-25 21:57 - 2017-02-25 21:58 - 22217739 _____ C:\Users\George\Downloads\NvwaStone_1.1.ipa
2017-02-25 10:21 - 2017-03-03 08:31 - 00000000 ____D C:\Users\George\Documents\Visual Studio 2015
2017-02-25 10:12 - 2017-02-25 10:12 - 00000000 ____D C:\Program Files (x86)\AppInsights
2017-02-25 10:07 - 2017-02-25 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-02-25 10:01 - 2017-02-25 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-25 10:01 - 2017-02-25 10:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-25 10:00 - 2017-02-25 10:00 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-02-25 09:59 - 2017-02-25 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-02-25 09:59 - 2017-02-25 09:59 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2017-02-25 09:59 - 2017-02-25 09:59 - 00000000 ____D C:\Program Files (x86)\ShellDir
2017-02-25 09:58 - 2017-02-25 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-02-25 09:57 - 2017-02-25 09:57 - 00000000 ____D C:\ProgramData\Microsoft DNX
2017-02-25 09:57 - 2017-02-25 09:57 - 00000000 ____D C:\Program Files\Microsoft DNX
2017-02-25 09:56 - 2017-02-25 09:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-02-25 09:54 - 2017-02-25 09:54 - 00000000 ____D C:\Program Files\IIS Express
2017-02-25 09:54 - 2017-02-25 09:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2017-02-25 09:54 - 2017-02-25 09:54 - 00000000 ____D C:\Program Files (x86)\IIS Express
2017-02-25 09:53 - 2017-02-25 09:53 - 00000000 ____D C:\ProgramData\NuGet
2017-02-25 09:53 - 2017-02-25 09:53 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-02-25 09:53 - 2017-02-25 09:53 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2017-02-25 09:52 - 2017-02-25 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2017-02-25 09:52 - 2017-02-25 09:52 - 00000000 ____D C:\Program Files\IIS
2017-02-25 09:52 - 2017-02-25 09:52 - 00000000 ____D C:\Program Files (x86)\IIS
2017-02-25 09:51 - 2017-02-25 09:51 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2017-02-25 09:50 - 2017-02-25 10:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-02-25 09:50 - 2017-02-25 09:50 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2017-02-25 09:45 - 2017-02-25 09:45 - 00000000 ____D C:\Windows\symbols
2017-02-25 09:45 - 2017-02-25 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2017-02-25 09:45 - 2017-02-25 09:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2017-02-25 09:44 - 2017-02-25 10:08 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-02-25 09:44 - 2017-02-25 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-02-25 09:44 - 2017-02-25 09:49 - 00000000 ____D C:\Windows\SysWOW64\1033
2017-02-25 09:44 - 2017-02-25 09:44 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2017-02-25 09:41 - 2017-02-25 10:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-02-25 09:41 - 2017-02-25 09:44 - 00000000 ____D C:\Windows\system32\1033
2017-02-25 09:37 - 2017-02-25 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-02-25 09:37 - 2017-02-25 09:59 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-02-25 09:32 - 2017-02-25 09:32 - 00213904 _____ (Microsoft Corporation) C:\Users\George\Downloads\vs_community_ENU__353389767.1487907481 (1).exe
2017-02-23 21:34 - 2017-02-23 21:35 - 00000000 ____D C:\Users\George\AppData\Roaming\iFunbox_UserCache
2017-02-23 21:34 - 2017-02-23 21:34 - 22815584 _____ (iFunbox DevTeam ) C:\Users\George\Downloads\ifunbox_setup.exe
2017-02-23 21:34 - 2017-02-23 21:34 - 13795090 _____ C:\Users\George\Downloads\Impactor_0.9.38.zip
2017-02-23 21:34 - 2017-02-23 21:34 - 01167340 _____ C:\Users\George\Downloads\Cydia Fix.zip
2017-02-23 21:34 - 2017-02-23 21:34 - 00001060 _____ C:\Users\Public\Desktop\iFunbox.lnk
2017-02-23 21:34 - 2017-02-23 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2017-02-23 21:34 - 2017-02-23 21:34 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2017-02-23 21:17 - 2017-02-25 21:55 - 00000000 ____D C:\Users\George\Documents\ihelper
2017-02-23 21:17 - 2017-02-23 21:18 - 00000000 ____D C:\Users\George\AppData\Roaming\Apple Computer
2017-02-23 21:17 - 2017-02-23 21:17 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\Users\George\AppData\Local\Apple Computer
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\Program Files\iTunes
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\Program Files\iPod
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2017-02-23 21:15 - 2017-02-23 21:15 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-02-23 21:15 - 2017-02-23 21:15 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-02-23 21:15 - 2017-02-23 21:15 - 00000000 ____D C:\Users\George\AppData\Local\Apple
2017-02-23 21:15 - 2017-02-23 21:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-02-23 21:14 - 2017-02-23 21:17 - 00000000 ____D C:\ProgramData\Apple
2017-02-23 21:14 - 2017-02-23 21:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-23 21:14 - 2017-02-23 21:14 - 00000000 ____D C:\Program Files\Bonjour
2017-02-23 21:14 - 2017-02-23 21:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-02-23 21:11 - 2017-02-23 21:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-02-23 21:09 - 2017-02-25 21:55 - 00000000 ____D C:\Program Files (x86)\PP助手5.0
2017-02-23 21:09 - 2017-02-23 21:09 - 00001108 _____ C:\Users\Public\Desktop\PP助手5.0.lnk
2017-02-23 21:09 - 2017-02-23 21:09 - 00000000 ____D C:\Users\George\Documents\teiron
2017-02-23 21:09 - 2017-02-23 21:09 - 00000000 ____D C:\Users\George\AppData\Roaming\Teiron
2017-02-23 21:09 - 2017-02-23 21:09 - 00000000 ____D C:\Users\George\AppData\Roaming\ahelper
2017-02-23 21:09 - 2017-02-23 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP助手5.0
2017-02-23 21:01 - 2017-02-23 21:07 - 62453272 _____ (广州爱禾网络技术有限公司) C:\Users\George\Downloads\pphelper_5.0.3.1236_25pp_00121_Setup.exe
2017-02-23 19:58 - 2017-02-23 19:58 - 03102030 _____ C:\Users\George\Downloads\NuGet.Tools.vsix
2017-02-23 19:58 - 2017-02-23 19:58 - 00000000 ____D C:\Users\George\Documents\Projects
2017-02-23 19:58 - 2017-02-23 19:58 - 00000000 ____D C:\Users\George\AppData\Roaming\Subversion
2017-02-23 19:57 - 2017-02-23 19:57 - 00147807 _____ C:\Users\George\Downloads\SteamBot-master (1).zip
2017-02-23 19:57 - 2017-02-23 19:57 - 00147807 _____ C:\Users\George\Desktop\SteamBot-master.zip
2017-02-23 19:54 - 2017-02-23 21:36 - 00000000 ____D C:\Users\George\.android
2017-02-23 19:54 - 2017-02-23 19:58 - 00000000 ____D C:\Users\George\AppData\Roaming\NuGet
2017-02-23 19:54 - 2017-02-23 19:54 - 00000000 ____D C:\Users\George\AppData\Roaming\xbuild
2017-02-23 19:54 - 2017-02-23 19:54 - 00000000 ____D C:\Users\George\AppData\Roaming\XamarinStudio-6.0
2017-02-23 19:54 - 2017-02-23 19:54 - 00000000 ____D C:\Users\George\AppData\Roaming\stetic
2017-02-23 19:54 - 2017-02-23 19:54 - 00000000 ____D C:\Users\George\AppData\Local\XamarinStudio-6.0
2017-02-23 19:54 - 2017-02-23 19:54 - 00000000 ____D C:\Users\George\AppData\Local\Xamarin
2017-02-23 19:53 - 2017-02-23 19:53 - 25931776 _____ C:\Users\George\Downloads\gtk-sharp-2.12.42 (1).msi
2017-02-23 19:53 - 2017-02-23 19:53 - 00002951 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xamarin Studio.lnk
2017-02-23 19:53 - 2017-02-23 19:53 - 00000000 ____D C:\Program Files (x86)\Xamarin Studio
2017-02-23 19:53 - 2017-02-23 19:53 - 00000000 ____D C:\Program Files (x86)\MonoDevelop
2017-02-23 19:49 - 2017-02-23 19:49 - 25644816 _____ (Microsoft Corporation) C:\Users\George\Downloads\BuildTools_Full (1).exe
2017-02-23 19:49 - 2017-02-23 19:49 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-02-23 19:47 - 2017-02-25 09:33 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-23 19:46 - 2017-02-23 19:47 - 18441488 _____ (Microsoft Corporation) C:\Users\George\Downloads\BuildTools_Full.exe
2017-02-23 19:45 - 2017-02-23 19:45 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2017-02-23 19:43 - 2017-02-23 19:44 - 25931776 _____ C:\Users\George\Downloads\gtk-sharp-2.12.42.msi
2017-02-23 19:42 - 2017-02-23 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mono
2017-02-23 19:42 - 2017-02-23 19:42 - 00000000 ____D C:\Program Files (x86)\Mono
2017-02-23 19:41 - 2017-02-23 19:42 - 135454720 _____ C:\Users\George\Downloads\mono-4.8.0.495-gtksharp-2.12.42-win32-0.msi
2017-02-23 19:39 - 2017-02-23 19:40 - 105279488 _____ C:\Users\George\Downloads\XamarinStudio-6.1.2.44.msi
2017-02-23 19:38 - 2017-02-23 19:38 - 00213904 _____ (Microsoft Corporation) C:\Users\George\Downloads\vs_community_ENU__353389767.1487907481.exe
2017-02-23 19:38 - 2017-02-23 19:38 - 00003192 _____ C:\Windows\System32\Tasks\{C9E653CB-8014-43DC-9F73-70847D1B472C}
2017-02-23 19:31 - 2017-02-23 19:31 - 00147807 _____ C:\Users\George\Downloads\SteamBot-master.zip
2017-02-22 22:11 - 2017-02-22 22:11 - 00000080 _____ C:\Users\George\Desktop\burstnation.txt
2017-02-22 14:30 - 2017-02-22 14:30 - 00306851 _____ C:\Users\George\Downloads\Bitcoin Nation PDF.pdf
2017-02-21 15:54 - 2017-02-21 15:54 - 00000094 _____ C:\Users\George\Desktop\database search.txt
2017-02-21 15:50 - 2017-02-21 15:50 - 00558249 _____ C:\Users\George\Downloads\200in24hours.pdf
2017-02-21 15:39 - 2017-02-21 15:40 - 43928237 _____ C:\Users\George\Downloads\JACKPOTWEBSITE.rar
2017-02-21 15:39 - 2017-02-21 15:39 - 05299994 _____ C:\Users\George\Downloads\JACKPOTBOT.rar
2017-02-21 10:49 - 2017-02-21 10:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 10:49 - 2017-02-21 10:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-21 10:00 - 2017-02-21 10:01 - 21150206 _____ C:\Users\George\Downloads\metin2priv.zip
2017-02-20 20:43 - 2017-02-20 20:45 - 00000022 _____ C:\Users\George\Desktop\revocation.txt
2017-02-20 20:39 - 2017-02-20 20:48 - 00000000 ____D C:\Users\George\Desktop\SDA
2017-02-20 20:38 - 2017-02-20 20:39 - 42271001 _____ C:\Users\George\Downloads\SDA1.0.7.2.zip
2017-02-20 19:21 - 2017-02-20 19:21 - 30006020 _____ C:\Users\George\Downloads\jackpot script.rar
2017-02-20 17:37 - 2017-02-20 17:37 - 00625146 _____ C:\Users\George\Downloads\csgojackpot.zip
2017-02-20 17:36 - 2017-02-20 17:36 - 03938460 _____ C:\Users\George\Downloads\bot.rar
2017-02-20 15:30 - 2017-02-20 15:30 - 00014736 _____ C:\Users\George\Downloads\php-steam-openid-master.zip
2017-02-19 22:26 - 2017-02-19 22:26 - 00019374 _____ C:\Users\George\Downloads\SteamAuthentication-master.zip
2017-02-19 21:45 - 2017-02-19 21:45 - 13975772 _____ C:\Users\George\Downloads\Methods.zip
2017-02-19 21:44 - 2017-02-19 21:44 - 00012155 _____ C:\Users\George\Downloads\Autopilot method.pdf
2017-02-19 15:41 - 2017-02-27 09:48 - 00000000 ___RD C:\Users\George\Dropbox
2017-02-19 15:41 - 2017-02-19 15:41 - 00001230 _____ C:\Users\George\Desktop\Dropbox.lnk
2017-02-19 15:37 - 2017-03-04 13:42 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-19 15:37 - 2017-03-04 13:18 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-19 15:37 - 2017-02-27 17:45 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-19 15:37 - 2017-02-19 15:46 - 00000000 ____D C:\Users\George\AppData\Local\Dropbox
2017-02-19 15:37 - 2017-02-19 15:37 - 00003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-19 15:37 - 2017-02-19 15:37 - 00003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-19 15:37 - 2017-02-19 15:37 - 00000000 ____D C:\Users\George\AppData\Roaming\Dropbox
2017-02-19 15:37 - 2017-02-19 15:37 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-19 15:36 - 2017-02-19 15:36 - 00690080 _____ (Dropbox, Inc.) C:\Users\George\Downloads\DropboxInstaller.exe
2017-02-19 15:28 - 2017-02-19 15:28 - 00051674 _____ C:\Users\George\Downloads\FREE Domain + Webhosting -Lifetime- Trick.pdf
2017-02-18 15:21 - 2017-02-18 15:22 - 25576515 _____ C:\Users\George\Downloads\Unconfirmed 814952.crdownload
2017-02-18 14:18 - 2017-02-18 14:18 - 01214402 _____ C:\Users\George\csgo.sql
2017-02-18 14:17 - 2017-03-03 21:50 - 00000000 ____D C:\Users\George\Desktop\csgo
2017-02-18 14:17 - 2017-02-18 14:18 - 07334539 _____ C:\Users\George\Downloads\tradesite-v1.1.zip
2017-02-16 21:00 - 2017-02-16 21:00 - 00000974 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2017-02-16 21:00 - 2017-02-16 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-02-16 20:45 - 2017-02-16 21:20 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-16 20:45 - 2017-02-16 20:45 - 00000000 ____D C:\Users\George\Documents\Heroes of the Storm
2017-02-16 12:31 - 2017-02-16 12:31 - 15876259 _____ C:\Users\George\Downloads\6.1.15373.rar
2017-02-16 10:01 - 2017-02-16 10:01 - 09037583 _____ C:\Users\George\Downloads\csgodouble.rar
2017-02-16 10:01 - 2016-05-03 06:13 - 00000000 ____D C:\Users\George\Desktop\CSGODOUBLE
2017-02-15 13:54 - 2017-02-15 13:59 - 00000000 ____D C:\Users\George\Desktop\0day
2017-02-15 13:41 - 2017-02-21 15:41 - 00000131 _____ C:\Users\George\Desktop\Minecraft.txt
2017-02-15 09:59 - 2017-02-15 09:59 - 00477784 _____ C:\Users\George\Downloads\TRI_SPINNER_V2_-_Ready_to_Print.stl
2017-02-13 14:10 - 2017-02-13 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashForge
2017-02-13 14:10 - 2017-02-13 14:10 - 00000000 ____D C:\Program Files\FlashForge
2017-02-13 14:09 - 2015-11-02 16:25 - 00032984 _____ C:\Users\George\Desktop\yoda.stl
2017-02-13 14:08 - 2017-02-13 14:09 - 33552992 _____ C:\Users\George\Downloads\FlashPrint_3.14.0_win64.zip
2017-02-13 14:08 - 2017-02-13 14:08 - 00014455 _____ C:\Users\George\Downloads\low-poly-yoda-by-steven_dakh.zip
2017-02-11 17:44 - 2017-02-11 17:44 - 03261864 _____ (The Nielsen Company) C:\Users\George\Downloads\netsight_setup_7.3.0.8026_mp_production_mid60849166510.exe
2017-02-11 17:44 - 2017-02-11 17:44 - 03261864 _____ (The Nielsen Company) C:\Users\George\Downloads\netsight_setup_7.3.0.8026_mp_production_mid60849166510 (1).exe
2017-02-11 12:40 - 2017-02-11 12:40 - 00000000 ____D C:\Crash
2017-02-11 12:37 - 2017-02-11 12:40 - 00000000 ____D C:\Users\George\AppData\LocalLow\Daybreak Game Company
2017-02-11 12:37 - 2017-02-11 12:37 - 00000000 ____D C:\Users\George\AppData\Local\SCE
2017-02-11 12:37 - 2017-02-11 12:37 - 00000000 ____D C:\Users\George\AppData\Local\Daybreak Game Company
2017-02-10 20:21 - 2017-02-10 20:21 - 00000028 _____ C:\Users\George\Desktop\new 1.txt
2017-02-09 00:33 - 2017-02-09 00:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 00:33 - 2017-02-09 00:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-06 20:30 - 2017-02-06 20:30 - 00000265 _____ C:\Users\George\Downloads\Method Filpkart - By AlbanesoATN.txt
2017-02-06 20:08 - 2017-02-11 23:00 - 00000000 ____D C:\Users\George\AppData\Roaming\Hide.me
2017-02-06 20:08 - 2017-02-06 20:08 - 05954672 _____ (eVenture Limited ) C:\Users\George\Downloads\Hide.me-Setup-1.2.9.exe
2017-02-06 20:08 - 2017-02-06 20:08 - 00001029 _____ C:\Users\Public\Desktop\hide.me VPN.lnk
2017-02-06 20:08 - 2017-02-06 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2017-02-06 20:08 - 2017-02-06 20:08 - 00000000 ____D C:\Program Files (x86)\hide.me VPN
2017-02-06 15:24 - 2017-02-06 15:24 - 02309164 _____ C:\Users\George\Downloads\cgminer-3-1-1-zeus-x6-windows.zip
2017-02-06 14:34 - 2017-02-06 14:35 - 24709664 _____ (TunnelBear) C:\Users\George\Desktop\TunnelBear-Installer.exe
2017-02-06 12:33 - 2017-02-06 12:33 - 12290974 _____ (ImageWriter Developers ) C:\Users\George\Downloads\Win32DiskImager-0.9.5-install.exe
2017-02-06 12:33 - 2017-02-06 12:33 - 00001067 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-02-06 12:33 - 2017-02-06 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-02-06 12:33 - 2017-02-06 12:33 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-02-06 12:33 - 2014-10-07 10:07 - 843055104 _____ C:\Users\George\Desktop\10-7-14.img
2017-02-06 11:51 - 2017-02-06 12:01 - 1726626032 _____ C:\Users\George\Downloads\10-7-14.img.gz
2017-02-06 11:50 - 2014-12-04 14:08 - 00000000 ____D C:\Users\George\Desktop\ZoomHash-Pi-Software-master
2017-02-06 11:49 - 2017-02-06 11:49 - 15152653 _____ C:\Users\George\Downloads\ZoomHash-Pi-Software-master.zip
2017-02-06 11:32 - 2017-02-06 11:36 - 00000000 ____D C:\Users\George\Desktop\CameraPhotos
2017-02-03 15:15 - 2017-02-03 15:16 - 155775815 _____ C:\Users\George\Downloads\SuperSwag Bot.zip
2017-02-03 08:53 - 2017-02-20 16:06 - 00000952 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2017-02-03 08:53 - 2017-02-03 08:53 - 00000000 ____D C:\Users\George\OpenVPN
2017-02-03 08:52 - 2017-02-03 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-02-03 08:52 - 2017-02-03 08:53 - 00000000 ____D C:\Program Files\TAP-Windows
2017-02-03 08:52 - 2017-02-03 08:53 - 00000000 ____D C:\Program Files\OpenVPN
2017-02-03 08:52 - 2017-02-03 08:52 - 03379880 _____ C:\Users\George\Downloads\openvpn-install-2.4.0-I602.exe
2017-02-03 08:52 - 2017-02-03 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-02-02 14:34 - 2017-02-02 14:34 - 00691525 _____ C:\Users\George\Downloads\HTGHWD.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 14:01 - 2016-11-02 11:58 - 00000000 ____D C:\Users\George\AppData\Local\CrashDumps
2017-03-04 13:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-04 13:46 - 2016-09-29 21:29 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-04 13:27 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-04 13:27 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-04 13:23 - 2009-07-13 21:13 - 00815606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-04 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-04 13:22 - 2009-07-13 20:54 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2017-03-04 13:22 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-04 13:19 - 2017-01-24 14:09 - 00000000 ____D C:\Users\George\AppData\Roaming\PlaysTV
2017-03-04 13:19 - 2016-11-02 15:22 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-04 13:19 - 2016-10-03 08:39 - 00000000 ____D C:\Users\George\AppData\Local\Spotify
2017-03-04 13:18 - 2016-11-11 19:06 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-03-04 13:18 - 2016-09-29 20:17 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-04 13:18 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-04 13:17 - 2016-11-05 18:29 - 00000000 ____D C:\AdwCleaner
2017-03-04 13:02 - 2016-11-02 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-04 12:57 - 2017-01-22 09:28 - 00001786 _____ C:\Windows\Sandboxie.ini
2017-03-04 12:50 - 2016-11-11 12:20 - 00000000 ____D C:\Users\George\AppData\Roaming\Skype
2017-03-04 08:06 - 2016-10-20 13:57 - 00000600 _____ C:\Users\George\AppData\Local\PUTTY.RND
2017-03-04 08:06 - 2016-10-20 13:54 - 00000000 ____D C:\Users\George\AppData\Roaming\FileZilla
2017-03-04 07:52 - 2016-09-29 18:34 - 00000000 ____D C:\Users\George
2017-03-04 07:27 - 2016-10-03 08:37 - 00000000 ____D C:\Users\George\AppData\Roaming\Spotify
2017-03-03 21:52 - 2016-10-20 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-03-03 21:52 - 2016-10-20 13:54 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-03-02 20:59 - 2016-10-10 09:27 - 00000000 ____D C:\Users\George\.FlashPrint
2017-03-02 19:55 - 2016-10-10 09:27 - 00000000 ____D C:\Users\George\Documents\FlashPrint
2017-02-25 20:26 - 2017-01-19 21:11 - 00000000 ____D C:\ProgramData\McAfee
2017-02-25 12:22 - 2017-01-19 21:22 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-25 12:21 - 2017-01-19 21:11 - 00000000 ____D C:\Program Files\TrueKey
2017-02-25 12:21 - 2017-01-19 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-25 10:38 - 2017-01-19 21:22 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-02-25 10:18 - 2016-09-29 20:16 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-25 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-25 09:45 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-25 09:36 - 2016-10-14 12:48 - 00807728 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-23 19:32 - 2016-12-03 18:49 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-02-23 19:32 - 2016-12-03 16:48 - 00000000 ____D C:\Program Files\Rockstar Games
2017-02-20 19:11 - 2016-10-18 19:19 - 00000000 ____D C:\Users\George\.VirtualBox
2017-02-20 16:16 - 2017-01-06 19:10 - 00000000 ____D C:\Users\George\AppData\Local\Battle.net
2017-02-20 16:07 - 2017-01-06 19:11 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-02-20 16:06 - 2017-01-22 09:28 - 00001002 _____ C:\Users\George\Desktop\Sandboxed Web Browser.lnk
2017-02-20 16:06 - 2017-01-20 08:21 - 00001220 _____ C:\Users\Public\Desktop\True Key.lnk
2017-02-20 16:06 - 2017-01-06 19:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-18 22:10 - 2017-01-19 21:09 - 00000000 ____D C:\Users\George\AppData\LocalLow\Mozilla
2017-02-18 21:30 - 2017-01-06 20:08 - 00001391 _____ C:\Users\George\Desktop\nativelog.txt
2017-02-18 21:27 - 2016-10-26 12:22 - 00000000 ____D C:\Users\George\AppData\Roaming\.minecraft
2017-02-16 10:04 - 2016-11-11 12:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-16 10:04 - 2016-11-11 12:20 - 00000000 ____D C:\ProgramData\Skype
2017-02-16 09:02 - 2017-01-01 16:10 - 00000000 ____D C:\Users\George\AppData\Roaming\Curse Client
2017-02-15 13:44 - 2016-10-26 12:21 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-02-13 19:21 - 2016-10-12 18:21 - 00003414 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-02-13 19:21 - 2016-10-12 18:21 - 00003288 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-02-13 19:21 - 2016-10-12 18:21 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-02-13 14:10 - 2016-10-09 13:21 - 00000000 ____D C:\Program Files\DIFX
2017-02-13 14:10 - 2016-10-09 13:20 - 00001064 _____ C:\Users\Public\Desktop\FlashPrint.lnk
2017-02-11 07:31 - 2016-11-23 10:08 - 00000000 ____D C:\Users\George\AppData\Local\Arma 3 Launcher
2017-02-10 20:31 - 2016-11-23 10:09 - 00000000 ____D C:\Users\George\AppData\Local\Arma 3
2017-02-07 10:27 - 2017-01-08 08:56 - 00000032 _____ C:\Windows\SysWOW64\Eu(12-20161212).OD
2017-02-07 08:36 - 2016-09-29 20:03 - 00002225 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 08:36 - 2016-09-29 20:03 - 00002213 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 06:30 - 2017-01-31 11:05 - 00000000 ____D C:\Users\George\AppData\Roaming\Ethereum Wallet
2017-02-05 11:39 - 2017-01-31 12:17 - 00000000 ____D C:\Users\George\AppData\Local\Ethash

==================== Files in the root of some directories =======

2016-10-20 13:57 - 2017-03-04 08:06 - 0000600 _____ () C:\Users\George\AppData\Local\PUTTY.RND
2017-01-31 12:18 - 2017-01-31 13:38 - 0007602 _____ () C:\Users\George\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\George\systemid.dat


Some files in TEMP:
====================
2016-10-20 09:26 - 2016-10-20 09:26 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\George\AppData\Local\Temp\libeay32.dll
2016-10-20 09:26 - 2016-10-20 09:26 - 0970912 _____ (Microsoft Corporation) C:\Users\George\AppData\Local\Temp\msvcr120.dll
2016-10-20 09:26 - 2016-10-20 09:26 - 0772672 _____ () C:\Users\George\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 10:10

==================== End of FRST.txt ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by George (04-03-2017 14:02:54)
Running from C:\Users\George\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-09-30 02:34:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4232678915-1373507776-2741593813-500 - Administrator - Disabled)
George (S-1-5-21-4232678915-1373507776-2741593813-1000 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-4232678915-1373507776-2741593813-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4232678915-1373507776-2741593813-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
A3Launcher version 0.1.4.5 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.4.5 - Maca134)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version:  - )
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
EaseUS Todo Backup Home 10.0 Trial (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 10.0 - CHENGDU YIWO Tech Development Co., Ltd)
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)
FlashPrint (HKLM\...\{E8F309F7-4E9C-4461-A1E8-F91D340F717F}) (Version: 3.14.0 - FlashForge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gtk# for .Net 2.12.42 (HKLM-x32\...\{25DE896C-5D6B-41FE-8C28-8BEB244BFBD5}) (Version: 2.12.42 - Xamarin, Inc.)
Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hack RUN (HKLM\...\Steam App 378110) (Version:  - i273 LLC)
hack_me (HKLM\...\Steam App 526740) (Version:  - Egor Magurin)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
hide.me VPN 1.2.9 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.9 - eVenture Limited)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iFunbox (v3.0.3939.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3939.1352 - iFunbox DevTeam)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
join.me (HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\...\JoinMe) (Version: 3.1.0.4367 - LogMeIn, Inc.)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.474.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Build Tools 2013 (HKLM-x32\...\{2bceccd3-6613-4596-b748-441a06847696}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mono for Windows (x86) (HKLM-x32\...\{4B3755F6-512F-491C-A0A5-19118F6B96AF}) (Version: 4.8.0 - Xamarin, Inc.)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenVPN 2.4.0-I602  (HKLM\...\OpenVPN) (Version: 2.4.0-I602 - OpenVPN Technologies, Inc.)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.19.0-r120634-release - Plays.tv, LLC)
PP助手5.0 (HKLM-x32\...\PP助手5.0) (Version: 5.0.3.1236 - 广州爱禾网络技术有限公司)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Purifier (HKLM-x32\...\{FAE22280-9E16-4EE6-A585-420D61556545}) (Version: 1.0.1.0 - Daftcode)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
Sandboxie 5.16 (64-bit) (HKLM\...\Sandboxie) (Version: 5.16 - Sandboxie Holdings, LLC)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SugarSync (HKLM-x32\...\SugarSync) (Version: 3.8.2.6.147467 - SugarSync, Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
TunnelBear (HKLM-x32\...\{434c0622-6083-418a-85f1-122060c7fe55}) (Version: 3.0.34.0 - TunnelBear)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Zhejang Flashforge 3D Technology Co., Ltd (WinUSB) 3D Printer  (08/08/2014 1.0.0.0) (HKLM\...\33188CDD9B663CAB1BDE9460364F75EE8D33336E) (Version: 08/08/2014 1.0.0.0 - Zhejang Flashforge 3D Technology Co., Ltd)
Windows Driver Package - Zhejang Flashforge 3D Technology Co., Ltd (WinUSB) 3D Printer  (08/08/2014 1.0.0.0) (HKLM\...\B699F0D8E151266ABC760BC28C47410967C0BD6F) (Version: 08/08/2014 1.0.0.0 - Zhejang Flashforge 3D Technology Co., Ltd)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xamarin Studio 6.1.2 (HKLM-x32\...\{5DC82148-73B0-4609-A094-CDD66CC76CBF}) (Version: 6.1.2.44 - Xamarin)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.30-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26C50F91-A0DB-4A05-B55A-7561FABE60BF} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {4AD6EF59-973E-4DED-A079-1632053192C6} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {649279F0-9846-4B37-B84C-E307ADAE2837} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-29] (Google Inc.)
Task: {669A8C0E-198C-4F36-B2E9-E8953874D0E7} - System32\Tasks\{C9E653CB-8014-43DC-9F73-70847D1B472C} => pcalua.exe -a C:\Users\George\Downloads\vs_community_ENU__353389767.1487907481.exe -d C:\Users\George\Downloads
Task: {753E4E37-01AF-44D1-8C9C-469029D6BFE2} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {9C4B44F1-C7F9-4EF4-92A6-8BB9DBAD8720} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-19] (Dropbox, Inc.)
Task: {B1BABD72-19CD-4B35-A7F8-AC0EC0B8071A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {BA8A7CCD-4077-4BB3-BC1F-79451A62EEE8} - System32\Tasks\GoogleWebUpdater => C:\Program Files (x86)\Client\GoogleWebUpdater.exe [2017-03-03] (NbPUrC Inc) <==== ATTENTION
Task: {C77A3121-3851-4113-B98A-D6D63D7A6134} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-19] (Dropbox, Inc.)
Task: {C8D68047-70D9-4FF7-BDF0-CAE15BE4A9BA} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {E0FCE9F0-EF84-4144-93CA-3A5BF65B6D41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-29] (Google Inc.)
Task: {E311963C-9F03-4667-88E5-DD146FE43338} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplorer (No Аdd-оns).lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chromе.lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Eхplоrеr Вrоwsеr.lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Сhrome.lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Сhrоme (2).lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Сhrоme (3).lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Сhrоme.lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Explorеr.lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhrоme.lnk -> C:\Users\George\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic

ShortcutWithArgument: C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d470b5d146496413\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-09-29 20:16 - 2015-01-09 15:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-02 18:19 - 2017-01-17 12:54 - 11755976 _____ () C:\xampp\mysql\bin\mysqld.exe
2016-09-29 19:02 - 2013-05-15 14:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
2017-02-21 13:09 - 2017-02-21 13:09 - 00052392 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-02-07 08:36 - 2017-02-01 01:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 08:36 - 2017-02-01 01:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00586912 _____ () C:\Program Files\Wireshark\libgcrypt-20.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00109728 _____ () C:\Program Files\Wireshark\libgpg-error6-0.dll
2016-10-04 10:08 - 2016-10-04 10:08 - 00124576 _____ () C:\Program Files\Wireshark\zlib1.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00217072 _____ () C:\Program Files\Wireshark\libcares-2.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00495448 _____ () C:\Program Files\Wireshark\libGeoIP-1.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 01033928 _____ () C:\Program Files\Wireshark\libgnutls-28.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00462480 _____ () C:\Program Files\Wireshark\libgmp-10.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00199408 _____ () C:\Program Files\Wireshark\libhogweed-2-4.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00196864 _____ () C:\Program Files\Wireshark\libnettle-4-6.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00261912 _____ () C:\Program Files\Wireshark\libp11-kit-0.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00047088 _____ () C:\Program Files\Wireshark\libffi-6.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00095152 _____ () C:\Program Files\Wireshark\libtasn1-6.dll
2016-10-04 10:07 - 2016-10-04 10:07 - 00746176 _____ () C:\Program Files\Wireshark\libsmi-2.dll
2016-10-04 10:08 - 2016-10-04 10:08 - 00271008 _____ () C:\Program Files\Wireshark\lua52.dll
2017-01-08 08:55 - 2016-12-06 02:46 - 00259264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2017-02-14 12:01 - 2017-02-14 12:01 - 31178840 _____ () C:\Users\George\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll
2017-03-02 18:19 - 2016-07-06 03:58 - 00414720 _____ () C:\xampp\apache\bin\pcre.dll
2017-03-02 18:19 - 2017-01-18 20:10 - 00145408 _____ () C:\xampp\php\libpq.dll
2017-03-02 18:19 - 2017-01-18 20:10 - 00176128 _____ () C:\xampp\apache\bin\libssh2.dll
2017-01-08 08:55 - 2016-03-01 14:00 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2017-01-08 08:55 - 2016-03-07 18:08 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2017-01-08 08:55 - 2004-10-05 03:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00019648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00090816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00182976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00163520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00056000 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00122048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00085696 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00032960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00070336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00160448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00296640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00078528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2017-01-08 08:55 - 2016-12-09 09:09 - 00305856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00210112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00026304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00074432 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00142016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00737984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00195776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00414400 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00162496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00029376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00114368 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00022720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00034496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00054464 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00066240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00074944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00221376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00079040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00020672 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00138432 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2017-01-08 08:55 - 2016-12-06 02:43 - 00021696 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2017-01-08 08:55 - 2016-12-06 02:44 - 00045248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2017-02-15 18:19 - 2017-02-15 18:19 - 00033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 00103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 00111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-02-15 18:19 - 2017-02-15 18:19 - 00041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 00405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-02-15 18:19 - 2017-02-15 18:19 - 00173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 01934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 01780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 00505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-02-15 18:19 - 2017-02-15 18:19 - 03812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2017-02-25 09:45 - 2017-02-25 09:45 - 00747520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbeb7089b#\3024ace56fffde9e0b0bf07e3d82e677\Microsoft.VisualStudio.Threading.ni.dll
2017-02-25 09:45 - 2017-02-25 09:45 - 00052224 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd43b287e#\741fd1664e66de74790e667b2434fc26\Microsoft.VisualStudio.Validation.ni.dll
2017-02-25 09:44 - 2017-02-25 09:44 - 01024000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vfd40090d#\f32b5231c8faa7c36d7425289150fa51\Microsoft.VisualStudio.Composition.ni.dll
2017-02-25 09:44 - 2017-02-25 09:44 - 00267776 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vad841153#\c614c7d3ff4d9203e1be7e3eac853ec6\Microsoft.VisualStudio.Composition.Configuration.ni.dll
2017-02-25 10:19 - 2017-02-25 10:19 - 00740176 _____ () C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\git2-msvstfs.DLL
2017-01-08 08:55 - 2016-12-06 02:44 - 00210112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\George:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-02-11 23:07 - 00001004 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{09342D4C-B742-461B-B892-7CFF19F0D972}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{14741D68-9522-40D8-A0FC-C0EA3B87B5DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A86B23A-154E-4982-801E-144DE83EEFE1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EA12E68D-E988-42E4-9DE0-505C9BCAECE3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9DE7C05A-B4D9-4668-91AC-2D12E9665933}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C1282877-8C70-45B5-AAF3-2E12C60FBEDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{EDF20F40-7E71-49FB-98C4-722A6106BA49}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7740DF19-9866-4CA9-A099-3AE211013DAE}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{699293D7-4230-4D39-BDBC-FB6A3F9AA506}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F9F9FC7F-E766-4E4F-9641-5DC10C2029FA}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D5E7A468-B4B9-471F-8DDD-A651C7099DBE}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{D7D48099-C265-4E40-BF90-2ED7C98360A9}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [{E6F0880C-FA21-403C-A31B-C5967F04E88F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{9BF66ECD-A7E9-4E94-BCF3-CA1446786545}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5690ED7A-979B-429E-BE52-B4ED779C1E55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{D73ECD33-42C4-4E2F-A04F-1D6B483C9D57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{19EBB392-D739-43BD-8A58-0DE02877A903}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{FE465CEB-2E4C-4AA9-B2B0-2E84C1A8BA97}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{987770DA-9FE0-45B1-BB4C-372B11CBADF9}] => (Allow) C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D161E34C-8090-49F1-9821-87E6347349F9}] => (Allow) C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B1278658-9BD6-4BEA-A958-34BEFA34D815}] => (Allow) C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C1542BF0-6886-4771-8004-797E9DF46ABC}] => (Allow) C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{096426A3-F992-4D11-B17B-C189BF6897AD}] => (Allow) C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7D367B63-C955-49EA-AAE7-3701263B180A}] => (Allow) C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EB33F13-F06C-4B0D-BF37-82780577612C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{281C3405-2552-4BB3-BE22-B310D5A26874}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{5824697B-C373-44AF-9EBD-BA814972A96D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9B580144-7B83-4B96-889C-2603DAE9B197}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{50B6A797-8796-4B76-82E5-09EC18745DF1}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{F829D05B-E8DF-47B1-A3D5-79D312E14717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{AA46BDC7-98BD-490B-8FA3-FDD49B08BCE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{5C31134D-2CA7-4F0E-B86B-4AFD68410F28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{4BC073B2-3E49-4DE2-A473-D3092C4CDA47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{BF854E62-C736-4791-8481-A30BF5CF4967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{FE1C8AD4-1911-4982-98BF-D11D1F81A727}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{75AD38D5-A47C-4046-BD47-5AEB7B7F5031}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{55AA01E7-25C9-47EE-8941-0D45F28EE752}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{7D292281-788E-4826-B61E-A45D0F9BF15B}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{B4580410-5E60-4B25-BB73-D919A6E8C0CA}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{51D9F29D-0E0D-4E2C-B229-85016B2D3DEF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{927564BC-5B8F-4B4F-B2AD-751EAD036E83}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{46A7BE4F-A316-4EBF-8B14-173D43C043EB}C:\users\george\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\george\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DB272361-E744-42B2-B938-048D8B86D3C5}C:\users\george\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\george\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{3AB876C9-3554-471C-8158-5B2E7C94E6BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{42D6B01F-8346-4B8C-A32F-2AA1CF75F0A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{0BE68DBE-CD99-4FF9-9D69-CED525F79742}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{C09A0295-25C0-451D-B45A-62915215A133}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{FB527EA5-084E-4FCC-A88B-575926E61AC8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{A69F8FAB-57AB-472E-8481-46B01A42A9D9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{681FB86C-F7ED-4CF0-8C97-07C883368373}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{ABAFA1BD-9EB7-4118-BD0E-EDD21EB13321}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{3EA75DD2-1950-46EA-9A81-1CE64CBE329E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{3B9E333C-8608-48AB-BA54-B90AA2020706}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{B0546A36-682A-476B-96D3-807F4274759B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{44280BE0-33CF-4355-85C3-D047F80F60EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{5B20DCAF-6574-4991-BA23-538B758FE1B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E928007D-CD8A-4374-927C-051F42403A19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{94ED6234-D8EC-48B4-8286-7887D5938AD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{375C5180-1F4A-45A0-B650-67C17A7EDF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{2B105E5A-456F-479E-8701-EFFED0909B54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66A91751-F89B-4324-B1EC-2BB1086A1998}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E3C75F99-52DC-422C-89C6-71F550BDF6ED}C:\users\george\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\george\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{51F2A4D0-BFA7-4CF2-83B6-705E2FD565BB}C:\users\george\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\george\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [TCP Query User{6B5E8F6B-BE2E-4A3A-8478-7E2FCAA1F9C8}C:\users\george\desktop\superswag bot\phantomjs.exe] => (Allow) C:\users\george\desktop\superswag bot\phantomjs.exe
FirewallRules: [UDP Query User{C79F0C3F-3539-4C89-BABB-F87F308D86E1}C:\users\george\desktop\superswag bot\phantomjs.exe] => (Allow) C:\users\george\desktop\superswag bot\phantomjs.exe
FirewallRules: [{36C85D25-51E5-4D88-8364-2C43026DCA03}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F663D658-8A95-4964-83B3-738B38959E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{0B6C7AC8-242F-431B-B205-43617EE97A43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{15994AB5-5C8B-4604-A1DC-84E4191539D5}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{23D421A7-96FE-41B0-9CEC-6EEFB441C1CF}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{3A04E114-BC1C-481E-A234-560947146EB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7C881E41-B8AC-4BC0-B247-B6C5C9AF4B8E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BF82AE63-3D99-411D-9D75-B6397B7A0275}C:\program files (x86)\pp助手5.0\pphelper5.exe] => (Allow) C:\program files (x86)\pp助手5.0\pphelper5.exe
FirewallRules: [UDP Query User{EC9986BE-D257-4299-9670-C3CF10A6F6BD}C:\program files (x86)\pp助手5.0\pphelper5.exe] => (Allow) C:\program files (x86)\pp助手5.0\pphelper5.exe
FirewallRules: [TCP Query User{400763CA-37DD-470E-A177-1C0631E5A33C}C:\program files (x86)\pp助手5.0\adevicehelpermon.exe] => (Allow) C:\program files (x86)\pp助手5.0\adevicehelpermon.exe
FirewallRules: [UDP Query User{424A5E13-EB6C-45C9-9A0E-3DAB855E1908}C:\program files (x86)\pp助手5.0\adevicehelpermon.exe] => (Allow) C:\program files (x86)\pp助手5.0\adevicehelpermon.exe
FirewallRules: [{FB3378F0-E783-4898-8999-394678257CDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4AECF955-3348-4528-84C6-BC8B9C55C405}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B37889F-D36D-48E8-B6A5-9C8FAB0C958D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62DC6484-7D7B-45AF-AB2D-841FA4B2D5C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA2DD4D1-FFE9-4BE9-932E-6994DDA099A2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B99C51C4-D347-42F6-BB27-8F5075E840FD}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{BF2D2164-E8B9-42D7-990E-2D4F39405BB6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{50920271-4AC5-4064-890E-E97CE66E853F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{67D3CA62-8021-4942-9E39-E6816617D1F7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{1D1C3367-0200-4C79-9B1A-3BD18F9AE559}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{646139FB-4F4F-4EB0-B47A-799DF8C4A7A6}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{A08F372C-9BB0-40EA-9034-A4316CE82592}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{30748754-A344-4D05-8E02-5E878B9EB8AA}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [{555219B7-DC2D-4ED3-B3DC-C0FCD388F18B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hack_me\nw.exe
FirewallRules: [{628E15FF-73F9-4BA1-88DF-3D37417E9377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hack_me\nw.exe
FirewallRules: [{D1A065AD-C8CD-4EE9-A7FD-61643683956D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hack RUN\HackRUN.exe
FirewallRules: [{16A74F36-6C12-4424-B09F-257F8F59ECF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hack RUN\HackRUN.exe
FirewallRules: [{10FD4F74-D0B2-4CAE-8EF1-3782A5E3195B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{878FA977-690A-4B95-9B14-5B016D70B59C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

==================== Restore Points =========================

25-02-2017 10:14:14 Update for Microsoft Visual Studio 2015 (KB3165756)
25-02-2017 10:17:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
25-02-2017 10:17:40 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
25-02-2017 10:18:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
25-02-2017 10:18:36 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
28-02-2017 16:33:07 Installed Purifier
04-03-2017 13:03:36 Windows Update

==================== Faulty Device Manager Devices =============

Name: Performance Counters
Description: Performance Counters
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: System Interrupt Controller
Description: System Interrupt Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2017 02:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST.exe, version: 4.3.2017.0, time stamp: 0x58baa971
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x1760
Faulting application start time: 0x01d29532f2270bda
Faulting application path: C:\Users\George\Downloads\FRST.exe
Faulting module path: unknown
Report Id: 302067f3-0126-11e7-99a3-74da385c9105

Error: (03/04/2017 02:01:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WerFault.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x2068
Faulting application start time: 0x01d29532e483c9cb
Faulting application path: C:\Windows\SysWOW64\WerFault.exe
Faulting module path: unknown
Report Id: 223c9982-0126-11e7-99a3-74da385c9105

Error: (03/04/2017 02:01:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x2144
Faulting application start time: 0x01d29532e3d7a8c6
Faulting application path: C:\Windows\ERUNT.exe
Faulting module path: unknown
Report Id: 2232391b-0126-11e7-99a3-74da385c9105

Error: (03/04/2017 01:53:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vshub.exe, version: 14.0.25420.1, time stamp: 0x57685d5c
Faulting module name: ntdll.dll, version: 6.1.7601.23539, time stamp: 0x57c997df
Exception code: 0xc0000409
Fault offset: 0x00075885
Faulting process id: 0x19e4
Faulting application start time: 0x01d29531759f5945
Faulting application path: C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\vshub.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 123b67ca-0125-11e7-99a3-74da385c9105

Error: (03/04/2017 01:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam.exe, version: 3.78.49.52, time stamp: 0x5880152a
Faulting module name: ntdll.dll, version: 6.1.7601.23539, time stamp: 0x57c997df
Exception code: 0xc0000409
Fault offset: 0x00075885
Faulting process id: 0x18a4
Faulting application start time: 0x01d2953096f01ab7
Faulting application path: C:\Program Files (x86)\Steam\Steam.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 28685f9c-0124-11e7-99a3-74da385c9105

Error: (03/04/2017 01:47:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameOverlayUI.exe, version: 3.78.49.52, time stamp: 0x5880155f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x17f4
Faulting application start time: 0x01d29530be367b21
Faulting application path: C:\Program Files (x86)\Steam\GameOverlayUI.exe
Faulting module path: unknown
Report Id: 1f556529-0124-11e7-99a3-74da385c9105

Error: (03/04/2017 01:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x582e1b2f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x1cd8
Faulting application start time: 0x01d29530a642e5fe
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
Faulting module path: unknown
Report Id: 1c0f7cb4-0124-11e7-99a3-74da385c9105

Error: (03/04/2017 01:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameOverlayUI.exe, version: 3.78.49.52, time stamp: 0x5880155f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x614
Faulting application start time: 0x01d29530ac3a55f7
Faulting application path: C:\Program Files (x86)\Steam\GameOverlayUI.exe
Faulting module path: unknown
Report Id: f83ae785-0123-11e7-99a3-74da385c9105

Error: (03/04/2017 01:45:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam.exe, version: 3.78.49.52, time stamp: 0x5880152a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x1f74
Faulting application start time: 0x01d29530926a7130
Faulting application path: C:\Program Files (x86)\Steam\Steam.exe
Faulting module path: unknown
Report Id: d0952d14-0123-11e7-99a3-74da385c9105

Error: (03/04/2017 01:33:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam.exe, version: 3.78.49.52, time stamp: 0x5880152a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x738bfff6
Faulting process id: 0x69c
Faulting application start time: 0x01d2952ee7685a53
Faulting application path: C:\Program Files (x86)\Steam\Steam.exe
Faulting module path: unknown
Report Id: 29a0e619-0122-11e7-99a3-74da385c9105


System errors:
=============
Error: (03/04/2017 01:19:31 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (03/04/2017 01:19:12 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (03/04/2017 01:19:12 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (03/04/2017 01:18:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/04/2017 01:17:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (03/04/2017 01:17:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (03/04/2017 01:17:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not start due to a logon failure.

Error: (03/04/2017 01:17:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/04/2017 01:17:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (03/04/2017 01:17:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
Percentage of memory in use: 16%
Total physical RAM: 32707.26 MB
Available physical RAM: 27318.62 MB
Total Virtual: 65412.71 MB
Available Virtual: 59415 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:431.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

87b91f098803dbb9891147ee2cf3d954.png

Edited by soss
Link to post
Share on other sites

Hello soss and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Continue as the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

1 hour ago, kevinf80 said:
Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

That took much longer than expected!

 

Problem still persists. Attached a photo of the program.

 

Attached all log files in order.

Fixlog.txt

mbamsummary.txt

AdwCleaner[S1].txt

SophosVirusRemovalTool.txt

c5359fde9e8d8e04d22ca3a84dd0c308.png

Edited by soss
Link to post
Share on other sites

4 minutes ago, kevinf80 said:

What is the current status of your PC, any remaining issues or concerns...?  Can you run AdwCleaner again, this time use the clean option...

Thank you,

Kevin...

I used the clean option earlier. Everything is clean with AdwCleaner. 

 

The program is trying to stop me from using applications. Running AdwCleaner, Sophos, or Malwarebytes while the program is running causes it to instantly crash. I can only End Program for about 15 seconds, then it pops back up.

Problem still persists.

 

In my last reply I added a photo of the program.

Edited by soss
Link to post
Share on other sites

The AdwCleaner log only listed "Found" entries, nothing cleaned... I saw you image with problem you mention... I had that listed in FRST fix..

Quote

HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\system32\HKU\S-1-5-21-4232678915-1373507776-2741593813-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\system32\GoogleWebUpdaters.exe""

In the fix the "Shell" value was restored to default and "GoogleWebUpdaters.exe" listed as not found..? lets run FRST again as follows..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

Link to post
Share on other sites

9 minutes ago, kevinf80 said:

The AdwCleaner log only listed "Found" entries, nothing cleaned... I saw you image with problem you mention... I had that listed in FRST fix..

In the fix the "Shell" value was restored to default and "GoogleWebUpdaters.exe" listed as not found..? lets run FRST again as follows..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Post those logs, also can you check in Taskmanager  see if the nuisance is now gone...

Thank you,

Kevin

 

 

fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

Alright. Ran the new fixlist.

After computer restart, it appears that the malware isn't running according to Task Manager. Also the file folder "Client" (which held the malware/virus), is no longer accessible. 

 

Just want to confirm that this is wiped before calling it resolved. 

 

I've got to go run an errand here soon, so I'm posting the fixlog now. 

 

Currently scanning with  Zemana AntiMalware. I'll come back and update once I'm back home.

Fixlog.txt

Link to post
Share on other sites

Yes we catch all folders and entries related GoogleWebUpdaters this time, just Zemana log to check.... Its almost 1:30am local time for me, i`ll catch up after some much needed sleep... Use your system as normal after Zemana completes, let me know if any remaining issues or concerns....

Thanks,

Kevin

Link to post
Share on other sites

Zemana AntiMalware 2.72.2.101 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/3/4
Operating System       : Windows 7 64-bit
Processor              : 12X Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
BIOS Mode              : UEFI
CUID                   : 123963FC04A8AD25CF0C75
Scan Type              : System Scan
Duration               : 15m 17s
Scanned Objects        : 226471
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

SteamTrade.dll
Status             : Scanned
Object             : %userprofile%\desktop\csgo\steambot-master\steamtrade\obj\debug\steamtrade.dll
MD5                : 1DD95F7B650F50DFB2E89D05C450940A
Publisher          : -
Size               : 116736
Version            : 0.1.0.15471
Detection          : Trojan:MSIL/Generic
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\csgo\steambot-master\steamtrade\obj\debug\steamtrade.dll

SteamTrade.dll
Status             : Scanned
Object             : %userprofile%\desktop\csgo\steambot-master\bin\debug\steamtrade.dll
MD5                : 1DD95F7B650F50DFB2E89D05C450940A
Publisher          : -
Size               : 116736
Version            : 0.1.0.15471
Detection          : Trojan:MSIL/Generic
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\csgo\steambot-master\bin\debug\steamtrade.dll

SteamTrade.dll
Status             : Scanned
Object             : %userprofile%\desktop\csgo\steambot-master\steamtrade\bin\debug\steamtrade.dll
MD5                : 1DD95F7B650F50DFB2E89D05C450940A
Publisher          : -
Size               : 116736
Version            : 0.1.0.15471
Detection          : Trojan:MSIL/Generic
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\csgo\steambot-master\steamtrade\bin\debug\steamtrade.dll

ethminer.exe
Status             : Scanned
Object             : %userprofile%\desktop\eth_pp_ua-cudaminer\ethminer-cuda-0.9.41\ethminer.exe
MD5                : D0B3AC40EE7611685FA7C5008BE611C7
Publisher          : -
Size               : 2283520
Version            : -
Detection          : RiskTool:Win32/BitCoinMiner
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\eth_pp_ua-cudaminer\ethminer-cuda-0.9.41\ethminer.exe

ethminer.exe
Status             : Scanned
Object             : %userprofile%\desktop\eth_pp_ua-cudaminer\ethminer.exe
MD5                : 6CC1CB34D1CD734F9EEB58149C83230D
Publisher          : -
Size               : 1527296
Version            : -
Detection          : RiskTool:Win32/BitCoinMiner
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\eth_pp_ua-cudaminer\ethminer.exe

cgminer.exe
Status             : Scanned
Object             : %userprofile%\desktop\cgminer-3-1-1-zeus-x6-windows\cgminer.exe
MD5                : 6B9192D5AFF618A98EB10D5D9A303A75
Publisher          : -
Size               : 375443
Version            : -
Detection          : Malware:Win32/Cognito.A!Kmle
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\cgminer-3-1-1-zeus-x6-windows\cgminer.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 6
Reported as safe      : 0
Failed                : 0
 

Link to post
Share on other sites

Thanks for that log, any remaining issues or concerns... If none continue to clean up..

Uninstall Sophos and Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.