Unable to open malwarebytes or any virus software

[mertaugh]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by merta (administrator) on DESKTOP-VP3SFLM (11-03-2017 12:32:11)
Running from C:\Users\merta\Downloads
Loaded Profiles: merta (Available Profiles: defaultuser0 & merta)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Autodesk, Inc.) D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe
(Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe
(Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe
(Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\merta\AppData\Local\Temp\20170310\ct.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Discord] => C:\Users\merta\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [DiscordPTB] => C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe [64290304 2017-01-03] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Akamai NetSession Interface] => C:\Users\merta\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [uTorrent] => C:\Users\merta\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-09] (BitTorrent Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{18f7573c-5615-425c-bbd4-8676c6d09886}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3308240972-949208329-912309981-1001: jpl.nasa.gov/NASAEyes -> C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-02-15] (Jet Propulsion Laboratory)

Chrome:
=======
CHR StartupUrls: Default -> "chrome://newtab/"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15]
CHR Extension: (Google Docs) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15]
CHR Extension: (Google Drive) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14]
CHR Extension: (MEGA) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09]
CHR Extension: (YouTube) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (uBlock Origin) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-03-08]
CHR Extension: (Google Sheets) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15]
CHR Extension: (Causality Games) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-03-08]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-03-08]
CHR Extension: (Chrome Remote Desktop) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-08]
CHR Extension: (Steambirds: Survival) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2017-03-08]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 mitsijm2017; D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-15] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-15] (Electronic Arts)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 12:30 - 2017-03-11 12:31 - 00067268 _____ C:\Users\merta\Downloads\Addition.txt
2017-03-11 12:29 - 2017-03-11 12:32 - 00016756 _____ C:\Users\merta\Downloads\FRST.txt
2017-03-11 12:29 - 2017-03-11 12:32 - 00000000 ____D C:\FRST
2017-03-11 12:27 - 2017-03-11 12:27 - 02424320 _____ (Farbar) C:\Users\merta\Downloads\FRST64.exe
2017-03-11 12:17 - 2017-03-11 12:26 - 00000000 ____D C:\ProgramData\Avg
2017-03-11 12:17 - 2017-03-11 12:18 - 00000000 ____D C:\Users\merta\AppData\Local\AvgSetupLog
2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ____D C:\Users\merta\AppData\Local\Avg
2017-03-11 12:16 - 2017-03-11 12:17 - 03212664 _____ (AVG Technologies CZ, s.r.o.) C:\Users\merta\Downloads\AVG_Antivirus_Free_1918.exe
2017-03-11 12:13 - 2017-03-11 12:13 - 06656568 _____ (AVAST Software) C:\Users\merta\Downloads\avast_pro_antivirus_setup_online.exe
2017-03-11 12:13 - 2017-03-11 12:13 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-11 12:04 - 2017-03-11 12:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-11 12:04 - 2017-03-11 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-11 12:04 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-11 12:03 - 2017-03-11 12:03 - 57131432 _____ (Malwarebytes ) C:\Users\merta\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-11 11:59 - 2017-03-11 12:02 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9A90389-D2EB-4FD2-9123-B48CDAFF5A3F}
2017-03-10 07:23 - 2017-03-10 07:23 - 00000000 ____D C:\Users\merta\AppData\Local\Skyrim Special Edition
2017-03-10 07:22 - 2017-03-10 07:22 - 00000884 _____ C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk
2017-03-10 07:22 - 2017-03-10 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition
2017-03-10 00:12 - 2017-03-10 00:12 - 00000000 ____D C:\Program Files (x86)\regtool
2017-03-09 22:15 - 2017-03-09 22:21 - 00000000 ____D C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX
2017-03-09 22:15 - 2017-03-09 22:15 - 00056846 _____ C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX.torrent
2017-03-09 22:12 - 2017-03-10 16:19 - 00000000 ____D C:\Users\merta\AppData\Local\llssoft
2017-03-09 22:12 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-03-09 22:10 - 2017-03-09 22:10 - 00412348 _____ C:\Windows\Minidump\030917-11390-01.dmp
2017-03-09 22:07 - 2017-03-10 19:13 - 01851904 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\dataup
2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818
2017-03-09 22:05 - 2017-03-09 22:05 - 00003670 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mertaugh1234@yahoo.com
2017-03-09 22:05 - 2017-03-09 22:05 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c
2017-03-09 22:00 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition-CODEX
2017-03-09 16:15 - 2017-03-09 16:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\Users\merta\Tracing
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Skype
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-09 16:14 - 2017-03-09 16:14 - 01631200 _____ (Skype Technologies S.A.) C:\Users\merta\Downloads\SkypeSetup.exe
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120
2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842
2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07
2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e
2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028
2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721
2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854
2017-03-08 15:54 - 2017-03-08 15:54 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2017-03-08 15:18 - 2017-03-08 15:50 - 00000000 ____D C:\Users\merta\Desktop\graphic-design-basics
2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0
2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Adobe
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91
2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48
2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca
2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a
2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f
2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9
2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31
2017-03-08 14:50 - 2017-03-08 14:50 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ___RD C:\Users\merta\Creative Cloud Files
2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-08 14:10 - 2017-03-08 14:10 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-03-08 14:10 - 2017-03-08 14:10 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-03-08 14:09 - 2017-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-03-08 14:05 - 2017-03-08 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-08 14:04 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Adobe
2017-03-08 14:02 - 2017-03-09 22:05 - 00000000 ____D C:\Program Files\Adobe
2017-03-08 14:02 - 2017-03-08 16:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-03-08 14:00 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\Adobe
2017-03-08 13:59 - 2017-03-11 12:02 - 00000000 ____D C:\Users\merta\AppData\Local\Adobe
2017-03-08 13:01 - 2017-03-08 15:13 - 00000000 ____D C:\Users\merta\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
2017-03-04 11:36 - 2017-03-04 11:46 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband Savegames
2017-03-04 11:33 - 2017-03-04 11:43 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband
2017-03-04 11:33 - 2017-03-04 11:33 - 00000000 ____D C:\Users\merta\AppData\Roaming\Mount&Blade Warband
2017-03-03 17:49 - 2017-03-03 17:49 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-03 17:49 - 2017-03-03 17:49 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-03 17:48 - 2017-03-09 22:09 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-03 17:48 - 2017-03-03 17:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-03 17:48 - 2017-03-03 17:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-03 17:43 - 2017-03-03 17:43 - 01129376 _____ (Google Inc.) C:\Users\merta\Downloads\ChromeSetup.exe
2017-03-02 17:38 - 2017-03-02 17:54 - 00000222 _____ C:\Users\merta\Desktop\TerraTech.url
2017-02-28 16:52 - 2017-02-28 16:52 - 00000222 _____ C:\Users\merta\Desktop\Subnautica.url
2017-02-27 22:13 - 2017-02-27 22:13 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Sound recordings
2017-02-27 20:48 - 2017-02-27 20:48 - 00000000 ____D C:\Users\merta\AppData\Roaming\.mono
2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Unity
2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Payload
2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\Desktop\µTorrent.lnk
2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-02-26 16:17 - 2017-03-11 12:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\uTorrent
2017-02-26 16:17 - 2017-02-26 16:17 - 02400960 _____ (BitTorrent Inc.) C:\Users\merta\Downloads\uTorrent.exe
2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech
2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Jet Propulsion Laboratory
2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys
2017-02-19 21:58 - 2017-02-19 21:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\UnrealEngine
2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\SwordWithSauce1_4
2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-02-19 21:55 - 2017-02-19 21:55 - 00000222 _____ C:\Users\merta\Desktop\Sword With Sauce Alpha.url
2017-02-19 19:31 - 2017-02-19 19:31 - 00000222 _____ C:\Users\merta\Desktop\ShellShock Live.url
2017-02-19 19:31 - 2017-02-19 19:31 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Kyle Champ
2017-02-19 15:52 - 2017-02-19 15:52 - 00000000 ____D C:\Windows\system32\5f3db57aa780ac998e1d90..bin
2017-02-19 07:50 - 2017-02-19 07:50 - 00000000 ____D C:\Users\merta\AppData\Local\My Games
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\MSBuild
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-19 07:48 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-02-19 07:48 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-02-19 07:02 - 2017-02-19 07:02 - 00000220 _____ C:\Users\merta\Desktop\Sid Meier's Civilization V.url
2017-02-19 07:01 - 2017-02-19 07:01 - 00000279 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-02-15 17:51 - 2017-02-15 17:51 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 12:19 - 2017-01-14 16:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\Skype
2017-03-11 12:08 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-11 12:07 - 2017-01-14 16:28 - 02793706 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 12:04 - 2017-01-15 17:26 - 00003656 _____ C:\Windows\System32\Tasks\AutoKMS
2017-03-11 12:04 - 2017-01-14 16:29 - 00000000 ____D C:\Users\merta\AppData\Local\MicrosoftEdge
2017-03-11 12:01 - 2017-01-14 18:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 12:00 - 2017-01-15 16:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-11 12:00 - 2017-01-14 16:25 - 00000000 ____D C:\Users\merta
2017-03-11 12:00 - 2016-07-16 00:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-03-11 11:06 - 2017-01-14 18:21 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-10 07:23 - 2017-01-14 18:28 - 00000000 ____D C:\Users\merta\OneDrive\Documents\My Games
2017-03-09 22:10 - 2017-01-15 16:39 - 1055829501 _____ C:\Windows\MEMORY.DMP
2017-03-09 22:10 - 2017-01-15 16:39 - 00000000 ____D C:\Windows\Minidump
2017-03-09 16:14 - 2017-01-14 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-08 15:54 - 2017-01-14 16:26 - 00000000 ____D C:\Users\merta\AppData\Roaming\Adobe
2017-03-06 15:24 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-03 17:43 - 2017-01-14 16:31 - 00000000 ____D C:\Users\merta\AppData\Local\Google
2017-03-01 21:11 - 2017-01-14 16:29 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-01 21:11 - 2017-01-14 16:28 - 00002363 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-01 21:11 - 2017-01-14 16:28 - 00000000 ___RD C:\Users\merta\OneDrive
2017-02-28 22:28 - 2017-01-16 16:05 - 00000000 ____D C:\ProgramData\Origin
2017-02-28 22:23 - 2017-01-16 16:07 - 00000000 ____D C:\Users\merta\AppData\Roaming\Origin
2017-02-25 21:14 - 2017-01-15 23:37 - 00000000 ____D C:\Windows\system32\MRT
2017-02-25 21:13 - 2017-01-15 23:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-25 21:13 - 2016-07-16 05:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-19 15:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\rescache
2017-02-19 07:49 - 2016-07-16 05:45 - 00000000 ____D C:\Windows\INF
2017-02-18 21:31 - 2017-01-15 18:39 - 00000000 ____D C:\Users\merta\AppData\Roaming\discordptb
2017-02-16 17:34 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 17:51 - 2017-01-25 17:12 - 00000945 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-02-14 15:29 - 2017-01-14 17:00 - 00000000 ____D C:\AMD

==================== Files in the root of some directories =======

2017-01-14 19:26 - 2017-01-14 19:26 - 0140288 _____ () C:\Users\merta\AppData\Roaming\Installer.dat
2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\run.txt
2017-01-14 19:25 - 2017-01-14 19:25 - 0000001 _____ () C:\Users\merta\AppData\Local\setupsuccessful.txt
2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\stxtname.txt

Some files in TEMP:
====================
2017-03-08 14:09 - 2017-03-08 14:09 - 0288456 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AAMHelper.exe
2017-03-08 14:06 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AdobeApplicationManager.exe
2017-03-09 22:05 - 2017-03-09 22:05 - 1850711 _____ () C:\Users\merta\AppData\Local\Temp\cpa.exe
2017-02-23 16:44 - 2017-02-15 11:58 - 0223160 _____ () C:\Users\merta\AppData\Local\Temp\EyesLauncher.exe
2017-03-09 22:06 - 2017-03-09 22:06 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\merta\AppData\Local\Temp\fox.exe
2017-01-15 17:19 - 2017-01-15 17:19 - 1066336 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\PidGenX.dll
2017-03-09 16:14 - 2017-03-09 16:14 - 14456872 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\vc_redist.x86.exe
2017-03-09 22:06 - 2017-03-09 22:06 - 0011273 _____ () C:\Users\merta\AppData\Local\Temp\wowrr.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-08 21:01

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by merta (administrator) on DESKTOP-VP3SFLM (11-03-2017 12:32:11)
Running from C:\Users\merta\Downloads
Loaded Profiles: merta (Available Profiles: defaultuser0 & merta)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Autodesk, Inc.) D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe
(Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe
(Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe
(Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\merta\AppData\Local\Temp\20170310\ct.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Discord] => C:\Users\merta\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [DiscordPTB] => C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe [64290304 2017-01-03] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Akamai NetSession Interface] => C:\Users\merta\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [uTorrent] => C:\Users\merta\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-09] (BitTorrent Inc.)
HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{18f7573c-5615-425c-bbd4-8676c6d09886}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3308240972-949208329-912309981-1001: jpl.nasa.gov/NASAEyes -> C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-02-15] (Jet Propulsion Laboratory)

Chrome:
=======
CHR StartupUrls: Default -> "chrome://newtab/"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15]
CHR Extension: (Google Docs) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15]
CHR Extension: (Google Drive) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14]
CHR Extension: (MEGA) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09]
CHR Extension: (YouTube) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (uBlock Origin) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-03-08]
CHR Extension: (Google Sheets) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15]
CHR Extension: (Causality Games) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-03-08]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-03-08]
CHR Extension: (Chrome Remote Desktop) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-08]
CHR Extension: (Steambirds: Survival) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2017-03-08]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 mitsijm2017; D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-15] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-15] (Electronic Arts)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 12:30 - 2017-03-11 12:31 - 00067268 _____ C:\Users\merta\Downloads\Addition.txt
2017-03-11 12:29 - 2017-03-11 12:32 - 00016756 _____ C:\Users\merta\Downloads\FRST.txt
2017-03-11 12:29 - 2017-03-11 12:32 - 00000000 ____D C:\FRST
2017-03-11 12:27 - 2017-03-11 12:27 - 02424320 _____ (Farbar) C:\Users\merta\Downloads\FRST64.exe
2017-03-11 12:17 - 2017-03-11 12:26 - 00000000 ____D C:\ProgramData\Avg
2017-03-11 12:17 - 2017-03-11 12:18 - 00000000 ____D C:\Users\merta\AppData\Local\AvgSetupLog
2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ____D C:\Users\merta\AppData\Local\Avg
2017-03-11 12:16 - 2017-03-11 12:17 - 03212664 _____ (AVG Technologies CZ, s.r.o.) C:\Users\merta\Downloads\AVG_Antivirus_Free_1918.exe
2017-03-11 12:13 - 2017-03-11 12:13 - 06656568 _____ (AVAST Software) C:\Users\merta\Downloads\avast_pro_antivirus_setup_online.exe
2017-03-11 12:13 - 2017-03-11 12:13 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-11 12:04 - 2017-03-11 12:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-11 12:04 - 2017-03-11 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-11 12:04 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-11 12:03 - 2017-03-11 12:03 - 57131432 _____ (Malwarebytes ) C:\Users\merta\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-11 11:59 - 2017-03-11 12:02 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9A90389-D2EB-4FD2-9123-B48CDAFF5A3F}
2017-03-10 07:23 - 2017-03-10 07:23 - 00000000 ____D C:\Users\merta\AppData\Local\Skyrim Special Edition
2017-03-10 07:22 - 2017-03-10 07:22 - 00000884 _____ C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk
2017-03-10 07:22 - 2017-03-10 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition
2017-03-10 00:12 - 2017-03-10 00:12 - 00000000 ____D C:\Program Files (x86)\regtool
2017-03-09 22:15 - 2017-03-09 22:21 - 00000000 ____D C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX
2017-03-09 22:15 - 2017-03-09 22:15 - 00056846 _____ C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX.torrent
2017-03-09 22:12 - 2017-03-10 16:19 - 00000000 ____D C:\Users\merta\AppData\Local\llssoft
2017-03-09 22:12 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-03-09 22:10 - 2017-03-09 22:10 - 00412348 _____ C:\Windows\Minidump\030917-11390-01.dmp
2017-03-09 22:07 - 2017-03-10 19:13 - 01851904 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\dataup
2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818
2017-03-09 22:05 - 2017-03-09 22:05 - 00003670 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mertaugh1234@yahoo.com
2017-03-09 22:05 - 2017-03-09 22:05 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c
2017-03-09 22:00 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition-CODEX
2017-03-09 16:15 - 2017-03-09 16:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\Users\merta\Tracing
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Skype
2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-09 16:14 - 2017-03-09 16:14 - 01631200 _____ (Skype Technologies S.A.) C:\Users\merta\Downloads\SkypeSetup.exe
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120
2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842
2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07
2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e
2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028
2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721
2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854
2017-03-08 15:54 - 2017-03-08 15:54 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2017-03-08 15:18 - 2017-03-08 15:50 - 00000000 ____D C:\Users\merta\Desktop\graphic-design-basics
2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0
2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Adobe
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91
2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48
2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca
2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a
2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f
2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9
2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31
2017-03-08 14:50 - 2017-03-08 14:50 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ___RD C:\Users\merta\Creative Cloud Files
2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-08 14:10 - 2017-03-08 14:10 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-03-08 14:10 - 2017-03-08 14:10 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-03-08 14:09 - 2017-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-03-08 14:05 - 2017-03-08 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-08 14:04 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Adobe
2017-03-08 14:02 - 2017-03-09 22:05 - 00000000 ____D C:\Program Files\Adobe
2017-03-08 14:02 - 2017-03-08 16:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-03-08 14:00 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\Adobe
2017-03-08 13:59 - 2017-03-11 12:02 - 00000000 ____D C:\Users\merta\AppData\Local\Adobe
2017-03-08 13:01 - 2017-03-08 15:13 - 00000000 ____D C:\Users\merta\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
2017-03-04 11:36 - 2017-03-04 11:46 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband Savegames
2017-03-04 11:33 - 2017-03-04 11:43 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband
2017-03-04 11:33 - 2017-03-04 11:33 - 00000000 ____D C:\Users\merta\AppData\Roaming\Mount&Blade Warband
2017-03-03 17:49 - 2017-03-03 17:49 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-03 17:49 - 2017-03-03 17:49 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-03 17:48 - 2017-03-09 22:09 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-03 17:48 - 2017-03-03 17:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-03 17:48 - 2017-03-03 17:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-03 17:43 - 2017-03-03 17:43 - 01129376 _____ (Google Inc.) C:\Users\merta\Downloads\ChromeSetup.exe
2017-03-02 17:38 - 2017-03-02 17:54 - 00000222 _____ C:\Users\merta\Desktop\TerraTech.url
2017-02-28 16:52 - 2017-02-28 16:52 - 00000222 _____ C:\Users\merta\Desktop\Subnautica.url
2017-02-27 22:13 - 2017-02-27 22:13 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Sound recordings
2017-02-27 20:48 - 2017-02-27 20:48 - 00000000 ____D C:\Users\merta\AppData\Roaming\.mono
2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Unity
2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Payload
2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\Desktop\µTorrent.lnk
2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-02-26 16:17 - 2017-03-11 12:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\uTorrent
2017-02-26 16:17 - 2017-02-26 16:17 - 02400960 _____ (BitTorrent Inc.) C:\Users\merta\Downloads\uTorrent.exe
2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech
2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Jet Propulsion Laboratory
2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys
2017-02-19 21:58 - 2017-02-19 21:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\UnrealEngine
2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\SwordWithSauce1_4
2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-02-19 21:55 - 2017-02-19 21:55 - 00000222 _____ C:\Users\merta\Desktop\Sword With Sauce Alpha.url
2017-02-19 19:31 - 2017-02-19 19:31 - 00000222 _____ C:\Users\merta\Desktop\ShellShock Live.url
2017-02-19 19:31 - 2017-02-19 19:31 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Kyle Champ
2017-02-19 15:52 - 2017-02-19 15:52 - 00000000 ____D C:\Windows\system32\5f3db57aa780ac998e1d90..bin
2017-02-19 07:50 - 2017-02-19 07:50 - 00000000 ____D C:\Users\merta\AppData\Local\My Games
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\MSBuild
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-19 07:48 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-02-19 07:48 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-19 07:48 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-02-19 07:02 - 2017-02-19 07:02 - 00000220 _____ C:\Users\merta\Desktop\Sid Meier's Civilization V.url
2017-02-19 07:01 - 2017-02-19 07:01 - 00000279 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-02-15 17:51 - 2017-02-15 17:51 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 12:19 - 2017-01-14 16:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\Skype
2017-03-11 12:08 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-11 12:07 - 2017-01-14 16:28 - 02793706 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 12:04 - 2017-01-15 17:26 - 00003656 _____ C:\Windows\System32\Tasks\AutoKMS
2017-03-11 12:04 - 2017-01-14 16:29 - 00000000 ____D C:\Users\merta\AppData\Local\MicrosoftEdge
2017-03-11 12:01 - 2017-01-14 18:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 12:00 - 2017-01-15 16:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-11 12:00 - 2017-01-14 16:25 - 00000000 ____D C:\Users\merta
2017-03-11 12:00 - 2016-07-16 00:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-03-11 11:06 - 2017-01-14 18:21 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-10 07:23 - 2017-01-14 18:28 - 00000000 ____D C:\Users\merta\OneDrive\Documents\My Games
2017-03-09 22:10 - 2017-01-15 16:39 - 1055829501 _____ C:\Windows\MEMORY.DMP
2017-03-09 22:10 - 2017-01-15 16:39 - 00000000 ____D C:\Windows\Minidump
2017-03-09 16:14 - 2017-01-14 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-08 15:54 - 2017-01-14 16:26 - 00000000 ____D C:\Users\merta\AppData\Roaming\Adobe
2017-03-06 15:24 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-03 17:43 - 2017-01-14 16:31 - 00000000 ____D C:\Users\merta\AppData\Local\Google
2017-03-01 21:11 - 2017-01-14 16:29 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-01 21:11 - 2017-01-14 16:28 - 00002363 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-01 21:11 - 2017-01-14 16:28 - 00000000 ___RD C:\Users\merta\OneDrive
2017-02-28 22:28 - 2017-01-16 16:05 - 00000000 ____D C:\ProgramData\Origin
2017-02-28 22:23 - 2017-01-16 16:07 - 00000000 ____D C:\Users\merta\AppData\Roaming\Origin
2017-02-25 21:14 - 2017-01-15 23:37 - 00000000 ____D C:\Windows\system32\MRT
2017-02-25 21:13 - 2017-01-15 23:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-25 21:13 - 2016-07-16 05:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-19 15:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\rescache
2017-02-19 07:49 - 2016-07-16 05:45 - 00000000 ____D C:\Windows\INF
2017-02-18 21:31 - 2017-01-15 18:39 - 00000000 ____D C:\Users\merta\AppData\Roaming\discordptb
2017-02-16 17:34 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 17:51 - 2017-01-25 17:12 - 00000945 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-02-14 15:29 - 2017-01-14 17:00 - 00000000 ____D C:\AMD

==================== Files in the root of some directories =======

2017-01-14 19:26 - 2017-01-14 19:26 - 0140288 _____ () C:\Users\merta\AppData\Roaming\Installer.dat
2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\run.txt
2017-01-14 19:25 - 2017-01-14 19:25 - 0000001 _____ () C:\Users\merta\AppData\Local\setupsuccessful.txt
2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\stxtname.txt

Some files in TEMP:
====================
2017-03-08 14:09 - 2017-03-08 14:09 - 0288456 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AAMHelper.exe
2017-03-08 14:06 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AdobeApplicationManager.exe
2017-03-09 22:05 - 2017-03-09 22:05 - 1850711 _____ () C:\Users\merta\AppData\Local\Temp\cpa.exe
2017-02-23 16:44 - 2017-02-15 11:58 - 0223160 _____ () C:\Users\merta\AppData\Local\Temp\EyesLauncher.exe
2017-03-09 22:06 - 2017-03-09 22:06 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\merta\AppData\Local\Temp\fox.exe
2017-01-15 17:19 - 2017-01-15 17:19 - 1066336 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\PidGenX.dll
2017-03-09 16:14 - 2017-03-09 16:14 - 14456872 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\vc_redist.x86.exe
2017-03-09 22:06 - 2017-03-09 22:06 - 0011273 _____ () C:\Users\merta\AppData\Local\Temp\wowrr.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-08 21:01

==================== End of FRST.txt ============================

FRST.txt

Addition.txt

[kevinf80]

Hello mertaugh and welcome to Malwarebytes, The infection you have has a protective rootkit that can only be removed with your system in Safemode, continue with the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" Now boot your system to Safemode, follow the instructions here if needed http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/ NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Boot your system back to Normal mode, continue with the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Next, Download AdwCleaner by Xplode onto your Desktop.   Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin...

fixlist.txt

[mertaugh]

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by merta (11-03-2017 15:29:20) Run:1
Running from C:\Users\merta\Desktop\New folder
Loaded Profiles: merta (Available Profiles: defaultuser0 & merta)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
C:\Program Files (x86)\cpx
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
C:\Program Files (x86)\svcvmx
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION 
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\dataup
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
C:\Program Files (x86)\qdcomsvc
R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION
C:\Users\merta\AppData\Local\Temp\WS
R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
C:\Users\merta\AppData\Local\Temp\20170310
R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
C:\Windows\System32\drivers\drmkpro64.sys
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher
2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData
2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce
2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120
2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842
2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07
2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e
2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028
2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721
2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854
2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0
2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281
2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91
2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48
2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca
2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a
2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f
2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9
2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31
C:\Users\merta\AppData\Local\Temp\wowrr.exe 
FirewallRules: [{DC8E41F0-D624-4A31-9201-4714E5E1BD78}] => (Allow) LPort=50082
FirewallRules: [{54892D3C-6AC3-436C-9E21-7343513D4D03}] => (Allow) LPort=5000
CMD: ipconfig /flushDNS
Hosts:
EmptyTemp:
end
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully
"C:\Program Files (x86)\cpx" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value removed successfully
C:\Program Files (x86)\svcvmx => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\System\CurrentControlSet\Services\Dataup => key removed successfully
Dataup => service removed successfully
C:\Program Files (x86)\dataup => moved successfully
HKLM\System\CurrentControlSet\Services\qdcomsvc => key removed successfully
qdcomsvc => service removed successfully
C:\Program Files (x86)\qdcomsvc => moved successfully
HKLM\System\CurrentControlSet\Services\realtek_amd64 => key removed successfully
realtek_amd64 => service removed successfully
C:\Users\merta\AppData\Local\Temp\WS => moved successfully
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key removed successfully
windowsmanagementservice => service removed successfully
C:\Users\merta\AppData\Local\Temp\20170310 => moved successfully
HKLM\System\CurrentControlSet\Services\drmkpro64 => key removed successfully
drmkpro64 => service removed successfully
C:\Windows\System32\drivers\drmkpro64.sys => moved successfully
C:\Users\merta\AppData\Local\AnonymizerLauncher => moved successfully
C:\Users\merta\.proxycheck => moved successfully
C:\Users\merta\.AnonymizerLauncher => moved successfully
C:\Program Files (x86)\AnonymizerGadget => moved successfully
C:\Users\merta\AppData\Roaming\c => moved successfully
C:\Users\merta\AppData\Roaming\AGData => moved successfully
C:\ProgramData\1489118818 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9 => moved successfully
C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31 => moved successfully
C:\Users\merta\AppData\Local\Temp\wowrr.exe => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC8E41F0-D624-4A31-9201-4714E5E1BD78} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54892D3C-6AC3-436C-9E21-7343513D4D03} => value removed successfully

========= ipconfig /flushDNS =========

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========= End of CMD: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10049986 B
Java, Flash, Steam htmlcache => 221458798 B
Windows/system/drivers => 33301752 B
Edge => 155582133 B
Chrome => 547114965 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 6974 B
NetworkService => -652 B
defaultuser0 => 128 B
merta => 8701249729 B

RecycleBin => 7725623384 B
EmptyTemp: => 16.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Safe Mode (minimal)) (Date&Time: 11-03-2017 15:33:45)

"C:\Windows\System32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.

==== End of Fixlog 15:33:45 ====

[kevinf80]

That log shows the protection rootkit is dealt with, can you post the remaining logs whenever you`re ready..

Thank you,

Kevin..

[mertaugh]

I believe the problem has been resolved thanks for your help. 

[kevinf80]

OK, if you want to close run the following to clean up;

Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked:   Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!