Jump to content

Infected PC mostly adware + Trojan Perhaps RAT


Recommended Posts

Hello Brian here, My PC is infected with a lot of adware and perhaps a RAT because It just keeps coming. I would like help removing the nagware adware and Trojans on my pc as a MB scan wasn't enough. here are the logs.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2017 01
Ran by Asriel (administrator) on DESKTOP-HBSKNLC (10-06-2017 10:03:58)
Running from C:\Users\getme\Downloads
Loaded Profiles: Asriel &  (Available Profiles: Asriel & Summa)
Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Hammer & Chisel, Inc.) C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe
(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe
(Hammer & Chisel, Inc.) C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73}\5880A280-EF2B-152B-AF46-AEB293F45386.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-31] (Intel Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\RunOnce: [Gahicokub] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\PROGRA~1\COMMON~1\UPDATE~1\Temere.dat"
HKLM\...\RunOnce: [Faceten] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\Users\getme\AppData\Local\61DF03~1\Coregun.dat"
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_5XFF436B8] => C:\Program Files\Windows Multimedia Platform\7O13VPTSFNF2SB8N43RKN62JPAWC8RZBH12D0ARI0L4A3BH\V5uSYHwECd.exe [263168 2017-06-09] ()
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Discord] => C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [41728608 2017-05-23] (VoipConnect)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [ApowersoftScreenRecorder] => C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe /autoStart
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [isMiner V 1.9] => C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe [2976256 2017-06-09] (isMiner worker and updater for windows of isMiner inc ) <===== ATTENTION
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [WH&BOZEU4s.exe] => C:\Program Files\Nox\5Q2RGBIBKDIPAT0ZKB6IQ89WTL\WH&BOZEU4s.exe [260608 2017-06-09] ()
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [WBA3KhwG.exe] => C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56\WBA3KhwG.exe [260608 2017-06-09] ()
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Run: [Hg170bDREkIr6k.exe] => C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe [260608 2017-06-10] () <===== ATTENTION
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\MountPoints2: {e41d0151-04cc-11e7-8331-b986e4ce4c51} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Discord] => C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [41728608 2017-05-23] (VoipConnect)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [ApowersoftScreenRecorder] => C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe /autoStart
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [isMiner V 1.9] => C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe [2976256 2017-06-09] (isMiner worker and updater for windows of isMiner inc ) <===== ATTENTION
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [WH&BOZEU4s.exe] => C:\Program Files\Nox\5Q2RGBIBKDIPAT0ZKB6IQ89WTL\WH&BOZEU4s.exe [260608 2017-06-09] ()
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [WBA3KhwG.exe] => C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56\WBA3KhwG.exe [260608 2017-06-09] ()
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Run: [Hg170bDREkIr6k.exe] => C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe [260608 2017-06-10] () <===== ATTENTION
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\MountPoints2: {e41d0151-04cc-11e7-8331-b986e4ce4c51} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Discord] => C:\Users\getme\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [41728608 2017-05-23] (VoipConnect)
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [ApowersoftScreenRecorder] => C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe /autoStart
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [isMiner V 1.9] => C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe [2976256 2017-06-09] (isMiner worker and updater for windows of isMiner inc ) <===== ATTENTION
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [WH&BOZEU4s.exe] => C:\Program Files\Nox\5Q2RGBIBKDIPAT0ZKB6IQ89WTL\WH&BOZEU4s.exe [260608 2017-06-09] ()
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [WBA3KhwG.exe] => C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56\WBA3KhwG.exe [260608 2017-06-09] ()
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Run: [Hg170bDREkIr6k.exe] => C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe [260608 2017-06-10] () <===== ATTENTION
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\MountPoints2: {e41d0151-04cc-11e7-8331-b986e4ce4c51} - "E:\LaunchU3.exe" -a
Startup: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2017-03-08]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files\Nexon\Nexon Launcher\nexon_launcher.exe (No File)
Startup: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nехоn Launсher.lnk [2017-06-06]
ShortcutTarget: Nехоn Launсher.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File)
GroupPolicy: Restriction ? <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{045c18ac-3393-40a4-9cf8-77fb29d96f8e}: [NameServer] 10.9.0.1
Tcpip\..\Interfaces\{174ec0ab-a478-4c7a-b75d-e1db9e2ccd73}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{174ec0ab-a478-4c7a-b75d-e1db9e2ccd73}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{30227a00-898d-482f-b6e9-f08b8adc1324}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{30227a00-898d-482f-b6e9-f08b8adc1324}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{6cb359cb-f98d-4524-a84e-eba04fcfde5c}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561166183&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561207548&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561207548&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131415114561207548&GUID=ED7255AC-8E9A-4A6A-AB84-4DC31582827E
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-27] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001 -> hxxps://www.google.com/
 
FireFox:
========
FF DefaultProfile: qdjgz72c.default-1495056405566
FF ProfilePath: C:\Users\getme\AppData\Roaming\Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566 [2017-05-27]
FF Homepage: Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566 -> user_pref("browser.startup.homepage","hxxp://pesonal-spage.com/sall2/");
FF Extension: (Firefox OnBoard) - C:\Users\getme\AppData\Roaming\Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566\Extensions\@onboard-v2 [2017-05-17]
FF Extension: (DuckDuckGo Plus) - C:\Users\getme\AppData\Roaming\Mozilla\Firefox\Profiles\qdjgz72c.default-1495056405566\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-05-19]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\duckduckgo.xml [2017-03-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-27] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001: @citrixonline.com/appdetectorplugin -> C:\Users\getme\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001: @nsroblox.roblox.com/launcher -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696: @citrixonline.com/appdetectorplugin -> C:\Users\getme\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696: @nsroblox.roblox.com/launcher -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696: @nsroblox.roblox.com/launcher64 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777: @citrixonline.com/appdetectorplugin -> C:\Users\getme\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777: @nsroblox.roblox.com/launcher -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777: @nsroblox.roblox.com/launcher64 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default [2017-05-12]
CHR Extension: (Google Slides) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-08]
CHR Extension: (Google Docs) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08]
CHR Extension: (Google Drive) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (Skype Calling) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-03-08]
CHR Extension: (YouTube) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Google Sheets) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-08]
CHR Extension: (Instant Translate: Select and Translate) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2017-05-12]
CHR Extension: (Hotspot Shield VPN Proxy – Unblock Sites) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\getme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [428056 2017-03-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [406040 2017-03-03] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [453144 2017-03-03] (BlueStack Systems, Inc.)
R3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-05-03] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83384 2014-12-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [97208 2014-12-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90552 2014-12-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-05-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 ovpnagent; C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-29] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2017-04-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
S2 3a6505d76c4845ab634ee923daa42779; "C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 03ae9eb10bed1bc45673bb2f788455cf; C:\WINDOWS\system32\drivers\03ae9eb10bed1bc45673bb2f788455cf.sys [58648 2017-06-05] (3TZGHS) <==== ATTENTION
S3 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [139360 2017-03-03] (BlueStack Systems)
S3 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2017-03-03] (Bluestack System Inc. )
R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2015-10-30] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [463360 2015-06-23] (Intel Corporation)
S3 cpuz140; C:\Users\getme\AppData\Local\Temp\cpuz140\cpuz140_x32.sys [44352 2017-04-17] (CPUID)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44472 2014-12-31] (Intel Corporation)
S3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [25528 2014-12-31] (Intel Corporation)
S3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [28088 2014-12-31] (Intel Corporation)
S3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [36280 2014-12-31] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [80824 2014-12-31] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [182200 2014-12-31] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-12-24] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-12-24] (Disc Soft Ltd)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2015-06-23] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2015-06-23] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [62464 2015-06-23] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2015-06-23] (Intel Corporation)
R3 IDTP9145; C:\WINDOWS\System32\drivers\IDTP9145.sys [32256 2015-06-23] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
R3 kxspb; C:\WINDOWS\System32\drivers\kxspb.sys [34272 2015-06-23] (Kionix, Inc.)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [57256 2017-03-05] (Visicom Media Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220576 2017-06-10] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2015-06-23] (Intel Corporation)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv.sys [30456 2014-12-28] (Visicom Media Inc.)
R1 MpKsl1d592cca; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7BE08A90-F9F2-49AD-A543-6775C2AA2D2F}\MpKsl1d592cca.sys [39168 2017-06-10] (Microsoft Corporation)
R1 MpKsl31a8d6b9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F99FB46-0C8C-4BA3-9C57-3214FF351A10}\MpKsl31a8d6b9.sys [39168 2017-06-09] (Microsoft Corporation)
R1 MpKsl414632a0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16B61E52-7DE7-4D2A-BFB9-C3B70D1BD2E2}\MpKsl414632a0.sys [39168 2017-06-09] (Microsoft Corporation)
R1 MpKsl6308d261; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E176A64D-6C3F-4879-B816-FB8CE4F545B5}\MpKsl6308d261.sys [39168 2017-06-06] (Microsoft Corporation)
R1 MpKslb3ed8527; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{542E621D-9479-413B-BF16-B9AD0086C4E6}\MpKslb3ed8527.sys [39168 2017-06-08] (Microsoft Corporation)
R1 MpKslf800fa61; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F99FB46-0C8C-4BA3-9C57-3214FF351A10}\MpKslf800fa61.sys [39168 2017-06-09] (Microsoft Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.)
R3 ov2680; C:\WINDOWS\System32\drivers\ov2680.sys [40960 2015-06-23] (Intel Corporation)
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [23040 2016-06-15] (The OpenVPN Project)
S3 RT-USB; C:\WINDOWS\system32\drivers\RT-USB.SYS [80256 2014-05-12] (Ross-Tech LLC)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [185560 2015-06-23] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [544000 2015-05-21] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [3090944 2015-10-30] (Realtek Semiconductor Corporation                           )
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [30848 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [184192 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [184192 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [61696 2015-12-13] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [184192 2015-12-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [23296 2015-12-13] (DEVGURU Co., LTD.)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2015-06-23] (Intel Corporation)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [42400 2016-08-02] (USBPcap)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [112920 2017-03-15] (Oracle Corporation)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx86.sys [54696 2017-04-17] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
R1 YSDrv; C:\Program Files\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys [220432 2017-06-01] (BigNox Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-05-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-05-11] (Zemana Ltd.)
S3 CrucialSMBusScan; \??\C:\Users\getme\AppData\Local\Temp\CrucialSMBusScan_V32.sys [X]
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-10 10:03 - 2017-06-10 10:05 - 00030604 _____ C:\Users\getme\Downloads\FRST.txt
2017-06-10 10:03 - 2017-06-10 10:03 - 01775104 _____ (Farbar) C:\Users\getme\Downloads\FRST.exe
2017-06-10 10:03 - 2017-06-10 10:03 - 00000000 ____D C:\FRST
2017-06-10 09:49 - 2017-06-10 09:49 - 00000000 _____ C:\Users\getme\Downloads\directads.js
2017-06-10 09:24 - 2017-06-10 09:24 - 00000000 ____D C:\ProgramData\918562c62d514939a55f7c4f15229e41
2017-06-09 19:47 - 2017-06-09 19:47 - 00000000 ____D C:\Users\getme\AppData\Roaming\d31bde2d63e5464599edbdbb78da2b56
2017-06-09 19:47 - 2017-06-09 19:47 - 00000000 ____D C:\Users\getme\AppData\Local\e72126a493d24956be7cb3c8594edb2f
2017-06-09 15:50 - 2017-06-09 15:50 - 00000962 _____ C:\Users\getme\Desktop\Google Chrome.lnk
2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\c50cb8dd-6013-0
2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\c50cb8dd-0987-1
2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\a25d8c00
2017-06-09 13:17 - 2017-06-09 13:17 - 00000000 ____D C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73}
2017-06-09 13:16 - 2017-06-09 13:16 - 00000000 ____D C:\ProgramData\{792b2320-312c-0}
2017-06-09 13:16 - 2017-06-09 13:16 - 00000000 ____D C:\ProgramData\{23b74da3-312c-1}
2017-06-09 13:13 - 2017-06-09 13:13 - 00000000 ____D C:\Program Files\ScreenShared
2017-06-09 13:10 - 2017-06-10 09:25 - 00000294 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2017-06-09 13:10 - 2017-06-09 15:42 - 00000294 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2017-06-09 13:08 - 2017-06-09 13:29 - 00000000 ____D C:\ProgramData\631cd7a4-5dc7-1
2017-06-09 13:06 - 2017-06-09 15:43 - 00000000 ____D C:\Users\getme\AppData\Roaming\System Healer
2017-06-09 13:06 - 2017-06-09 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-06-09 13:04 - 2017-06-10 09:25 - 00000000 ____D C:\Users\getme\AppData\Roaming\isMiner
2017-06-09 13:00 - 2017-06-09 13:06 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-06-09 12:55 - 2017-06-09 13:28 - 00000000 ____D C:\Users\getme\AppData\Local\InetInfo
2017-06-08 01:13 - 2013-11-17 12:37 - 00000000 ____D C:\Users\getme\Desktop\rule34_downloader_win
2017-06-08 01:12 - 2017-06-08 01:13 - 09020383 _____ C:\Users\getme\Downloads\rule34_downloader_win.zip
2017-06-06 20:12 - 2017-06-06 20:12 - 00004001 _____ C:\Users\getme\lol.mid
2017-06-06 20:00 - 2017-06-06 20:00 - 00000000 _____ C:\Users\getme\Desktop\Stiupid.txt
2017-06-06 19:02 - 2017-06-06 19:02 - 00001151 _____ C:\Users\Public\Desktop\XSplit Gamecaster.lnk
2017-06-06 19:02 - 2017-06-06 19:02 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2017-06-06 19:02 - 2017-06-06 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2017-06-06 19:02 - 2017-06-06 19:02 - 00000000 ____D C:\Program Files\SplitmediaLabs
2017-06-06 19:00 - 2017-06-06 19:00 - 00000000 ____D C:\Users\getme\AppData\Roaming\SplitmediaLabs
2017-06-06 18:33 - 2017-06-06 19:00 - 76332328 _____ (SplitmediaLabs) C:\Users\getme\Downloads\XSplit_Gamecaster_2.9.1701.1621.exe
2017-06-06 17:35 - 2017-06-10 09:24 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-06 17:35 - 2017-06-06 17:35 - 00002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-06 17:35 - 2017-06-06 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-06 17:35 - 2017-05-25 11:58 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-06-06 17:34 - 2017-06-06 17:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-06 17:34 - 2017-06-06 17:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-06 17:26 - 2017-06-06 17:34 - 64232976 _____ (Malwarebytes ) C:\Users\getme\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-06 17:23 - 2017-06-06 17:23 - 00000020 ___SH C:\Users\Summa\ntuser.ini
2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\My Documents
2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\Documents\My Videos
2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\Documents\My Pictures
2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 _SHDL C:\Users\Summa\Documents\My Music
2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 ____D C:\Users\Summa\AppData\Local\VirtualStore
2017-06-06 17:23 - 2017-06-06 17:23 - 00000000 ____D C:\Users\Summa
2017-06-06 17:10 - 2017-06-09 12:55 - 00000000 ____D C:\ProgramData\WindowsVideoErrorReporting
2017-06-06 17:10 - 2017-06-06 18:17 - 00000000 ____D C:\Users\getme\AppData\Local\llssoft
2017-06-06 17:10 - 2017-05-29 16:20 - 00000193 _____ C:\Users\getme\Desktop\Download Video and Audio Online.url
2017-06-06 17:05 - 2017-06-06 18:17 - 00000000 ____D C:\Users\getme\AppData\Local\ntuserlitelist
2017-06-06 17:05 - 2017-06-06 17:05 - 00000000 ____D C:\Users\getme\AppData\Roaming\c
2017-06-06 17:05 - 2017-06-06 17:05 - 00000000 ____D C:\Users\getme\AppData\Local\xqqqj
2017-06-06 17:03 - 2017-06-06 17:03 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_1.2.4_Full_Crack.iso
2017-06-06 17:00 - 2017-06-06 17:00 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_Crack_Free_Download.iso
2017-06-06 17:00 - 2017-06-06 17:00 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_Crack_Free_Download (2).iso
2017-06-06 17:00 - 2017-06-06 17:00 - 00851968 _____ C:\Users\getme\Downloads\Apowersoft_Screen_Capture_Pro_Crack_Free_Download (1).iso
2017-06-06 16:58 - 2017-06-06 16:58 - 00001443 _____ C:\Users\Public\Desktop\AceThinker Screen Grabber Pro.lnk
2017-06-06 16:58 - 2017-06-06 16:58 - 00000000 ____D C:\Users\getme\Documents\AceThinker
2017-06-06 16:58 - 2017-06-06 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AceThinker
2017-06-06 16:57 - 2017-06-06 16:57 - 00000000 ____D C:\Users\getme\AppData\Roaming\Apowersoft
2017-06-06 16:55 - 2017-06-06 16:57 - 17030464 _____ (AceThinker Limited ) C:\Users\getme\Downloads\screen-grabber-pro.exe
2017-06-06 16:19 - 2017-06-06 16:19 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-06-06 16:19 - 2017-06-06 16:19 - 00001096 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-06-06 16:18 - 2017-06-06 16:20 - 00000000 ____D C:\Users\getme\AppData\Local\paint.net
2017-06-06 16:18 - 2017-06-06 16:19 - 00000000 ____D C:\Program Files\paint.net
2017-06-06 16:17 - 2017-04-16 17:26 - 07094520 _____ C:\Users\getme\Desktop\paint.net.4.0.16.install.exe
2017-06-06 16:15 - 2017-06-06 16:17 - 07067928 _____ C:\Users\getme\Downloads\paint.net.4.0.16.install.zip
2017-06-06 16:03 - 2017-06-06 16:03 - 00000122 _____ C:\Users\getme\Desktop\Welcome.vbs
2017-06-06 16:03 - 2017-06-06 16:03 - 00000122 _____ C:\Users\getme\Desktop\Welcome.txt
2017-06-06 07:33 - 2017-06-06 17:16 - 00000000 ____D C:\Users\getme\Desktop\Txt files
2017-06-06 07:28 - 2017-06-06 07:28 - 00000000 ____D C:\Users\getme\.hydrogen
2017-06-06 07:27 - 2017-06-06 07:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hydrogen - 0.9.7
2017-06-05 19:00 - 2017-06-05 19:00 - 00058648 _____ (3TZGHS) C:\WINDOWS\system32\Drivers\03ae9eb10bed1bc45673bb2f788455cf.sys
2017-06-05 19:00 - 2017-06-05 19:00 - 00037160 _____ C:\WINDOWS\uninstaller.dat
2017-06-03 11:45 - 2017-06-03 11:45 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Drummer Trial
2017-06-03 11:45 - 2017-06-03 11:45 - 00000000 ____D C:\Users\getme\AppData\Local\Benetrue
2017-06-02 21:54 - 2017-06-10 10:05 - 00093344 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-02 21:54 - 2017-06-10 10:05 - 00062416 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-02 15:29 - 2017-06-02 15:36 - 00000000 ____D C:\Users\getme\AppData\Roaming\VoipConnect
2017-06-02 15:29 - 2017-06-02 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect
2017-06-02 15:28 - 2017-06-02 15:28 - 00000000 ____D C:\Program Files\VoipConnect.com
2017-06-01 17:06 - 2017-06-01 17:06 - 00000000 ____D C:\Users\getme\AppData\Local\MultiPlayerManager
2017-06-01 15:39 - 2017-06-06 13:13 - 00000000 ____D C:\Users\getme\vmlogs
2017-06-01 15:39 - 2017-06-01 15:39 - 00000045 _____ C:\Users\getme\nuuid.ini
2017-06-01 15:39 - 2017-06-01 15:39 - 00000041 _____ C:\Users\getme\inst.ini
2017-06-01 15:39 - 2017-06-01 15:39 - 00000000 ____D C:\Users\getme\Nox_share
2017-06-01 15:38 - 2017-06-01 15:38 - 00001095 _____ C:\Users\getme\Desktop\Multi-Drive.lnk
2017-06-01 15:38 - 2017-06-01 15:38 - 00001014 _____ C:\Users\getme\Desktop\Nox.lnk
2017-06-01 15:38 - 2017-06-01 15:38 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-06-01 15:37 - 2017-06-06 13:13 - 00000000 ____D C:\Users\getme\.BigNox
2017-06-01 15:37 - 2017-06-01 15:37 - 00000000 ____D C:\Program Files\Bignox
2017-06-01 15:34 - 2017-06-09 13:13 - 00000000 ____D C:\Program Files\Nox
2017-06-01 15:33 - 2017-06-06 13:17 - 00000000 ____D C:\Users\getme\AppData\Local\Nox
2017-05-31 16:18 - 2017-05-31 16:21 - 00000000 ____D C:\Users\getme\Desktop\Ebooks
2017-05-29 15:57 - 2017-05-29 15:57 - 00154336 _____ C:\Users\getme\Downloads\GetImage (3)
2017-05-29 15:55 - 2017-05-29 15:55 - 00154336 _____ C:\Users\getme\Downloads\GetImage (2)
2017-05-29 15:54 - 2017-05-29 15:54 - 00154336 _____ C:\Users\getme\Downloads\GetImage (1)
2017-05-29 15:54 - 2017-05-29 15:54 - 00154336 _____ C:\Users\getme\Downloads\GetImage
2017-05-29 15:01 - 2017-05-29 15:01 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2017-05-29 15:01 - 2017-05-29 15:01 - 00001173 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk
2017-05-29 14:56 - 2017-05-29 14:56 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Tone Generator.lnk
2017-05-29 14:56 - 2017-05-29 14:56 - 00001165 _____ C:\Users\Public\Desktop\NCH Tone Generator.lnk
2017-05-29 14:55 - 2017-06-06 07:27 - 22042297 _____ C:\Users\getme\Downloads\Hydrogen-0.9.7-win32.exe
2017-05-29 14:37 - 2017-05-29 14:37 - 00001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crescendo Music Notation Editor.lnk
2017-05-29 14:37 - 2017-05-29 14:37 - 00001215 _____ C:\Users\Public\Desktop\Crescendo Music Notation Editor.lnk
2017-05-29 14:32 - 2017-05-29 15:01 - 00000000 ____D C:\Program Files\NCH Software
2017-05-29 14:32 - 2017-05-29 14:32 - 00002087 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2017-05-29 14:32 - 2017-05-29 14:32 - 00001191 _____ C:\Users\Public\Desktop\MixPad Multitrack Recording Software.lnk
2017-05-29 14:08 - 2017-06-03 18:03 - 00000000 ____D C:\Users\getme\AppData\Roaming\Music Editor Free
2017-05-29 14:08 - 2017-05-29 14:08 - 00002062 _____ C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Music Editor Free.lnk
2017-05-29 14:08 - 2017-05-29 14:08 - 00002038 _____ C:\Users\getme\Desktop\Music Editor Free.lnk
2017-05-29 14:08 - 2017-05-29 14:08 - 00000000 ____D C:\Users\getme\AppData\Roaming\Music Editor Free New Version Available
2017-05-29 14:08 - 2017-05-29 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Editor Free
2017-05-29 14:07 - 2006-03-23 12:56 - 00113486 _____ C:\WINDOWS\system32\NCTWMAProfiles.prx
2017-05-29 14:07 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioInformation2.dll
2017-05-29 14:07 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\WINDOWS\system32\NCTAudioFile2.dll
2017-05-29 14:07 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioRecord2.dll
2017-05-29 14:07 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioPlayer2.dll
2017-05-29 14:07 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioEditor2.dll
2017-05-29 14:07 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioTransform2.dll
2017-05-29 14:07 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTAudioVisualization2.dll
2017-05-29 14:07 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\WINDOWS\system32\NCTTextToAudio2.dll
2017-05-29 14:07 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\WINDOWS\system32\NCTWMAFile2.dll
2017-05-29 14:07 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2017-05-29 14:07 - 2002-01-05 16:37 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr70.dll
2017-05-29 14:06 - 2017-05-29 14:08 - 00000000 ____D C:\Program Files\Music Editor Free
2017-05-27 20:23 - 2017-05-27 20:23 - 00000000 ____D C:\Users\getme\AppData\Roaming\Axolot Games
2017-05-27 20:23 - 2017-05-27 20:23 - 00000000 ____D C:\Users\getme\AppData\Local\Axolot Games
2017-05-27 20:06 - 2017-06-08 00:45 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-27 18:55 - 2017-05-27 19:03 - 00000557 _____ C:\Users\getme\TestWeb.html
2017-05-27 18:53 - 2017-05-28 21:00 - 00000000 ____D C:\Users\getme\AppData\Roaming\NetBeans
2017-05-27 18:53 - 2017-05-27 18:53 - 00000000 ____D C:\Users\getme\AppData\Local\NetBeans
2017-05-27 17:56 - 2017-05-27 17:56 - 00000000 ____D C:\Program Files\Common Files\Java
2017-05-27 17:53 - 2017-05-27 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-05-27 17:52 - 2017-05-27 17:52 - 00000000 ____D C:\Users\getme\AppData\LocalLow\Oracle
2017-05-27 15:51 - 2017-05-27 15:51 - 00000000 ____D C:\Users\getme\AppData\Local\EasyWays
2017-05-24 09:02 - 2017-04-27 23:59 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-24 09:02 - 2017-04-27 22:56 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-05-24 09:02 - 2017-04-27 21:51 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-05-24 09:02 - 2017-04-27 21:40 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-24 09:02 - 2017-04-27 21:33 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-05-24 09:02 - 2017-04-27 21:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-05-24 09:02 - 2017-04-27 21:18 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-05-24 09:02 - 2017-04-27 20:59 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-24 09:02 - 2017-04-27 20:59 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-24 09:02 - 2017-04-27 20:50 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-05-24 09:02 - 2017-04-27 20:47 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-24 09:02 - 2017-04-27 20:25 - 01901568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-24 09:02 - 2017-04-27 19:51 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-05-24 09:01 - 2017-04-28 00:01 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-24 09:01 - 2017-04-27 23:59 - 05791584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-24 09:01 - 2017-04-27 23:35 - 02885680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-05-24 09:01 - 2017-04-27 23:04 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-24 09:01 - 2017-04-27 22:56 - 02945648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-24 09:01 - 2017-04-27 22:45 - 01536600 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-24 09:01 - 2017-04-27 21:39 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-24 09:01 - 2017-04-27 21:23 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-24 09:01 - 2017-04-27 21:18 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-24 09:01 - 2017-04-27 21:12 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-24 09:01 - 2017-04-27 21:07 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-24 09:01 - 2017-04-27 21:01 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-05-24 09:01 - 2017-04-27 20:56 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-24 09:01 - 2017-04-27 20:55 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-24 09:01 - 2017-04-27 20:55 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-24 09:01 - 2017-04-27 20:54 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-24 09:01 - 2017-04-27 20:46 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-24 09:01 - 2017-04-27 20:32 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-24 09:01 - 2017-04-27 20:25 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-24 09:01 - 2017-04-27 20:21 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-05-24 09:01 - 2017-04-27 20:20 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-05-24 09:01 - 2017-04-27 20:19 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-05-24 09:01 - 2017-04-27 20:06 - 12139008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-24 09:01 - 2017-04-27 20:06 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-05-24 09:01 - 2017-04-27 20:04 - 03660288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-24 09:01 - 2017-04-27 19:53 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-05-24 09:00 - 2017-04-27 23:59 - 01862000 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-24 09:00 - 2017-04-27 23:56 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-24 09:00 - 2017-04-27 22:57 - 01813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-24 09:00 - 2017-04-27 22:57 - 00959144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-24 09:00 - 2017-04-27 22:56 - 00024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-24 09:00 - 2017-04-27 22:53 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-24 09:00 - 2017-04-27 22:52 - 05240448 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-05-24 09:00 - 2017-04-27 22:51 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-05-24 09:00 - 2017-04-27 22:51 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-05-24 09:00 - 2017-04-27 22:50 - 05598832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-05-24 09:00 - 2017-04-27 22:49 - 00995296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-05-24 09:00 - 2017-04-27 22:49 - 00510880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-24 09:00 - 2017-04-27 22:20 - 01711456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-24 09:00 - 2017-04-27 21:50 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-05-24 09:00 - 2017-04-27 21:45 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcl.dll
2017-05-24 09:00 - 2017-04-27 21:32 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-24 09:00 - 2017-04-27 21:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-05-24 09:00 - 2017-04-27 21:21 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-05-24 09:00 - 2017-04-27 21:21 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-05-24 09:00 - 2017-04-27 21:15 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-24 09:00 - 2017-04-27 21:15 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-24 09:00 - 2017-04-27 21:14 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-05-24 09:00 - 2017-04-27 21:13 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-24 09:00 - 2017-04-27 21:12 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-05-24 09:00 - 2017-04-27 21:11 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-24 09:00 - 2017-04-27 21:11 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-05-24 09:00 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-05-24 09:00 - 2017-04-27 21:07 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-24 09:00 - 2017-04-27 21:04 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-05-24 09:00 - 2017-04-27 20:57 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-05-24 09:00 - 2017-04-27 20:55 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-24 09:00 - 2017-04-27 20:53 - 01150976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-24 09:00 - 2017-04-27 20:53 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-24 09:00 - 2017-04-27 20:51 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-24 09:00 - 2017-04-27 20:50 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-24 09:00 - 2017-04-27 20:49 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-05-24 09:00 - 2017-04-27 20:47 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-24 09:00 - 2017-04-27 20:46 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-05-24 09:00 - 2017-04-27 20:34 - 02972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-24 09:00 - 2017-04-27 20:22 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-05-24 09:00 - 2017-04-27 20:22 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-24 09:00 - 2017-04-27 20:07 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-24 09:00 - 2017-04-27 20:05 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-24 09:00 - 2017-04-27 20:04 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-24 09:00 - 2017-04-27 20:03 - 18673152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-24 09:00 - 2017-04-27 19:57 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-05-24 09:00 - 2017-04-27 19:55 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-05-24 09:00 - 2017-04-27 19:50 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-05-24 09:00 - 2017-04-27 19:47 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-24 09:00 - 2017-04-27 19:42 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-24 08:59 - 2017-04-27 22:19 - 01394544 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-05-24 08:59 - 2017-04-27 21:31 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-24 08:59 - 2017-04-27 21:15 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-05-24 08:59 - 2017-04-27 21:13 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-24 08:59 - 2017-04-27 20:56 - 01746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-05-24 08:59 - 2017-04-27 20:34 - 01801216 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-05-19 23:47 - 2017-05-19 23:47 - 00118525 _____ C:\Users\getme\Documents\recording.wma
2017-05-19 23:44 - 2017-05-19 23:44 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Loop Recorder
2017-05-19 23:44 - 2002-08-29 06:14 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\system32\W95Inf16.DLL
2017-05-19 23:44 - 2001-08-17 21:43 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\W95Inf32.DLL
2017-05-19 16:53 - 2017-05-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-05-19 16:47 - 2017-05-19 16:47 - 11633320 _____ C:\Users\getme\Downloads\Edit-1.wav
2017-05-19 10:01 - 2017-05-19 10:01 - 00001826 _____ C:\Users\getme\Desktop\Cain.lnk
2017-05-17 17:26 - 2017-05-17 17:26 - 00000000 ____D C:\Users\getme\Desktop\Old Firefox Data
2017-05-17 11:32 - 2017-05-17 11:32 - 00125952 _____ C:\Users\getme\AppData\Local\report
2017-05-15 23:53 - 2017-05-15 23:53 - 00000000 ____D C:\Program Files\MSECache
2017-05-14 18:34 - 2017-05-31 10:25 - 00000000 ____D C:\Users\getme\AppData\Roaming\RealVNC
2017-05-14 18:34 - 2017-05-14 18:34 - 00000000 ____D C:\Users\getme\AppData\Local\RealVNC
2017-05-14 17:20 - 2017-05-14 17:20 - 02402457 _____ () C:\Users\getme\Desktop\ipscan-win32-3.5.1.exe
2017-05-14 17:20 - 2017-05-14 17:20 - 00000000 ____D C:\Users\getme\.swt
2017-05-12 23:05 - 2017-05-12 22:58 - 02053120 _____ (TODO: <Company name>) C:\Users\getme\AppData\Local\InSility.exe
2017-05-12 22:56 - 2017-05-12 22:56 - 00719521 _____ C:\WINDOWS\unins000.exe
2017-05-12 22:56 - 2017-05-12 22:56 - 00003833 _____ C:\WINDOWS\unins000.dat
2017-05-12 22:20 - 2017-05-12 22:27 - 00004981 _____ C:\Users\getme\Desktop\lol.vbs
2017-05-11 15:16 - 2017-05-14 19:17 - 00000000 ____D C:\Users\getme\Desktop\Omegle-Chat-Hack-master
2017-05-11 14:58 - 2017-05-28 21:01 - 00000000 ____D C:\Users\getme\.nbi
2017-05-11 10:38 - 2017-05-11 10:38 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-05-11 10:38 - 2017-05-11 10:38 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-05-11 10:38 - 2017-05-11 10:38 - 00001965 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-05-11 10:38 - 2017-05-11 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-05-11 10:37 - 2017-05-11 10:38 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-05-11 10:37 - 2017-05-11 10:37 - 00000000 ____D C:\Users\getme\AppData\Local\Zemana
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-10 10:04 - 2016-12-24 16:34 - 00000282 _____ C:\WINDOWS\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD}.job
2017-06-10 09:37 - 2017-03-08 09:37 - 00000294 _____ C:\WINDOWS\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6}.job
2017-06-10 09:27 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-10 09:25 - 2017-03-08 11:20 - 00000000 ____D C:\Program Files\Steam
2017-06-10 09:24 - 2016-12-22 18:09 - 00000000 ____D C:\Users\getme
2017-06-10 09:23 - 2016-12-22 21:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-09 23:15 - 2016-12-22 18:15 - 00000000 ____D C:\Users\getme\AppData\Roaming\Skype
2017-06-09 19:49 - 2017-04-18 21:58 - 00000000 ____D C:\Users\getme\AppData\Roaming\discord
2017-06-09 13:28 - 2017-04-17 19:30 - 00000000 ____D C:\Users\getme\AppData\Local\ElevatedDiagnostics
2017-06-09 13:28 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-09 13:19 - 2016-12-22 20:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-09 13:13 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-06-08 00:46 - 2016-12-26 18:43 - 00000330 _____ C:\Users\getme\AppData\Roaming\WB.CFG
2017-06-08 00:46 - 2016-12-24 16:34 - 00000000 ____D C:\Program Files\Common Files\UpdateTask
2017-06-08 00:45 - 2016-12-22 20:12 - 00182291 ____N C:\WINDOWS\Minidump\060817-12625-01.dmp
2017-06-06 19:12 - 2016-12-22 20:12 - 00098883 ____N C:\WINDOWS\Minidump\060617-14187-01.dmp
2017-06-06 18:19 - 2016-12-22 20:12 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-06-06 18:18 - 2017-04-17 13:57 - 00000000 ____D C:\Program Files\Cain
2017-06-06 17:05 - 2017-04-20 00:49 - 00000000 ____D C:\Users\getme\Desktop\Everything
2017-06-06 17:05 - 2017-04-19 17:22 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-06 17:05 - 2017-04-18 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-06-06 17:05 - 2017-03-11 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-06-06 17:05 - 2017-03-08 14:52 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-06-06 15:54 - 2016-12-22 21:00 - 00000000 ____D C:\Intel
2017-06-06 15:14 - 2016-12-22 18:12 - 00000000 __SHD C:\Users\getme\IntelGraphicsProfiles
2017-06-06 13:13 - 2017-03-08 16:33 - 00000000 ____D C:\Users\getme\.android
2017-06-06 07:53 - 2016-12-22 20:27 - 00000000 ____D C:\WINDOWS\INF
2017-06-06 07:53 - 2016-12-22 18:13 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-06 07:35 - 2015-05-08 22:28 - 00000000 ____D C:\Users\getme\Desktop\Ysflight
2017-06-04 04:08 - 2017-03-09 12:15 - 00000000 ____D C:\Users\getme\Documents\My Games
2017-06-02 15:17 - 2016-12-22 20:30 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-01 17:07 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-01 15:37 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\Registration
2017-05-31 15:07 - 2016-12-22 18:12 - 00000000 ____D C:\Users\getme\AppData\Local\Packages
2017-05-30 16:45 - 2016-12-22 19:00 - 00456360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 13:47 - 2017-03-18 13:47 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Itch Corp
2017-05-30 13:47 - 2017-03-18 13:46 - 00000000 ____D C:\Users\getme\AppData\Local\itch
2017-05-29 15:01 - 2017-03-17 14:19 - 00000000 ____D C:\Users\getme\AppData\Roaming\NCH Software
2017-05-29 15:01 - 2017-03-17 14:18 - 00000000 ____D C:\ProgramData\NCH Software
2017-05-29 14:32 - 2017-03-17 14:18 - 00001203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Multitrack Recording Software.lnk
2017-05-29 14:30 - 2017-04-30 18:55 - 00000000 ____D C:\Users\getme\AppData\Roaming\Audacity
2017-05-27 18:18 - 2017-04-27 18:41 - 00000000 ____D C:\Users\getme\AppData\Local\Mixxx
2017-05-27 17:56 - 2017-04-17 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-27 17:55 - 2017-04-17 17:15 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-05-27 17:55 - 2017-04-17 17:14 - 00000000 ____D C:\Program Files\Java
2017-05-27 17:49 - 2017-03-18 13:58 - 00000000 ____D C:\Users\getme\.oracle_jre_usage
2017-05-27 13:05 - 2017-03-09 11:24 - 00000000 ____D C:\Users\getme\VirtualBox VMs
2017-05-27 13:04 - 2017-03-19 18:19 - 00000000 ____D C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daring Development Inc
2017-05-27 13:04 - 2017-03-19 18:18 - 00000000 ____D C:\Users\getme\AppData\Local\Infinity
2017-05-27 13:04 - 2017-03-17 20:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-27 13:04 - 2017-03-08 18:26 - 00000000 ____D C:\Users\getme\AppData\Local\SkypePlugin
2017-05-27 13:04 - 2016-12-22 18:15 - 00000000 ___RD C:\Users\getme\OneDrive
2017-05-27 13:03 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-05-26 22:39 - 2017-03-18 13:44 - 00000000 ____D C:\Users\getme\AppData\LocalLow\Mozilla
2017-05-25 03:25 - 2016-12-22 20:17 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-25 00:39 - 2016-12-22 20:59 - 00192856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-25 00:37 - 2016-12-22 20:30 - 00000000 ____D C:\Program Files\Windows Defender
2017-05-24 02:06 - 2016-12-22 18:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-24 02:00 - 2016-12-22 18:57 - 129479984 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 01:57 - 2017-04-24 07:51 - 00000853 _____ C:\Users\getme\Desktop\Starbound.v1.2.4 - Shortcut.lnk
2017-05-22 19:27 - 2017-03-08 15:24 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-17 19:21 - 2017-04-17 19:21 - 00000438 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job
2017-05-17 14:52 - 2017-03-08 18:33 - 00000000 ____D C:\ProgramData\Skype
2017-05-16 07:32 - 2017-03-08 09:52 - 00000000 ____D C:\Program Files\Google
2017-05-14 14:40 - 2017-03-09 11:23 - 00000000 ____D C:\Users\getme\AppData\Local\Adobe
2017-05-14 14:39 - 2016-12-22 20:30 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-13 10:42 - 2017-03-18 13:32 - 00000000 ____D C:\Users\getme\AppData\Local\Mozilla
2017-05-11 17:37 - 2017-03-08 09:37 - 00000000 ____D C:\Users\getme\AppData\Local\61DF03E7-9545-0044-8045-1B7C1EEEE9A6
2017-05-11 14:51 - 2017-03-08 09:52 - 00000000 ____D C:\Users\getme\AppData\Local\Google
2017-05-11 10:42 - 2017-03-14 15:16 - 00000104 _____ C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-05-11 10:42 - 2017-03-08 09:42 - 00000104 _____ C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
 
==================== Files in the root of some directories =======
 
2017-03-26 09:25 - 2017-03-26 09:25 - 0199659 _____ () C:\Users\getme\AppData\Roaming\MixPad.dmp
2016-12-26 18:43 - 2017-06-08 00:46 - 0000330 _____ () C:\Users\getme\AppData\Roaming\WB.CFG
2017-05-06 18:58 - 2017-05-06 18:58 - 0003584 _____ () C:\Users\getme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-12 23:05 - 2017-05-12 22:58 - 2053120 _____ (TODO: <Company name>) C:\Users\getme\AppData\Local\InSility.exe
2017-03-14 19:40 - 2017-03-14 19:57 - 0000600 _____ () C:\Users\getme\AppData\Local\PUTTY.RND
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\getme\AppData\Local\report
2017-03-08 15:26 - 2017-03-10 13:20 - 0000552 _____ () C:\Users\getme\AppData\Local\TroubleshooterConfig.json
 
Files to move or delete:
====================
C:\Users\getme\AppData\Roaming\isMiner\isMiner.exe?

C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe
C:\Windows\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6}.job
C:\Windows\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD}.job
 

Some files in TEMP:
====================
2017-04-20 22:49 - 2017-04-20 22:49 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\6-vntd0o.dll
2017-06-09 13:16 - 2017-06-09 13:16 - 1335808 _____ () C:\Users\getme\AppData\Local\Temp\9711983.t.exe
2017-03-26 22:28 - 2017-03-26 22:29 - 0000000 _____ () C:\Users\getme\AppData\Local\Temp\GUR363C.exe
2017-03-09 08:24 - 2017-03-09 08:24 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\hvckwgtz.dll
2017-03-19 18:12 - 2017-03-19 18:18 - 52914288 _____ (Daring Development Inc.) C:\Users\getme\AppData\Local\Temp\Infinity-Setup.exe
2017-03-09 08:23 - 2017-03-09 08:24 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\ko2l1xbm.dll
2017-03-08 17:05 - 2017-03-08 17:05 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\mfqde3ww.dll
2017-03-12 18:25 - 2017-03-12 18:25 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\skcnxvw4.dll
2017-04-17 18:04 - 2017-04-17 18:04 - 0541696 _____ () C:\Users\getme\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2017-06-06 17:10 - 2017-06-06 17:09 - 1199825 _____ () C:\Users\getme\AppData\Local\Temp\unins000.exe
2014-09-11 17:32 - 2014-09-11 17:32 - 6498200 _____ (Microsoft Corporation) C:\Users\getme\AppData\Local\Temp\vcredist_x86.exe
2017-03-08 18:18 - 2017-03-08 18:21 - 14456872 _____ (Microsoft Corporation) C:\Users\getme\AppData\Local\Temp\vc_redist.x86.exe
2017-04-20 22:49 - 2017-04-20 22:49 - 0061440 _____ () C:\Users\getme\AppData\Local\Temp\xg2jniao.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-22 20:59
 
==================== End of FRST.txt ============================
 
And Addition.TXT
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2017 01
Ran by Asriel (10-06-2017 10:06:58)
Running from C:\Users\getme\Downloads
Microsoft Windows 10 Home Version 1511 (X86) (2016-12-22 22:07:55)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-1420558640-2585559921-1678375398-500 - Administrator - Disabled)
Asriel (S-1-5-21-1420558640-2585559921-1678375398-1001 - Administrator - Enabled) => C:\Users\getme
DefaultAccount (S-1-5-21-1420558640-2585559921-1678375398-503 - Limited - Disabled)
Guest (S-1-5-21-1420558640-2585559921-1678375398-501 - Limited - Disabled)
Summa (S-1-5-21-1420558640-2585559921-1678375398-1002 - Administrator - Enabled) => C:\Users\Summa
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AceThinker Screen Grabber Pro V1.0.7 (HKLM\...\{dc9006db-6b05-4f0f-833b-79ef3f284c28}_is1) (Version: 1.0.7 - AceThinker Limited)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 2.6.104.6367 - BlueStack Systems, Inc.)
Cain & Abel 4.9.56 (HKLM\...\Cain & Abel 4.9.56) (Version:  - )
Citrix Online Launcher (HKLM\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Crescendo Music Notation Editor (HKLM\...\Crescendo) (Version: 2.00 - NCH Software)
D3DGear (HKLM\...\D3DGear_is1) (Version: 5.0.0.2066 - D3DGear Technologies)
Debut Video Capture Software (HKLM\...\Debut) (Version: 4.00 - NCH Software)
Discord (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Driver Easy 5.5.0 (HKLM\...\DriverEasy_is1) (Version: 5.5.0 - Easeware)
Electa Live Screen Recorder (HKLM\...\{ACBEFFFE-9499-407A-8D44-C1DDB3DB94F0}) (Version: 1.2 - ELECTA COMMUNICATIONS LTD)
Express Scribe Transcription Software (HKLM\...\Scribe) (Version: 6.00 - NCH Software)
ffdshow v1.3.4532 [2014-07-17] (HKLM\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
FrostWire 6.4.7 (HKLM\...\FrostWire 6) (Version: 6.4.7.229 - FrostWire LLC)
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
HeavyLoad V3.3 (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
Hydrogen (Advanced drum machine for GNU/Linux) (HKLM\...\ON) (Version: 0.9.7 - Hydrogen Developers)
Isminer 19 (HKLM\...\isMiner) (Version: 19 - isMiner inc ) <==== ATTENTION
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
League of Legends (HKLM\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (Version: 4.1.2 - Riot Games) Hidden
Loop Recorder (HKLM\...\Loop Recorder) (Version: 2.08 - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MixPad Multitrack Recording Software (HKLM\...\MixPad) (Version: 4.31 - NCH Software)
Mixxx 2.0.0 (HKLM\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Music Editor Free v10.8.0 (HKLM\...\Music Editor Free_is1) (Version:  - Copyright(C) 2005-2017 MEFMedia, Inc.)
NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.26 - NCH Software)
Nexon Launcher (HKLM\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Nox APP Player (HKLM\...\Nox) (Version: 3.8.2.0 - Duodian Technology Co. Ltd.)
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F36}) (Version: 4.0.16 - dotPDN LLC)
PC Drummer Trial 6.01 (HKLM\...\{D9D4E4D8-7947-4CF2-9A18-1C8B131BB3CD}) (Version: 6.01 - Benetrue, Inc.)
Prism Video File Converter (HKLM\...\Prism) (Version: 2.63 - NCH Software)
PrivateTunnel (HKLM\...\PrivateTunnel) (Version: 2.8.2.0 - OpenVPN Technologies)
PuTTY release 0.68 (HKLM\...\{55717628-7AE6-4BCF-A046-FA2768945E76}) (Version: 0.68.0.0 - Simon Tatham)
Python Launcher (HKLM\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
RAR Password Cracker (HKLM\...\RAR Password Cracker) (Version: 4.20 - dnSoft Research Group)
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 5.35 - NCH Software)
ROBLOX Player for getme (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for getme (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for getme (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Screen Recorder Free 8.8.1 (HKLM\...\Screen Recorder Free_is1) (Version:  - VisionLot Co., Ltd.)
Skype™ 7.35 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stencyl (HKLM\...\Stencyl) (Version: /root/.jenkins/jobs/Stencyl-Windows/workspace/build - Stencyl, LLC)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Switch Sound File Converter (HKLM\...\Switch) (Version: 5.20 - NCH Software)
System Healer (HKLM\...\SystemHealer) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION
The Windows Intel Fastest Mouse Clicker version 1.7.0.0 (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\The Windows Intel Fastest Mouse Clicker_is1) (Version: 1.7.0.0 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB))
The Windows Intel Fastest Mouse Clicker version 1.7.0.0 (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\The Windows Intel Fastest Mouse Clicker_is1) (Version: 1.7.0.0 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB))
The Windows Intel Fastest Mouse Clicker version 1.7.0.0 (HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\The Windows Intel Fastest Mouse Clicker_is1) (Version: 1.7.0.0 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB))
UE4 Prerequisites (x86) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
USBPcap 1.1.0.0-g794bf26-5 (HKLM\...\USBPcap) (Version: 1.1.0.0-g794bf26-5 - )
VCDS Release 16.8.4 (HKLM\...\VCDS Release) (Version: 16.8.4 - Ross-Tech)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 5.01 - NCH Software)
VoipConnect (HKLM\...\VoipConnect_is1) (Version: 4.14 build 779 - Finarea S.A. Switzerland)
Voxal Voice Changer (HKLM\...\Voxal) (Version: 2.00 - NCH Software)
Warp Speed PC Tune-up Software (HKLM\...\Warp) (Version: 1.14 - NCH Software)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 7.05 - NCH Software)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.2.6 (32-bit) (HKLM\...\Wireshark) (Version: 2.2.6 - The Wireshark developer community, hxxps://www.wireshark.org)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Gamecaster (HKLM\...\{0385E519-A43B-4F2A-B592-48F2B4668B48}) (Version: 2.9.1701.1621 - SplitmediaLabs)
Yahoo! Powered (HKLM\...\{1D5DF59D-4DDD-241D-FC5D-549D2CDD871D}) (Version:  - ) <==== ATTENTION
YS FLIGHT SIMULATOR (HKLM\...\YS FLIGHT SIMULATOR) (Version:  - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\getme\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\getme\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1420558640-2585559921-1678375398-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\getme\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15869919-D02C-436E-A1A1-1BDE3AFAF250} - System32\Tasks\SystemHealer Monitor => C:\Program Files\SystemHealer\HealerConsole.exe <==== ATTENTION
Task: {1CF7DAA3-F923-457B-BE85-41F81BE1C1DF} - System32\Tasks\{7DDBED96-60D4-EA9F-DDB8-0CC50E3D1638} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\a25d8c00\865d76a7.dll" <==== ATTENTION
Task: {3F0C6678-D0D7-41C2-8AE6-B597459DADDE} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: {42133233-89FF-43CD-928A-C9791F420B8B} - System32\Tasks\System HealerStartUp => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {66509DC6-BFB9-407B-82C6-CAB79C5A6816} - System32\Tasks\System Healer Task => C:\PROGRA~1\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION
Task: {72E06A02-A162-4605-BEC3-CF50A90EC51F} - \{0D797847-0A79-7A7D-0911-0D04087F1108} -> No File <==== ATTENTION
Task: {7748CEB5-7911-4E9F-9194-D42F370C6CCC} - System32\Tasks\SystemHealer Run Delay => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {83C5F6A3-5BAD-4ED6-8D93-EE8FCC518869} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-14] (Adobe Systems Incorporated)
Task: {C74611C6-6C99-47EB-947F-6D789A0ECA26} - System32\Tasks\System HealerPeriod => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {E65AA93D-C431-44F4-A309-B79939DBF886} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\PROGRA~1\D3DGear\d3dGear.exe
Task: {E6A12039-93D2-45A6-8E43-9BFFBBBA1606} - System32\Tasks\{1189A674-A622-11DF-B1C4-C87E55639589} => C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73}\5880A280-EF2B-152B-AF46-AEB293F45386.exe [2017-06-09] () <==== ATTENTION
Task: {F1E6E542-4FA4-49BD-A993-55E8105DBFB7} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\VideErroroReporting => C:\\ProgramData\\WindowsVideoErrorReporting\\wvermgr.exe [2017-06-06] ()
Task: {F5FC3FCA-45CB-4F2E-B351-EDF592BFBE59} - System32\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6} => C:\Users\getme\AppData\Local\61DF03~1\Sync.exe <==== ATTENTION
Task: {FCB27063-0C81-4B0E-AD7F-84F64991BF6E} - System32\Tasks\3a6505d76c4845ab634ee923daa42779 => sc start 3a6505d76c4845ab634ee923daa42779
Task: {FD4530D1-ACEB-4560-A21C-28BB8584D71E} - System32\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD} => C:\Program Files\Common Files\UpdateTask\updane.exe [2013-04-25] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\System HealerPeriod.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{61DF03E7-9545-0044-8045-1B7C1EEEE9A6}.job => C:\Users\getme\AppData\Local\61DF03~1\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{653E3BCC-B6F1-CD06-6D29-0642A50380FD}.job => C:\PROGRA~1\COMMON~1\UPDATE~1\updane.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\getme\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\getme\Desktop\Everything\Gоogle Сhrоme.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\Desktop\Everything\RОBLОX Рlаyer.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\Desktop\Everything\Мineсraft.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnualtfarcenim.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\Desktop\Everything\Мozillа Firеfох.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\Desktop\Everything\VPNS & Anon stuff\Stаrt Тor Brоwser.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\Desktop\Everything\VPNS & Anon stuff\Tor Browser\Stаrt Тоr Вrоwser.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\Desktop\Everything\Anti virus!\Games\Lеаguе оf Legеnds.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual.lol.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nехоn Launсher.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\RОВLOХ Plаyer.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nеxоn Lаuncher.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.4.7-SafeMode.lnk -> C:\Program Files\FrostWire 6\frostwire.bat (No File)
Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Exрlorеr.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\getme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Chrоmе.lnk -> C:\Users\getme\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 01:44 - 2015-10-30 01:44 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-08-29 13:31 - 2016-08-29 13:31 - 00949480 _____ () C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2017-05-24 09:00 - 2017-04-27 23:59 - 01862000 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-11 10:38 - 2017-05-11 10:38 - 00130928 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2015-12-18 20:20 - 2015-12-07 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-09-15 07:24 - 2016-06-30 23:31 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-15 01:41 - 2017-03-03 23:21 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 01:41 - 2017-03-03 23:18 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-17 11:14 - 2017-03-28 00:27 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-24 09:01 - 2017-04-27 19:45 - 02657792 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-15 01:41 - 2017-03-03 23:18 - 00696832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-10 09:24 - 2017-06-10 09:24 - 00260608 _____ () C:\Users\getme\AppData\Local\Temp\fbd0bfb1916d4b739db03fa8416b9c3e\Hg170bDREkIr6k.exe
2017-04-18 21:58 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\getme\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-04-18 21:59 - 2017-04-18 21:59 - 01082880 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-04-18 21:59 - 2017-04-18 21:59 - 03750400 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-04-18 21:59 - 2017-04-18 21:59 - 00914432 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-04-18 21:59 - 2017-04-18 21:59 - 01127424 _____ () \\?\C:\Users\getme\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-04-18 21:58 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\getme\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-04-18 21:58 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\getme\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-06-09 13:17 - 2017-06-09 13:17 - 01335808 _____ () C:\ProgramData\{8C8EE8E6-3B25-5F4D-EE90-0D93D37BEC73}\5880A280-EF2B-152B-AF46-AEB293F45386.exe
2017-03-17 15:12 - 2017-03-17 15:14 - 01632256 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxMail.exe
2017-03-17 15:12 - 2017-03-17 15:16 - 07139008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-03-17 15:12 - 2017-03-17 15:17 - 00636608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2015-10-30 01:45 - 2015-10-30 01:45 - 00164224 _____ () c:\windows\system32\WerEtw.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-12-22 20:31 - 2017-06-10 09:24 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093741657\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801591\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093742114\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801681\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1420558640-2585559921-1678375398-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093746649\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1420558640-2585559921-1678375398-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093804491\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Chromium => c:\users\getme\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session --restore-last-session
MSCONFIG\startupreg: ManyCam => "C:\Program Files\ManyCam\ManyCam.exe" --silent
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093743696\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1420558640-2585559921-1678375398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06102017093801777\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{36F6E896-A4FD-4C68-A2C2-B640FDE488D8}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{FF7A0B8E-8CCB-41BA-ACFC-F5F70862A97E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{7CBB6BE4-6F5D-4C0F-8BD8-BA5BAF1A9F89}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26E63C6F-70F8-40D1-B71A-44F816D4147B}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{3DD1CDAB-9B6A-44D9-829F-2089909A1913}C:\users\getme\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\getme\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{62109385-E2B7-4DEC-87A4-ABBF03A3DF76}C:\users\getme\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\getme\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{AC6FFB0F-2E39-4278-8D42-D6BB542812D0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A4472880-C496-48D5-8CB8-1AAEFA18C10F}] => (Allow) C:\Program Files\FrostWire 6\FrostWire.exe
FirewallRules: [{0E0A7CAC-69EF-4F63-9167-C7F17CC1D3D3}] => (Allow) C:\Program Files\FrostWire 6\FrostWire.exe
FirewallRules: [TCP Query User{A8C4A8DA-DE3F-4921-B16D-B427B0E29836}C:\users\getme\desktop\hack\server\bfs.exe] => (Allow) C:\users\getme\desktop\hack\server\bfs.exe
FirewallRules: [UDP Query User{3CD74157-503F-4DFA-9880-779E5F729280}C:\users\getme\desktop\hack\server\bfs.exe] => (Allow) C:\users\getme\desktop\hack\server\bfs.exe
FirewallRules: [{FB572211-8864-4D60-92D5-F5187195AC8A}] => (Allow) C:\Users\getme\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{59B7AD2C-AAEA-411A-AFAE-AE825AFECF99}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
FirewallRules: [{8EEE5D3F-68AA-46CE-8C2B-DF84D7F5A2DF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1C306956-3439-4C81-9ABC-7DF2C6344CAB}C:\program files\cain\cain.exe] => (Allow) C:\program files\cain\cain.exe
FirewallRules: [UDP Query User{3F6EBF0C-1A70-439D-8CBC-42167BC0BF08}C:\program files\cain\cain.exe] => (Allow) C:\program files\cain\cain.exe
FirewallRules: [TCP Query User{13E833F2-2A34-44C0-8431-A681E176EECF}C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe] => (Allow) C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe
FirewallRules: [UDP Query User{C376C6FF-D170-4B18-BFA4-AC5937AB75C1}C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe] => (Allow) C:\users\getme\desktop\scrap.mechanic.beta.v0.2.5\release\scrapmechanic.exe
FirewallRules: [TCP Query User{DC34E745-1D83-46ED-BB56-18114744B28B}C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe] => (Allow) C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe
FirewallRules: [UDP Query User{5F8C280E-6F66-4D66-A623-981842B9EA8B}C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe] => (Allow) C:\program files\ysflight.com\ysflight\ysflight32_gl1.exe
FirewallRules: [{F432B2A0-A954-45CE-87F3-4D9A1651F54C}] => (Allow) C:\Program Files\Nox\bin\Nox.exe
FirewallRules: [{8CC00328-37BF-4021-A004-B594BF4E5BA3}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [TCP Query User{DF4A799A-8E7C-4CE1-9779-AF33CC3C3D20}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [UDP Query User{783CC14B-CE8F-4E34-A541-A6BFE4041209}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [{B1D71576-9975-4278-955B-6F92D8859F5E}] => (Allow) C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe
FirewallRules: [{59822619-2887-43C3-A0F5-D7EAF4636C99}] => (Allow) C:\Program Files\AceThinker\AceThinker Screen Grabber Pro\AceThinker Screen Grabber Pro.exe
FirewallRules: [{F7CD0ACD-D2C5-4B92-9F1B-0BC6FC1B730C}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{840B6506-1168-444E-AB93-370B5083A3D6}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{1A7B527B-82B0-492F-A9AB-8F2E2E977880}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
FirewallRules: [{AB7355D6-2881-45B3-9F02-EAE6BF51B916}] => (Allow) C:\Program Files\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
 
==================== Restore Points =========================
 

==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/10/2017 09:43:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\SplitmediaLabs\XSplit Gamecaster\instvad64.EXE".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/10/2017 09:43:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\SplitmediaLabs\XSplit Gamecaster\instvad32.EXE".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/10/2017 09:42:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxMail.exe, version: 0.0.0.0, time stamp: 0x58c07c42
Faulting module name: combase.dll, version: 10.0.10586.916, time stamp: 0x59028b2e
Exception code: 0xc000027b
Fault offset: 0x00163d1e
Faulting process id: 0x21b0
Faulting application start time: 0x01d2e1ef65892552
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxMail.exe
Faulting module path: C:\WINDOWS\system32\combase.dll
Report Id: c9284033-24c1-45bd-96c1-7450957357d0
Faulting package full name: microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe
Faulting package-relative application ID: microsoft.windowslive.mail
 
Error: (06/10/2017 09:42:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HBSKNLC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147023441 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/10/2017 09:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.8008.4200, time stamp: 0x58c07c42
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000012d
Fault offset: 0x00000000
Faulting process id: 0x2208
Faulting application start time: 0x01d2e1ef636455ef
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: unknown
Report Id: 0f118244-e352-4d14-b3bf-361acbb0c870
Faulting package full name: microsoft.windowscommunicationsapps_17.8008.42001.0_x86__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/10/2017 09:26:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x01f6d0d3
Faulting process id: 0x18e8
Faulting application start time: 0x01d2e1ed1b328ce2
Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe
Faulting module path: unknown
Report Id: 095582a4-3495-42f6-a085-a40d375a3ed1
Faulting package full name:
Faulting package-relative application ID:
 
Error: (06/10/2017 09:25:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x01e5d0d3
Faulting process id: 0x1930
Faulting application start time: 0x01d2e1ed0e7f7d5e
Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe
Faulting module path: unknown
Report Id: 0f5c1104-03e2-4a42-a87c-a5cbddeccbf5
Faulting package full name:
Faulting package-relative application ID:
 
Error: (06/10/2017 09:25:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x01e1d0d3
Faulting process id: 0x1c8c
Faulting application start time: 0x01d2e1ed030ea59a
Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe
Faulting module path: unknown
Report Id: 7ab7cdf6-5b68-42ae-bd2c-f4fc6839be94
Faulting package full name:
Faulting package-relative application ID:
 
Error: (06/10/2017 09:25:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x006ad0d3
Faulting process id: 0x1640
Faulting application start time: 0x01d2e1ecf2ddf84f
Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe
Faulting module path: unknown
Report Id: 4570bdc2-5945-4a31-8cff-b6a1b02f39b4
Faulting package full name:
Faulting package-relative application ID:
 
Error: (06/10/2017 09:24:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: e4d42787e908ae3e259267a9365d8fbc.exe, version: 11.14.1.60, time stamp: 0x5702d285
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0238d0d3
Faulting process id: 0x17b0
Faulting application start time: 0x01d2e1ecea4a1759
Faulting application path: C:\Program Files\3a6505d76c4845ab634ee923daa42779\e4d42787e908ae3e259267a9365d8fbc.exe
Faulting module path: unknown
Report Id: ea9217b5-973d-4355-b74f-9144434e7ef6
Faulting package full name:
Faulting package-relative application ID:
 

System errors:
=============
Error: (06/10/2017 09:42:38 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HBSKNLC)
Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"1455"
Happened while starting this command:
"C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
 
Error: (06/10/2017 09:42:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Error Reporting Service service terminated with the following error:
The paging file is too small for this operation to complete.
 
Error: (06/10/2017 09:30:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HBSKNLC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-HBSKNLC\Asriel SID (S-1-5-21-1420558640-2585559921-1678375398-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/10/2017 09:30:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HBSKNLC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-HBSKNLC\Asriel SID (S-1-5-21-1420558640-2585559921-1678375398-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/10/2017 09:27:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 3a6505d76c4845ab634ee923daa42779 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/10/2017 09:27:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 3a6505d76c4845ab634ee923daa42779 service to connect.
 
Error: (06/10/2017 09:26:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly.  It has done this 7 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/10/2017 09:25:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly.  It has done this 6 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/10/2017 09:25:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly.  It has done this 5 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/10/2017 09:25:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The 3a6505d76c4845ab634ee923daa42779 service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 

CodeIntegrity:
===================================
  Date: 2017-05-27 18:57:58.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-25 00:40:17.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-16 12:54:02.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-10 03:40:05.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-04-19 15:17:56.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\getme\AppData\Local\Temp\CrucialSMBusScan_V32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-19 13:38:57.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-04-19 11:38:33.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-04-19 00:43:24.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-17 11:17:28.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-16 15:41:21.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 87%
Total physical RAM: 1991.14 MB
Available physical RAM: 255.64 MB
Total Virtual: 3603.11 MB
Available Virtual: 306.43 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:28.46 GB) (Free:0.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: E8CDE996)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Link to post
Share on other sites

Hi ModerateComputerUser :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to analyse your logs and get back at you.

Link to post
Share on other sites

It looks like your system is a big bowl of everything: SmartService, Elex, miners, PUPs, etc. We'll clean it up though.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • FrostWire 6.4.7
  • Isminer 19
  • System Healer
  • Yahoo! Powered


If you have an issue when uninstalling a program, please let me know.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Your next reply(ies) should include:

  • Confirmation that you uninstalled the programs listed above;
  • Copy/pasted content of FRST's fixlog.txt;

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.