Jump to content

Recommended Posts

Hi guys i think i just contracted this virus. I cant end this task or disable it. I cant even delete the damn file. Ive even tried downloading the rootkit removal program by malwarebytes but it says requested resource is in use. So i gave up wanted to try system restore. Apparently even system restore has been blocked by "requested resource is in use" Now i cant even update or clean anything on my laptop. PLS HELP! Much appreciated.

Link to post
Share on other sites

Hi Blasto123 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Did you follow the instructions and downloaded the MBAR linked in the thread below?

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

Link to post
Share on other sites

21 hours ago, Aura said:

Hi Blasto123 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Did you follow the instructions and downloaded the MBAR linked in the thread below?

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

Apparently this https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ version of the antirootkit worked!

The one I used before was this: https://www.malwarebytes.com/antirootkit/ (Totally got blocked by the virus)

Thank you very much for looking out! Everything seems to be back to normal!!!

Edited by Blasto123
Link to post
Share on other sites

Good to see that it worked :) But we're not out of the woods yet! This infection leaves a lot of remnants behind, so we need to take care of them. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

Link to post
Share on other sites

16 hours ago, Aura said:

Good to see that it worked :) But we're not out of the woods yet! This infection leaves a lot of remnants behind, so we need to take care of them. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

 

Oh, after the rootkit was removed and before you replied i already scanned and deleted all those virus. 

But apparently now i have another problem....

I couldnt update or install my nvidia ge fore experience.

I cant update my computer as well. Am i not suppose to delete those things?

Link to post
Share on other sites

No, you are supposed to delete all the threats Malwarebytes detected, but there's still traces of the infection left. So before we address your other issues, we'll finish with the clean-up first.

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should therefore contain:

  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64 
Ran by Blaster Ice (Administrator) on Fri 12/05/2017 at 17:03:27.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 6 

Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder) 
Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\Mozilla\Firefox\Profiles\user.js (File) 
Successfully deleted: C:\ProgramData\SAvENeWaAppz (Folder)
Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\appdataFr2.bin (File) 
Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\appdataFr25.bin (File) 
Successfully deleted: C:\Users\Blaster Ice\AppData\Roaming\appdataFr3.bin (File) 

Registry: 3 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/05/2017 at 17:07:10.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v6.046 - Logfile created 12/05/2017 at 17:11:34
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-12.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Blaster Ice - ACER
# Running from : C:\Users\Blaster Ice\AppData\Local\Temp\scoped_dir3760_31922\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: 52ba5fc5c8a727b021b159f6775dec5c
[-] Service deleted: DrvAgent64


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Blaster Ice\AppData\Local\llssoft


***** [ Files ] *****

[-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage
[-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
[-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
[-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.startgo123.com_0.localstorage
[-] File deleted: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.startgo123.com_0.localstorage-journal


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: {DFD0CE34-09CA-42FD-AFDE-D4BEF892177A}


***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[#] Key deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer
[#] Key deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
[-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\eSupport.com
[-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\VideoBox
[-] Key deleted: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\VideoBox
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: [x64] HKCU\Software\VideoBox
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-978745593-2217527696-1739433291-1002\Products\363FB0CBBA367FF4E81FEAD0F717B142
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mpc.am
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mpc.am
[#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [livesupport]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon]
[#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
[#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
[#] Value deleted on reboot: HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [cpx]


***** [ Web browsers ] *****

[-] [C:\Users\Blaster Ice\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo
[-] [C:\Users\Blaster Ice\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_16_04_ssg02&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAyEtBtAzzyBtCtDtA0AtDtCzytCyBtCtN0D0Tzu0StCyEzzyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0CtB0ByCyDtDtDtGyE0CtD0BtG0BtBtA0AtGyByCyByEtGyD0DyE0BtC0A0CtCtDtByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyD0F0DtByDyDtG0E0AyBtCtGyEyCzz0BtG0B0DyDtCtG0EyBzztByByBtDyEtB0CtB0B2QtN0A0LzuyE%26cr%3D1791268262%26a%3Dwncy_omxmedia_16_04_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1&uref=chmm
[-] [C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo.com
[-] [C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.mpc.am
[-] [C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_16_04_ssg02&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAyEtBtAzzyBtCtDtA0AtDtCzytCyBtCtN0D0Tzu0StCyEzzyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0CtB0ByCyDtDtDtGyE0CtD0BtG0BtBtA0AtGyByCyByEtGyD0DyE0BtC0A0CtCtDtByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyD0F0DtByDyDtG0E0AyBtCtGyEyCzz0BtG0B0DyDtCtG0EyBzztByByBtDyEtB0CtB0B2QtN0A0LzuyE%26cr%3D1791268262%26a%3Dwncy_omxmedia_16_04_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [83829 Bytes] - [28/02/2016 10:48:15]
C:\AdwCleaner\AdwCleaner[C2].txt - [6381 Bytes] - [12/05/2017 17:11:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [83403 Bytes] - [28/02/2016 10:43:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [5457 Bytes] - [12/05/2017 17:10:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6601 Bytes] ##########

5 hours ago, Aura said:

No, you are supposed to delete all the threats Malwarebytes detected, but there's still traces of the infection left. So before we address your other issues, we'll finish with the clean-up first.

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

 

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

 

Your next reply(ies) should therefore contain:

  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

 

 

Link to post
Share on other sites

Good :) Now let's run FRST to see what's left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Blaster Ice (12-05-2017 20:15:43)
Running from C:\Users\Blaster Ice\Desktop
Windows 8.1 (Update) (X64) (2014-03-30 03:00:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-978745593-2217527696-1739433291-500 - Administrator - Disabled)
Blaster Ice (S-1-5-21-978745593-2217527696-1739433291-1002 - Administrator - Enabled) => C:\Users\Blaster Ice
Guest (S-1-5-21-978745593-2217527696-1739433291-501 - Limited - Enabled) => C:\Users\Guest.acer
UpdatusUser (S-1-5-21-978745593-2217527696-1739433291-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.18.0 - Mirillis)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
BitTorrent (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
DesignDoll (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
FlvPlayer (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\FlvPlayer) (Version: ${VERSION} - ) <==== ATTENTION
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HiAlgo BOOST 5.0 (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\HiAlgoBOOST) (Version: 5.0 - HiAlgo Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kenshi v0.95.34 (HKLM-x32\...\vsetop.com Kenshi v0.95.34_is1) (Version: 0.95.34 - VseTop.Com)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaHuman YouTube to MP3 Converter version 3.9.8.5 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.8.5 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
My.com Game Center (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\MyComGames) (Version: 3.198 - My.com B.V.)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
NBA 2K17 (HKLM\...\Steam App 385760) (Version:  - Visual Concepts)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
osu! (HKLM-x32\...\{4c44c71e-034a-4667-a9dd-1b1a501b2804}) (Version: latest - ppy Pty Ltd)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.6.8.66 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revelation Online (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Revelation Online) (Version: 1.34 - My.com B.V.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Search Protection (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Search Protection) (Version: 8.9.0.1 - Spigot, Inc.) <==== ATTENTION
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
TrinusVR version 2.0.9b (HKLM-x32\...\{A66AD08F-FC5B-4583-9A7D-4636F5637B2C}_is1) (Version: 2.0.9b - Odd Sheep SL)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1467.1 - Microsoft Corporation) Hidden
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-978745593-2217527696-1739433291-1002_Classes\CLSID\{b25e12e0-19d3-4c9a-b245-95ac3d0b1442}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019A3EEC-D33E-45C1-A84C-9803902D519C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {0D478C71-2439-4481-A244-77512BEEEC0A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {0E4F8383-0747-44CC-BB0D-5E5FBFB4496C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {14FB9ADD-1DBB-428E-9E15-F95F7DB51733} - \Driver Detective -> No File <==== ATTENTION
Task: {2DB92FCA-8E92-44D9-8CA6-6CAD8595CF3B} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-500 -> No File <==== ATTENTION
Task: {2FC9630C-C3AE-430F-B167-322639C42E25} - \User_Feed_Synchronization-{771CC023-050F-4237-A636-FF522FD3CCBD} -> No File <==== ATTENTION
Task: {39FB1C93-F232-4131-B730-EF36680235D0} - \WpsUpdateTask_Blaster Ice -> No File <==== ATTENTION
Task: {4D02C793-EAF9-4AD7-99C7-CC501E0A8D98} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-978745593-2217527696-1739433291-1002
Task: {5490CE78-AD7A-4989-ACE3-E1EEC51EF887} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-1004 -> No File <==== ATTENTION
Task: {6912A6E7-F997-4258-A937-1C03701FA90E} - \ALU -> No File <==== ATTENTION
Task: {70FDC81A-61C5-4EEA-BC1A-595A17BD1464} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {7D4784D9-B879-423F-9E2C-5AF96E8AB982} - \Launch Manager -> No File <==== ATTENTION
Task: {7E3A2E4A-EA19-4947-A255-0EEDEC85DE8C} - \AdobeAAMUpdater-1.0-MicrosoftAccount-Blasterkatana@hotmail.com -> No File <==== ATTENTION
Task: {81B1F040-CA6A-432D-8C13-0FBCF967F850} - System32\Tasks\Opera scheduled Autoupdate 1443411411 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {87AFABB3-7801-4071-937A-9ED9548044E1} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {9B3F8CEA-A37E-4640-BA98-EB60B17BF151} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {9BF50FB3-9162-4AEB-AB8F-FDC045263DE3} - \Power Management -> No File <==== ATTENTION
Task: {A09FD551-1AC1-4658-BB3A-EF2C1657FAE2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {A3E2986B-C0E9-42AA-BCF5-2C5162C47313} - \ALUAgent -> No File <==== ATTENTION
Task: {A89D2B37-B297-4235-BFDA-1FBE3D74C1E4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {D09F73A7-CA87-4C52-BF33-C092FEABC077} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {D46DC9B3-7A43-42FC-86EF-951B1DA276C2} - \AcerCloud -> No File <==== ATTENTION
Task: {D4AEF3F9-DDEF-4211-AF62-EEDBBA189BF9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {EA944FEA-448C-41C6-9D9D-12DBEDF3290F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Blaster Ice\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2497052491_en-us.lnk -> hxxp://google.co

==================== Loaded Modules (Whitelisted) ==============

2014-05-13 08:44 - 2014-05-13 08:46 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-09-24 18:20 - 2016-09-24 18:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-05-11 01:56 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-10-24 06:03 - 2016-10-24 06:03 - 00589512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-04-22 08:58 - 2014-08-19 15:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-09-07 04:48 - 2013-09-07 04:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 04:45 - 2013-09-07 04:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 04:52 - 2013-09-07 04:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-10-16 05:39 - 2012-10-16 05:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-11-01 22:12 - 2013-07-30 21:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-04-20 10:11 - 2014-04-20 10:11 - 00225792 _____ () C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
2013-11-01 21:26 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00228864 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00526848 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2015-09-16 02:43 - 2015-09-16 02:43 - 00065688 _____ () C:\Program Files (x86)\HiAlgo\Plugins\BOOST\HookDll.dll
2012-10-16 05:39 - 2012-10-16 05:39 - 00060504 _____ () C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll
2013-11-01 22:12 - 2013-07-30 21:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2017-03-01 15:14 - 2017-03-01 15:14 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll
2017-03-01 15:14 - 2017-03-01 15:14 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll
2017-03-01 15:14 - 2017-03-01 15:14 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll
2017-03-01 15:14 - 2017-03-01 15:14 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-05-11 11:51 - 00003623 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-978745593-2217527696-1739433291-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Blaster Ice\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WTabletServiceCon => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "RazerGameBooster"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "svcvmx"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "SearchProtection"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "LiveSupport"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "BlockNSurf"
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\StartupApproved\Run: => "MyComGames"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{31A7614B-ED1D-4EA5-95D2-3C044F612A0E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3A2F161E-D967-425B-A2EB-3C4AD3961D19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{07E7B8FF-B819-4F3F-BFBF-8F83AD9F5070}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09B1CEFE-9CA0-447D-A442-578F59A5C13D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{92245AA3-FEB9-4AFF-B075-191410E37177}] => (Allow) LPort=8370
FirewallRules: [{5895796F-EFCB-4A75-A26B-BF73EE0E16A4}] => (Allow) LPort=8370
FirewallRules: [TCP Query User{5C78F27C-72C4-4878-B953-44F3293CA87B}C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{399305B6-F163-443B-AC0E-FFC94668F50D}C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\blaster ice\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A0209CA3-DFFD-4265-82BC-29EFB5C8AA85}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B791E4B-DE54-47BB-9D4B-CC59CBB9A2B4}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F602AC3-074E-4BF4-8EB1-EDCE9EEC54B3}] => (Allow) LPort=8370
FirewallRules: [{6388D5F2-189E-45EA-BC26-D52578127881}] => (Allow) LPort=8370
FirewallRules: [{F9FE511E-54AD-4545-B902-50A4381070EB}] => (Allow) LPort=6926
FirewallRules: [{5D8185B8-384F-40F4-B921-1D7313477DFC}] => (Allow) LPort=6926
FirewallRules: [{892C80B9-BCA8-469B-9349-43BCA94EB421}] => (Allow) LPort=6888
FirewallRules: [{6AE4FEF2-8CA0-4520-A552-7AFD86BEBA6D}] => (Allow) LPort=6888
FirewallRules: [{436A32A1-26ED-4308-A1E4-E9420FD21425}] => (Allow) LPort=6884
FirewallRules: [{D6BD0834-4EBB-4306-8A50-5C7E888DF7BF}] => (Allow) LPort=6884
FirewallRules: [TCP Query User{AB946A32-7F87-4715-BA1F-F23E1317253A}C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{45CE7FF9-4461-40A9-9A73-29ECFCDF56EC}C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{03FEA5AA-6FE5-47CF-82A8-D19643461E4A}] => (Allow) LPort=8393
FirewallRules: [{C1955BC6-A212-4B60-93AC-8D45312D8710}] => (Allow) LPort=8393
FirewallRules: [{6A089901-32F0-4D84-89B5-6783AB87D22C}] => (Allow) LPort=8390
FirewallRules: [{C319F948-6B77-4BEB-8A6D-A88AA4D7222F}] => (Allow) LPort=8390
FirewallRules: [{187D40AF-8AFA-4EA5-BCCB-D90D05C5FB97}] => (Allow) LPort=6901
FirewallRules: [{757F8775-F74A-432A-A711-C985A14AEFAF}] => (Allow) LPort=6901
FirewallRules: [{5EE6EAA6-5147-45B4-83D6-1E36660C1136}] => (Allow) LPort=6888
FirewallRules: [{F3E446D2-2471-4A4A-9E88-C43C136F75D8}] => (Allow) LPort=6888
FirewallRules: [{949A003A-6B48-4D1F-911A-87BB3DF6E039}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6BFFB01E-A2CA-4992-8863-DD3F9C12559C}] => (Allow) C:\Users\Blaster Ice\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A0DED0FF-335F-452C-BEA2-53AA2867032C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0E855820-E0FC-4B25-B46C-8917FC7A3F22}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{EAA163DF-183E-4F48-A446-494795DB966C}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{7AC2BB09-EC54-42C6-9224-ABB4DDB90258}] => (Allow) LPort=6925
FirewallRules: [{D7CAC109-3AA9-4FDB-9AC5-C8373E38E3E8}] => (Allow) LPort=6925
FirewallRules: [{4035C23E-D20D-434C-8A75-179B27D28241}] => (Allow) C:\GarenaDownload\Games\cmtw\cmtwInstaller.exe
FirewallRules: [{456F0943-98B5-4CAD-892F-213620E9CAFE}] => (Allow) C:\GarenaDownload\Games\cmtw\cmtwInstaller.exe
FirewallRules: [TCP Query User{9F1B39C7-B72B-4426-911C-93CF0B52BBD7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{60E9C290-63F5-4936-AC01-5A8713835FD3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8EF08833-3F6E-4367-A165-FDFCA58A05C1}] => (Allow) LPort=6996
FirewallRules: [{870D96B4-134B-4C57-A159-B14B1EDE58E5}] => (Allow) LPort=6996
FirewallRules: [{FDD76614-1A7D-4750-905E-F486B699A493}] => (Allow) LPort=6905
FirewallRules: [{60A2BBF3-C970-463D-ACF4-B64B1E6C6C75}] => (Allow) LPort=6905
FirewallRules: [{70F7079C-A6D8-4378-9570-F1F24AE9B632}] => (Allow) LPort=6965
FirewallRules: [{CC3EA7BB-FAA2-4A40-A175-50C33FB26F55}] => (Allow) LPort=6965
FirewallRules: [{0A5A7FB9-AF6C-472B-A1E0-3095E2CB2130}] => (Allow) C:\GarenaDownload\Games\blackshot\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{35637600-2AD0-4E8B-875A-0CC4EF38D711}] => (Allow) C:\GarenaDownload\Games\blackshot\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{E982FEC8-F4E4-4191-A264-EAF625C8EC48}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe
FirewallRules: [{B0D9E8EB-1C4C-4F7C-BD31-AC765DA28398}] => (Allow) C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe

==================== Restore Points =========================

28-04-2017 22:48:29 Installed DirectX
11-05-2017 00:35:03 Malwarebytes Anti-Rootkit Restore Point
11-05-2017 01:48:35 Malwarebytes Anti-Rootkit Restore Point
12-05-2017 17:03:33 JRT Pre-Junkware Removal
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2017 10:01:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACER)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/11/2017 10:01:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACER)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/31/2015 10:29:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.505.2, time stamp: 0x561d10fa
Faulting module name: GTA5.exe, version: 1.0.505.2, time stamp: 0x561d10fa
Exception code: 0xc0000005
Fault offset: 0x0000000001189a34
Faulting process id: 0x2dc
Faulting application start time: 0x01d113e8458a4ce9
Faulting application path: D:\GTAV\steamapps\common\Grand Theft Auto V\GTA5.exe
Faulting module path: D:\GTAV\steamapps\common\Grand Theft Auto V\GTA5.exe
Report Id: c80a6af4-7fdb-11e5-84cb-089e01f27291
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/31/2015 07:35:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1418

Start Time: 01d113cf7878c2bc

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6bd4cd15-7fc3-11e5-84cb-089e01f27291

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/31/2015 07:32:22 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (10/30/2015 04:39:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11a4

Start Time: 01d1135251aa2c05

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 42721f12-7f46-11e5-84ca-089e01f27291

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/30/2015 04:37:27 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (10/29/2015 08:05:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ca4

Start Time: 01d112a5f8dfdbfe

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ec545327-7e99-11e5-84c9-089e01f27291

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/29/2015 08:03:56 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (10/29/2015 06:18:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
The system cannot find the file specified.

Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
The system cannot find the file specified.

Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
The system cannot find the file specified.

Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
The system cannot find the file specified.

Error: (05/11/2017 04:43:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "2" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/11/2017 04:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2015-09-26 22:48:24.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 22:48:22.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 22:48:22.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 22:48:22.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 21:36:32.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 18:11:01.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 16:15:18.926
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 15:49:02.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 15:49:02.428
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2015-09-26 15:49:02.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 37%
Total physical RAM: 8072.27 MB
Available physical RAM: 5041.01 MB
Total Virtual: 74972.27 MB
Available Virtual: 71710.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456.1 GB) (Free:18.72 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.61 GB) (Free:289.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E521D0E0)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Here it is. thx.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Blaster Ice (administrator) on ACER (12-05-2017 20:14:28)
Running from C:\Users\Blaster Ice\Desktop
Loaded Profiles: UpdatusUser & Blaster Ice (Available Profiles: UpdatusUser & Blaster Ice & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(HiAlgo Inc.) C:\Program Files (x86)\HiAlgo\Plugins\BOOST\HiAlgoBOOST.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-01] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Run: [SearchProtection] => "C:\Users\Blaster Ice\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Run: [GarenaPlus] => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\MountPoints2: E - "E:\autorun.exe" 
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [uTorrent] => C:\Users\Blaster Ice\AppData\Roaming\uTorrent\uTorrent.exe [2144448 2017-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [HiAlgoBOOST] => C:\Program Files (x86)\HiAlgo\Plugins\BOOST\HiAlgoBOOST.exe [2118808 2015-09-16] (HiAlgo Inc.)
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Run: [MyComGames] => C:\Users\Blaster Ice\AppData\Local\MyComGames\MyComGames.exe [5377936 2017-05-11] (MY.COM B.V.)
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\MountPoints2: {afccfce6-87db-11e4-8342-089e01f27291} - "E:\iStudio.exe" 
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [173272 2017-01-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [150760 2017-01-20] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{744F671F-7D44-4150-8AD0-5AD8C9305504}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{744F671F-7D44-4150-8AD0-5AD8C9305504}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B32485CB-2004-4221-8CBC-FB22C77CBA83}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B32485CB-2004-4221-8CBC-FB22C77CBA83}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E3AC9A2E-F02C-404C-B1EC-CED294EF8041}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E3AC9A2E-F02C-404C-B1EC-CED294EF8041}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> DefaultScope {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = 
SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1001 -> {FFF837FF-998A-4E97-951E-3A0A8E72BB5D} URL = 
SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1002 -> DefaultScope {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-978745593-2217527696-1739433291-1002 -> {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: a1u1ohdk.default
FF ProfilePath: C:\Users\Blaster Ice\AppData\Roaming\Mozilla\Firefox\Profiles\a1u1ohdk.default [2017-05-11]
FF Extension: (Adblock Plus) - C:\Users\Blaster Ice\AppData\Roaming\Mozilla\Firefox\Profiles\a1u1ohdk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-978745593-2217527696-1739433291-1002: @my.com/Games -> C:\Users\Blaster Ice\AppData\Local\MyComGames\NPMyComDetector.dll [2017-03-16] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-978745593-2217527696-1739433291-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Blaster Ice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-978745593-2217527696-1739433291-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}&trackid=sp-006
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default [2017-05-12]
CHR Extension: (YouTube) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-01]
CHR Extension: (Google Search) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Grammarly for Chrome) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Blaster Ice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-11]

Opera: 
=======
OPR Extension: (Translate) - C:\Users\Blaster Ice\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2016-12-04]
OPR Extension: (Amazon Assistant for Opera) - C:\Users\Blaster Ice\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2017-01-14]
OPR Extension: (Adblock Plus) - C:\Users\Blaster Ice\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1456136 2016-11-27] ()
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-04-10] (EasyAntiCheat Ltd)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-03] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-13] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
S2 Snapdo; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Snapdo\Snapdo.exe [85504 2015-04-30] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-12] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-22] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows (R) Win 7 DDK provider)
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [206080 2014-01-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wacommousefilter; \SystemRoot\System32\drivers\wacommousefilter.sys [X]
S3 wacomvhid; \SystemRoot\System32\drivers\wacomvhid.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-12 20:14 - 2017-05-12 20:15 - 00024106 _____ C:\Users\Blaster Ice\Desktop\FRST.txt
2017-05-12 20:13 - 2017-05-12 20:14 - 00000000 ____D C:\FRST
2017-05-12 20:13 - 2017-05-12 20:13 - 02429440 _____ (Farbar) C:\Users\Blaster Ice\Desktop\FRST64.exe
2017-05-12 17:27 - 2017-05-12 17:27 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-12 17:08 - 2017-05-12 17:08 - 04102600 _____ C:\Users\Blaster Ice\Downloads\adwcleaner_6.046.exe
2017-05-12 17:07 - 2017-05-12 17:21 - 00008147 _____ C:\Users\Blaster Ice\Desktop\asd.txt
2017-05-12 17:07 - 2017-05-12 17:07 - 00001423 _____ C:\Users\Blaster Ice\Desktop\JRT.txt
2017-05-12 17:02 - 2017-05-12 17:02 - 04089296 _____ C:\Users\Blaster Ice\Downloads\AdwCleaner.exe
2017-05-12 17:02 - 2017-05-12 17:02 - 01663672 _____ (Malwarebytes) C:\Users\Blaster Ice\Downloads\JRT.exe
2017-05-11 22:15 - 2017-05-11 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-11 21:46 - 2017-05-11 21:46 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\NVIDIA
2017-05-11 21:28 - 2017-05-11 21:28 - 86191168 _____ (NVIDIA Corporation) C:\Users\Blaster Ice\Downloads\GeForce_Experience_v3.6.0.74.exe
2017-05-11 20:17 - 2017-05-03 11:41 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-05-11 18:17 - 2017-05-12 17:27 - 00102828 _____ C:\Windows\ntbtlog.txt
2017-05-11 18:13 - 2017-05-11 18:14 - 32823032 _____ (Tweaking.com) C:\Users\Blaster Ice\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-05-11 17:08 - 2017-05-11 17:08 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-11 01:56 - 2017-05-11 16:39 - 00002000 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-11 01:56 - 2017-05-11 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-11 01:56 - 2017-05-11 01:56 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-11 01:56 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-10 22:43 - 2017-05-12 17:18 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-10 22:43 - 2017-05-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-10 22:43 - 2017-05-11 01:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-10 22:42 - 2017-05-11 18:11 - 00000000 ____D C:\Users\Blaster Ice\Desktop\123
2017-05-10 19:01 - 2017-05-10 19:01 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Blaster Ice\Downloads\mbar-1.09.3.1001.exe
2017-05-10 18:45 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-05-10 18:45 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-05-10 18:45 - 2017-05-03 16:21 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-05-08 23:59 - 2017-05-08 23:59 - 00001771 _____ C:\Users\Blaster Ice\Desktop\Unleash the hair-48-v1.rar
2017-05-08 19:07 - 2017-05-08 19:07 - 60107896 _____ (Malwarebytes ) C:\Users\Blaster Ice\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-08 18:57 - 2017-05-11 16:34 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\dtdkdz
2017-05-08 18:57 - 2017-05-11 12:11 - 00001053 _____ C:\Windows\SysWOW64\splsrv.exe
2017-05-08 18:57 - 2017-05-08 18:57 - 00000000 ____D C:\Windows\acer
2017-05-08 18:57 - 2017-05-08 18:57 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\c
2017-05-08 18:57 - 2017-05-08 18:57 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\reazbg
2017-05-06 20:50 - 2017-05-06 20:50 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\SmartSteamEmu
2017-05-06 20:30 - 2017-05-06 20:30 - 00001662 _____ C:\Users\Public\Desktop\Kenshi.lnk
2017-05-06 20:13 - 2017-05-06 20:13 - 00000000 ____D C:\Games
2017-05-06 19:17 - 2017-05-06 19:29 - 00000000 ____D C:\Users\Blaster Ice\Downloads\Kenshi_v0.95.34
2017-05-06 19:16 - 2017-05-06 19:16 - 00014725 _____ C:\Users\Blaster Ice\Desktop\Kenshi.v0.95.34.torrent
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N (TOSHIBA CORPORATION) C:\Windows\system32\tprdpw64.exe
2017-04-27 17:23 - 2017-04-28 19:12 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-23 18:47 - 2017-05-12 17:19 - 00003026 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-04-23 18:43 - 2017-04-23 18:43 - 00001062 _____ C:\Users\Blaster Ice\Desktop\MSI Afterburner.lnk
2017-04-23 18:41 - 2017-04-23 18:41 - 40376862 _____ C:\Users\Blaster Ice\Downloads\MSIAfterburnerSetup.zip
2017-04-23 18:29 - 2017-04-23 18:29 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\office6
2017-04-23 16:17 - 2017-04-23 16:17 - 00370064 _____ C:\Users\Blaster Ice\Desktop\cc_20170423_161657.reg
2017-04-12 20:28 - 2017-04-12 20:28 - 00883996 _____ C:\Users\Blaster Ice\Downloads\MTS_DmitryMalfatto_1575387_ModConflictDetector8337.zip
2017-04-12 20:28 - 2017-04-12 20:28 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\Malfatto Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-12 19:57 - 2015-08-02 10:59 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-05-12 19:53 - 2017-01-03 00:59 - 00000000 ____D C:\Users\Blaster Ice\Desktop\osu
2017-05-12 17:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2017-05-12 17:33 - 2016-07-28 15:19 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-1002
2017-05-12 17:27 - 2016-11-26 02:06 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-12 17:27 - 2016-11-26 02:06 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-12 17:27 - 2016-11-26 02:06 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-12 17:27 - 2016-11-26 02:06 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-12 17:27 - 2016-11-26 02:06 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-12 17:27 - 2015-10-31 13:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-12 17:27 - 2013-11-01 21:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-12 17:27 - 2013-11-01 21:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-12 17:27 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2017-05-12 17:26 - 2015-10-31 13:40 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\NVIDIA
2017-05-12 17:26 - 2013-11-01 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-12 17:21 - 2014-09-20 23:28 - 00000000 __RDO C:\Users\Blaster Ice\OneDrive
2017-05-12 17:17 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-12 17:11 - 2016-02-28 10:43 - 00000000 ____D C:\AdwCleaner
2017-05-12 00:58 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-11 22:13 - 2015-10-31 13:41 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\NVIDIA Corporation
2017-05-11 22:03 - 2014-04-04 02:47 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\CrashDumps
2017-05-11 21:31 - 2017-03-16 20:11 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\MyComGames
2017-05-11 20:41 - 2015-10-14 21:24 - 00000000 ____D C:\Users\Guest.acer
2017-05-11 19:55 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Help
2017-05-11 16:46 - 2015-09-16 08:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-11 16:37 - 2013-11-01 21:30 - 00000000 ____D C:\Users\UpdatusUser
2017-05-11 16:34 - 2014-03-29 23:00 - 00000000 ____D C:\Users\Blaster Ice
2017-05-11 11:12 - 2014-09-04 06:57 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2017-05-11 01:56 - 2014-10-22 04:40 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-10 23:31 - 2016-10-30 23:03 - 00004430 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-10 23:31 - 2016-10-30 23:03 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 23:31 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 23:31 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 18:46 - 2014-03-30 08:25 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-05-08 23:27 - 2014-03-30 00:10 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\uTorrent
2017-05-03 15:28 - 2016-12-17 15:03 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-04-29 14:00 - 2014-03-29 11:19 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\Warframe
2017-04-27 17:21 - 2015-10-31 08:24 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\PC_Drivers_Headquarters
2017-04-27 17:21 - 2013-11-01 22:08 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-04-27 17:18 - 2017-01-01 03:40 - 00000000 ____D C:\Program Files\COMODO
2017-04-27 17:18 - 2014-09-24 02:19 - 00000000 ____D C:\ProgramData\SaVeNeWaAppzu
2017-04-27 17:17 - 2014-04-06 00:58 - 00000000 ____D C:\ProgramData\GreenApp
2017-04-26 18:47 - 2013-08-22 10:44 - 04976640 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-24 18:52 - 2016-08-06 19:44 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\.minecraft
2017-04-23 18:30 - 2015-09-26 21:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-23 18:29 - 2014-03-29 23:11 - 00000000 ____D C:\Users\Blaster Ice\AppData\Local\Kingsoft
2017-04-23 16:10 - 2014-04-12 07:40 - 00000000 ____D C:\Users\Blaster Ice\Desktop\IMH
2017-04-23 15:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2017-04-23 13:23 - 2014-05-04 09:11 - 00000000 ____D C:\Users\Blaster Ice\AppData\LocalLow\Adobe
2017-04-23 13:23 - 2014-04-21 06:03 - 00000000 ____D C:\Users\Blaster Ice\Desktop\phs
2017-04-18 23:22 - 2014-04-25 23:43 - 00000000 ____D C:\Users\Blaster Ice\AppData\Roaming\HandBrake
2017-04-17 23:38 - 2016-03-04 19:03 - 00000000 ____D C:\Users\Blaster Ice\Desktop\[Mikuni Mizuki] Akujo Kousatsu Ch. 2
2017-04-15 21:26 - 2016-06-24 20:04 - 00000000 ____D C:\Users\Blaster Ice\Desktop\Drawings
2017-04-12 16:40 - 2015-09-23 16:25 - 00000000 ____D C:\Users\Blaster Ice\Desktop\sims mod

==================== Files in the root of some directories =======

2016-04-26 17:58 - 2016-04-26 17:58 - 0000112 _____ () C:\Users\Blaster Ice\AppData\Roaming\JP2K CS6 Prefs
2015-09-22 19:55 - 2016-07-17 11:59 - 0000001 _____ () C:\Users\Blaster Ice\AppData\Roaming\update.dat
2014-03-30 02:17 - 2016-01-25 20:36 - 0000098 _____ () C:\Users\Blaster Ice\AppData\Roaming\WB.CFG
2016-07-28 15:04 - 2016-07-28 15:04 - 0127640 _____ () C:\Users\Blaster Ice\AppData\Local\21563256.exe
2016-07-28 15:04 - 2016-07-28 15:04 - 0034157 _____ () C:\Users\Blaster Ice\AppData\Local\42874.exe
2014-04-05 03:10 - 2014-04-05 03:10 - 0007606 _____ () C:\Users\Blaster Ice\AppData\Local\Resmon.ResmonCfg
2016-04-22 20:05 - 2016-04-22 20:07 - 0000000 _____ () C:\Users\Blaster Ice\AppData\Local\{F3B23641-B260-476E-BDFA-CE9F1A2A4202}
2013-11-01 21:42 - 2013-11-01 21:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-17 16:14 - 2017-02-03 14:55 - 0008442 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-17 16:14 - 2017-02-01 00:35 - 0004984 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-05-08 18:57 - 2017-05-08 18:57 - 7761920 _____ (Disc Soft Ltd) C:\Users\Blaster Ice\AppData\Local\Temp\component.exe
2016-08-16 03:48 - 2016-08-16 03:48 - 0488960 _____ () C:\Users\Blaster Ice\AppData\Local\Temp\sqlite3.exe
2017-05-08 18:57 - 2017-05-08 18:57 - 1199825 _____ () C:\Users\Blaster Ice\AppData\Local\Temp\unins000.exe
2017-05-08 18:57 - 2017-05-08 18:57 - 0597261 _____ (VideoBox                                                    ) C:\Users\Blaster Ice\AppData\Local\Temp\vbsetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-29 03:47

==================== End of FRST.txt ============================

Link to post
Share on other sites

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • FlvPlayer
  • Search Protection


If you have an issue when uninstalling a program, please let me know.

There isn't much left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

How's your system behaving now? Any other issues that needs to be addressed?

fixlist.txt

Link to post
Share on other sites

In that case, before running the FRST fix I provided, follow the instructions below.

EndqYRa.pngRegistry - Export Uninstall Keys

  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the following commands, one after the other. You'll know when you're ready to input the next command when a new line with a blinking cursor will appear under the precedent one:
    Note: You can copy and paste these commands instead of typing them. To copy a command inside the command prompt, move your mouse over the blinking cursor, right-click and select Paste. You must have copied the command prior to that (via Ctrl + C or left-click and Copy).
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall64.txt"
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall32.txt"
    
  • Once you're done running the commands, two files will have appeared on your desktop:
    • hklm_uninstall32.txt
    • hklm_uninstall64.txt
  • Create a new folder on your Desktop and move both files inside it. Once done, archive (.zip) the folder (right-click on it, select Send to... and select Compressed archive (.zip));
  • Attach the .zip file in your next reply;

Link to post
Share on other sites

On 5/18/2017 at 0:14 PM, Aura said:

It looks like I missed your reply. Please go on with the FRST fix that I posted (after the instructions to uninstall both programs). We'll get back at these later.

Is it normal for the fix to last for a few hrs? Its been fixing for like 2hrs. Am i allowed to use other program or play games during the mean time?

Link to post
Share on other sites

2 hours ago, Aura said:

You can close FRST. Can you open the fixlog.txt, and copy/paste its content here?

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Blaster Ice (19-05-2017 17:50:36) Run:1
Running from C:\Users\Blaster Ice\Desktop
Loaded Profiles: UpdatusUser & Blaster Ice (Available Profiles: UpdatusUser & Blaster Ice & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\Run: [SearchProtection] => "C:\Users\Blaster Ice\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKU\S-1-5-21-978745593-2217527696-1739433291-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden

Task: {14FB9ADD-1DBB-428E-9E15-F95F7DB51733} - \Driver Detective -> No File <==== ATTENTION
Task: {2DB92FCA-8E92-44D9-8CA6-6CAD8595CF3B} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-500 -> No File <==== ATTENTION
Task: {2FC9630C-C3AE-430F-B167-322639C42E25} - \User_Feed_Synchronization-{771CC023-050F-4237-A636-FF522FD3CCBD} -> No File <==== ATTENTION
Task: {39FB1C93-F232-4131-B730-EF36680235D0} - \WpsUpdateTask_Blaster Ice -> No File <==== ATTENTION
Task: {5490CE78-AD7A-4989-ACE3-E1EEC51EF887} - \Optimize Start Menu Cache Files-S-1-5-21-978745593-2217527696-1739433291-1004 -> No File <==== ATTENTION
Task: {6912A6E7-F997-4258-A937-1C03701FA90E} - \ALU -> No File <==== ATTENTION
Task: {7D4784D9-B879-423F-9E2C-5AF96E8AB982} - \Launch Manager -> No File <==== ATTENTION
Task: {7E3A2E4A-EA19-4947-A255-0EEDEC85DE8C} - \AdobeAAMUpdater-1.0-MicrosoftAccount-Blasterkatana@hotmail.com -> No File <==== ATTENTION
Task: {9BF50FB3-9162-4AEB-AB8F-FDC045263DE3} - \Power Management -> No File <==== ATTENTION
Task: {A3E2986B-C0E9-42AA-BCF5-2C5162C47313} - \ALUAgent -> No File <==== ATTENTION
Task: {D46DC9B3-7A43-42FC-86EF-951B1DA276C2} - \AcerCloud -> No File <==== ATTENTION

IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-978745593-2217527696-1739433291-1002\...\driversupport.com -> hxxps://apps.driversupport.com

HKLM\...\StartupApproved\Run32: => "svcvmx"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "SearchProtection"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-978745593-2217527696-1739433291-1001\...\StartupApproved\Run: => "BlockNSurf"

C:\ProgramData\GreenApp
C:\ProgramData\SaVeNeWaAppzu
C:\ProgramData\ntuser.pol
C:\Users\Blaster Ice\AppData\Local\{F3B23641-B260-476E-BDFA-CE9F1A2A4202}
C:\Users\Blaster Ice\AppData\Local\dtdkdz
C:\Users\Blaster Ice\AppData\Local\reazbg
C:\Users\Blaster Ice\AppData\Local\21563256.exe
C:\Users\Blaster Ice\AppData\Local\42874.exe
C:\Users\Blaster Ice\AppData\Roaming\c
C:\Users\Blaster Ice\AppData\Roaming\Search Protection
C:\Windows\SysWOW64\splsrv.exe
C:\Windows\system32\tprdpw64.exe

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
 

Link to post
Share on other sites

2 hours ago, Aura said:

Alright, boot in Safe Mode, and see if the fix goes through from there (you'll need to re-download the fixlist.txt).

http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10

I restarted in safe mode,i couldnt find FRST and the fix file so i tryed to download it agn, but apparently internet connection is disabled in safe mode.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.