Jump to content

Infected again :( help please


Recommended Posts

Hi ,

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being asked.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage.


  • Step #1 Fix with AdwCleaner
    • Download AdwCleaner to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Tools>Option and put a tick mark as shown in the image below;
      kRSoWLL.png
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.



 
Link to post
Share on other sites

Thank you for replying so fast! I Ran adwCleaner and posted below is the contents of the log

 

# AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 19 21:37:14 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\df09rp0cm6rp6.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\df09rp0cm6rp6.cloudfront.net
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Prefetch files deleted
::Proxy settings cleared
::TCP/IP settings cleared
::Firewall rules cleared
::IPSec settings cleared
::BITS queue cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1919 B] - [2017/8/19 21:36:15]

Link to post
Share on other sites

Are you facing any pop-ups?

  • Step #2 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information. 
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.

    Note: Enable your security programs afterwards.


Link to post
Share on other sites

Yes im facing a lot of pop ups when i click around on chrome, i ran the eset scan and it found/deleted 17 threats. I posted below, the contents of the log, i saw inside some of the threats were utorrent which i deleted and havent had on my pc since 2012, as well as a couple other files which i thought were gone from my computer. Is there any way to know these files are all gone for sure permanently, and wont come back up to harm my pc? I was considering reformatting my harddrive because of all the junk i have on it but im not sure if im ready for that yet or if i really need to. Im still getting pop ups and lots of lag on chrome even after eset removed these threats, so whats the next step? Thank you so much for all the help so far.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0f5c2180d561ee44a0b8f5b810a9b9f6
# end=init
# utc_time=2017-08-21 05:44:23
# local_time=2017-08-21 01:44:23 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 34474
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0f5c2180d561ee44a0b8f5b810a9b9f6
# end=updated
# utc_time=2017-08-21 07:32:24
# local_time=2017-08-21 03:32:24 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0f5c2180d561ee44a0b8f5b810a9b9f6
# engine=34474
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-08-21 11:19:17
# local_time=2017-08-21 07:19:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 254901007 0 0
# scanned=323029
# found=17
# cleaned=17
# scan_time=13612
sh=9ED38A88BCBBCF2E5EC5FCBD8CF24DF5E418553A ft=1 fh=99b9587a530f83f4 vn="a variant of Win32/InstallBrain.H potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Uninstall Information\ib_uninst_539\uninstall.exe"
sh=39A296EC9235E69EB9CABF6EA9E92BBC879FF796 ft=1 fh=4d3826fb6865e106 vn="a variant of Win32/Bunndle potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\uTorrent\uTorrent.exe"
sh=A913FD45A3A701711CDF78D3630EB5D97108C73A ft=1 fh=c6b43bbb1e46f346 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\.frostwire5\updates\frostwire-5.6.8.windows.exe"
sh=A69D915725E7473FA63ACA39DB1663341CE7C08F ft=1 fh=6cdd33e68a921786 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe"
sh=59C9517D98EAE75E29FC5ABF8B8D82879A5CC2B1 ft=0 fh=0000000000000000 vn="a variant of Win32/FusionCore.K potentially unwanted application (deleted)" ac=C fn="C:\Users\Daniel\AppData\Local\Temp\HYD37B.tmp.1499885513\HTA\install.1499885513.zip"
sh=189FAC2249A10A568D13A81F6449BFFFFDEAEFD2 ft=1 fh=2be0e2264a96be0a vn="a variant of Win32/FusionCore.K potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\AppData\Local\Temp\HYD37B.tmp.1499885513\HTA\3rdparty\FS.dll"
sh=FCBDC2CABD8AD0890E3521084AA1041FBDA2C637 ft=1 fh=dc266fdb52c59ff2 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\jre1.8.0_31\java_sp.dll"
sh=22BD8783D95EE732FC55318266D74E88FBED9414 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.BC potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\chrome\CT3115642\content\popup.js"
sh=F12A08547F8557BCFF2A48E3C6794DC41C757BC8 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application (deleted)" ac=C fn="C:\Users\Daniel\Downloads\Camtasia.Studio.v8.0.4.1060.mundomanuales.com.rar"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\Downloads\ccsetup326.exe"
sh=1FE81C1C94FE1BE74496A06B87252F3C336FB16C ft=1 fh=1434735da8b5ac81 vn="a variant of Win32/Freemake.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\Downloads\FreemakeAudioConverterSetup.exe"
sh=0716CBA6E900210C25D3F3C56A144337E144EACA ft=1 fh=a32ddfd62afd3e3b vn="Win32/Graboid potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\Downloads\GraboidVideoSetup-4.0.exe"
sh=39A296EC9235E69EB9CABF6EA9E92BBC879FF796 ft=1 fh=4d3826fb6865e106 vn="a variant of Win32/Bunndle potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\Downloads\uTorrent (1).exe"
sh=39A296EC9235E69EB9CABF6EA9E92BBC879FF796 ft=1 fh=4d3826fb6865e106 vn="a variant of Win32/Bunndle potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Daniel\Downloads\uTorrent.exe"
sh=D6DCDC53BACE5EA41E73ABE0708D385E2FE90CF7 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CU potentially unsafe application (deleted)" ac=C fn="C:\Users\Daniel\Downloads\Need For Speed Most Wanted [PC]\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.iso"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSI77FF.tmp"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSI9C08.tmp"
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Daniel (administrator) on DANIEL-PC (25-08-2017 08:19:38)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Discord Inc.) C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\Discord.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Run: [Discord] => C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\RunOnce: [Application Restart #2] => C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe [1301848 2017-08-11] (Google Inc.)
HKU\S-1-5-21-181722827-57792355-565291125-1001\...\MountPoints2: {dd030fff-5d01-11e2-9182-bc5ff411205b} - F:\SISetup.exe
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360P2281014-SHPD-FSD570026}] => C:\Users\Public\Downloads\Norton\{N360P2281014-SHPD-FSD570026}\N360PFSD.exe [1107248 2016-11-25] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{42FBFFC1-AA90-41F3-8809-99D9CB877D47}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Norton Safe Web Lite BHO -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll => No File
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-181722827-57792355-565291125-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-181722827-57792355-565291125-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-181722827-57792355-565291125-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-181722827-57792355-565291125-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-181722827-57792355-565291125-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-06-29] ()

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-05-02 23:10:27&v=15.0.1.2&pid=safeguard&sg=1&sap=hp","hxxp://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-05-26 14:10:23&v=15.2.0.8&pid=safeguard&sg=1&sap=hp","hxxp://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-05-26 14:10:23&v=15.3.0.11&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-08-26 15:31:50&v=15.6.1.2&pid=safeguard&sg=0&sap=hp"
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2017-08-25]
CHR Extension: (BetterTTV) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-24]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-08-19]
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-13]
CHR Extension: (Xfinity) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (YouTube to MP3) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\obcjdfbdclhdlllkdanbpddidimjlmdl [2016-07-13]
CHR Extension: (Adblock Pro) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-24]
CHR Extension: (Global Twitch Emotes) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2017-02-11]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-13]
CHR Extension: (Abstract Blue) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2017-03-21]
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [173848 2015-03-11] (EasyAntiCheat Ltd)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-23] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-19] (Malwarebytes)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0039.sys [28640 2015-05-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39048 2015-03-05] (The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [25088 2009-04-16] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-25 08:19 - 2017-08-25 08:20 - 000019234 _____ C:\Users\Daniel\Desktop\FRST.txt
2017-08-25 08:19 - 2017-08-25 08:19 - 000000000 ____D C:\Users\Daniel\Desktop\FRST-OlderVersion
2017-08-23 08:09 - 2017-08-23 08:20 - 000000000 ____D C:\72576a5f1726dc5c8e0072
2017-08-21 13:44 - 2017-08-21 13:44 - 002870984 _____ (ESET) C:\Users\Daniel\Desktop\esetsmartinstaller_enu.exe
2017-08-21 13:44 - 2017-08-21 13:44 - 000000000 ____D C:\Program Files (x86)\ESET
2017-08-19 17:34 - 2017-08-21 15:26 - 000000000 ____D C:\AdwCleaner
2017-08-19 17:33 - 2017-08-19 17:33 - 008185288 _____ (Malwarebytes) C:\Users\Daniel\Desktop\AdwCleaner.exe
2017-08-19 09:52 - 2017-08-25 08:19 - 002395648 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2017-08-19 09:49 - 2017-08-19 09:49 - 000001217 _____ C:\Users\Daniel\Desktop\MwbThreatScanLog.txt
2017-08-19 09:02 - 2017-08-19 09:02 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-19 09:01 - 2017-08-23 20:39 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-19 09:01 - 2017-08-19 09:24 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-19 09:01 - 2017-08-19 09:01 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-19 09:01 - 2017-08-19 09:01 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-19 08:59 - 2017-08-19 08:59 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-19 08:59 - 2017-08-19 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-19 08:59 - 2017-08-19 08:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-19 08:59 - 2017-08-19 08:59 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-19 08:59 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-14 15:27 - 2017-08-14 15:28 - 138971812 _____ C:\Users\Daniel\Desktop\PokeGo2.0r-39.ipa
2017-08-09 11:04 - 2017-08-09 11:04 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-08 18:38 - 2017-07-21 10:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-08 18:38 - 2017-07-21 10:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-08 18:38 - 2017-07-14 11:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-08 18:38 - 2017-07-14 11:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-08 18:38 - 2017-07-14 11:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-08 18:38 - 2017-07-14 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-08 18:38 - 2017-07-14 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-08 18:38 - 2017-07-14 11:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-08 18:38 - 2017-07-14 02:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-08 18:38 - 2017-07-14 01:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-08 18:38 - 2017-07-14 00:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-08 18:38 - 2017-07-13 22:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-08 18:38 - 2017-07-13 22:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-08 18:38 - 2017-07-08 11:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-08 18:38 - 2017-07-08 11:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-08 18:38 - 2017-07-07 11:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-08 18:38 - 2017-07-07 11:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-08 18:38 - 2017-07-07 11:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-08 18:38 - 2017-07-07 11:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-08 18:38 - 2017-07-01 09:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-08 18:38 - 2017-07-01 09:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-08 18:37 - 2017-07-29 10:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-08 18:37 - 2017-07-21 10:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-08 18:37 - 2017-07-21 10:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-08 18:37 - 2017-07-15 14:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-08 18:37 - 2017-07-15 13:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-08 18:37 - 2017-07-14 11:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-08 18:37 - 2017-07-14 11:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-08 18:37 - 2017-07-14 11:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-08 18:37 - 2017-07-14 11:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-08 18:37 - 2017-07-14 11:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-08 18:37 - 2017-07-14 11:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-08 18:37 - 2017-07-14 11:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-08 18:37 - 2017-07-14 11:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-08 18:37 - 2017-07-14 11:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-08 18:37 - 2017-07-14 11:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-08 18:37 - 2017-07-14 11:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-08 18:37 - 2017-07-14 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-08 18:37 - 2017-07-14 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-08 18:37 - 2017-07-14 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-08 18:37 - 2017-07-14 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-08 18:37 - 2017-07-14 10:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-08 18:37 - 2017-07-14 10:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-08 18:37 - 2017-07-14 10:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-08 18:37 - 2017-07-14 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-08 18:37 - 2017-07-14 03:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-08 18:37 - 2017-07-14 02:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-08 18:37 - 2017-07-14 02:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-08 18:37 - 2017-07-14 02:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-08 18:37 - 2017-07-14 02:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-08 18:37 - 2017-07-14 02:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-08 18:37 - 2017-07-14 02:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-08 18:37 - 2017-07-14 02:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-08 18:37 - 2017-07-14 02:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-08 18:37 - 2017-07-14 02:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-08 18:37 - 2017-07-14 02:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-08 18:37 - 2017-07-14 02:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-08 18:37 - 2017-07-14 02:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-08 18:37 - 2017-07-14 02:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-08 18:37 - 2017-07-14 02:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-08 18:37 - 2017-07-14 02:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-08 18:37 - 2017-07-14 01:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-08 18:37 - 2017-07-14 01:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-08 18:37 - 2017-07-14 01:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-08 18:37 - 2017-07-14 01:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-08 18:37 - 2017-07-14 01:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-08 18:37 - 2017-07-14 01:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-08 18:37 - 2017-07-14 01:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-08 18:37 - 2017-07-14 01:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-08 18:37 - 2017-07-14 01:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-08 18:37 - 2017-07-14 01:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-08 18:37 - 2017-07-14 01:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-08 18:37 - 2017-07-14 01:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-08 18:37 - 2017-07-14 00:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-08 18:37 - 2017-07-14 00:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-08 18:37 - 2017-07-13 23:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-08 18:37 - 2017-07-13 23:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-08 18:37 - 2017-07-13 22:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-08 18:37 - 2017-07-13 22:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-08 18:37 - 2017-07-13 22:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-08 18:37 - 2017-07-13 22:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-08 18:37 - 2017-07-13 22:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-08 18:37 - 2017-07-13 22:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-08 18:37 - 2017-07-13 22:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-08 18:37 - 2017-07-13 22:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-08 18:37 - 2017-07-13 22:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-08 18:37 - 2017-07-13 22:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-08 18:37 - 2017-07-13 22:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-08 18:37 - 2017-07-13 22:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-08 18:37 - 2017-07-13 22:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-08 18:37 - 2017-07-13 22:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-08 18:37 - 2017-07-13 22:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-08 18:37 - 2017-07-13 22:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-08 18:37 - 2017-07-13 22:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-08 18:37 - 2017-07-13 22:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-08 18:37 - 2017-07-13 22:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-08 18:37 - 2017-07-13 22:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-08 18:37 - 2017-07-13 22:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-08 18:37 - 2017-07-13 22:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-08 18:37 - 2017-07-13 22:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-08 18:37 - 2017-07-13 22:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-08 18:37 - 2017-07-13 22:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-08 18:37 - 2017-07-13 21:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-08 18:37 - 2017-07-13 21:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-08 18:37 - 2017-07-13 21:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-08 18:37 - 2017-07-07 11:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-08 18:37 - 2017-07-07 11:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-08 18:37 - 2017-07-07 11:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-08 18:37 - 2017-07-07 11:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-08 18:37 - 2017-07-07 11:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-08 18:37 - 2017-07-07 11:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 11:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-08 18:37 - 2017-07-07 11:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-08 18:37 - 2017-07-07 11:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-08 18:37 - 2017-07-07 11:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-08 18:37 - 2017-07-07 10:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-08 18:37 - 2017-07-07 10:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-08 18:37 - 2017-07-07 10:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-08 18:37 - 2017-07-07 10:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-08 18:37 - 2017-07-07 10:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-08 18:37 - 2017-07-07 10:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-08 18:37 - 2017-07-07 10:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-08 18:37 - 2017-07-07 10:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-08 18:37 - 2017-07-07 10:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-08 18:37 - 2017-07-07 10:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-08 18:37 - 2017-07-07 10:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-08 18:37 - 2017-07-07 10:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-08 18:37 - 2017-07-07 10:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-08 18:37 - 2017-07-07 10:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 10:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 10:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-08 18:37 - 2017-07-07 10:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-25 08:16 - 2009-07-14 00:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-25 08:16 - 2009-07-14 00:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-25 08:00 - 2012-07-27 17:30 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2017-08-23 21:15 - 2017-03-27 14:37 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-23 20:39 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-23 08:13 - 2012-07-28 12:49 - 000773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-08-23 08:13 - 2009-07-14 01:13 - 000773536 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-23 08:13 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-21 19:18 - 2012-08-31 20:16 - 000000000 ____D C:\Users\Daniel\Downloads\Need For Speed Most Wanted [PC]
2017-08-21 19:02 - 2012-07-28 14:31 - 000000000 ____D C:\Program Files (x86)\uTorrent
2017-08-19 18:51 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-08-19 17:37 - 2017-03-16 13:57 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-08-19 10:14 - 2014-01-30 18:44 - 000000000 ____D C:\FRST
2017-08-18 22:47 - 2012-07-27 01:09 - 000002398 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-18 22:47 - 2012-07-27 01:09 - 000002390 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2017-08-09 19:09 - 2017-03-22 15:26 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\discord
2017-08-09 11:30 - 2009-07-14 00:45 - 000414104 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-09 11:08 - 2013-08-15 02:28 - 000000000 ____D C:\Windows\system32\MRT
2017-08-09 11:04 - 2017-03-22 15:26 - 000002170 _____ C:\Users\Daniel\Desktop\Discord.lnk
2017-08-09 11:04 - 2012-09-09 04:03 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 11:03 - 2017-03-22 15:25 - 000000000 ____D C:\Users\Daniel\AppData\Local\Discord
2017-07-31 11:50 - 2012-08-01 18:45 - 000000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2017-07-30 09:38 - 2009-07-13 22:34 - 000000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2015-05-02 17:14 - 2015-05-24 20:35 - 000772849 _____ () C:\Users\Daniel\AppData\Roaming\daniel-p
2014-03-26 23:26 - 2014-03-26 23:26 - 000000013 _____ () C:\Users\Daniel\AppData\Roaming\log.dat
2012-10-04 23:13 - 2012-10-04 23:13 - 000000896 _____ () C:\Users\Daniel\AppData\Roaming\SynHosts.txt
2012-08-15 20:31 - 2012-08-15 20:31 - 000041472 ___SH () C:\Users\Daniel\AppData\Roaming\Thumbs.db
2012-07-27 21:55 - 2012-07-27 21:56 - 000004608 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 20:53 - 2016-01-24 20:27 - 000007607 _____ () C:\Users\Daniel\AppData\Local\resmon.resmoncfg
2013-01-13 15:07 - 2013-01-13 15:07 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-01-15 16:20 - 2016-01-15 16:20 - 000000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2017-07-26 21:08 - 2017-07-26 21:08 - 000740416 _____ (Oracle Corporation) C:\Users\Daniel\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-08-19 17:45 - 2017-08-19 17:45 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-21 19:47

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017

Ran by Daniel (25-08-2017 08:21:08)

Running from C:\Users\Daniel\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2012-07-27 04:41:42)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-181722827-57792355-565291125-500 - Administrator - Disabled)

Daniel (S-1-5-21-181722827-57792355-565291125-1001 - Administrator - Enabled) => C:\Users\Daniel

Guest (S-1-5-21-181722827-57792355-565291125-501 - Limited - Disabled) => C:\Users\Guest

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)

Aftermath version 1.0 (HKLM-x32\...\{024D0ADC-6846-4B7A-B12F-D571DF826068}}_is1) (Version: 1.0 - Free Reign Entertainment)

Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)

Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)

ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)

Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)

AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)

Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)

BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)

Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version:  - Treyarch)

Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)

Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version:  - Treyarch)

Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)

Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)

Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Discord (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)

Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)

Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)

Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Freemake Audio Converter version 1.1.3 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.3 - Ellora Assets Corporation)

From Dust (HKLM\...\Steam App 33460) (Version:  - Ubisoft Montpellier)

Google Chrome (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)

Guild Wars (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Guild Wars) (Version:  - )

Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)

Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)

H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)

H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)

HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.7.27.15 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden

Insaniquarium! Deluxe (HKLM\...\Steam App 3320) (Version:  - PopCap Games, Inc.)

iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)

Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)

Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)

MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Media View (HKLM-x32\...\MediaViewV1alpha1965) (Version: 1.1 - Media View) <==== ATTENTION

Media View (HKLM-x32\...\MediaViewV1alpha215) (Version: 1.1 - Media View) <==== ATTENTION

Media Viewer (HKLM-x32\...\MediaViewerV1alpha1126) (Version: 1.1 - Media Viewer) <==== ATTENTION

Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 2.0.0.16 - Symantec Corporation)

NVIDIA 3D Vision Controller Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

PlanetSide 2 (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)

Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Rich Media View (HKLM-x32\...\RichMediaViewV1release932) (Version: 1.1 - Rich Media View) <==== ATTENTION

Savage Lands (HKLM\...\Steam App 307880) (Version:  - Signal Studios)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.6.34 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )

Time Clickers (HKLM\...\Steam App 385770) (Version:  - Proton Studio Inc)

Town of Salem (HKLM\...\Steam App 334230) (Version:  - BlankMediaGames)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Unity Web Player (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Warhammer: End Times - Vermintide (HKLM-x32\...\Steam App 235540) (Version:  - Fatshark)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

HKU\S-1-5-21-181722827-57792355-565291125-1001\...\ChromeHTML: -> C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File

ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-10-23] (NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {04466F8C-184E-4130-8F8D-9AA985C90221} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)

Task: {050482AB-F035-4BAF-AA10-2321E87601AD} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2017-05-26] (Symantec Corporation)

Task: {1A5489B5-0FAD-46C1-9D85-86C40FEEAEDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)

Task: {30ECFBA3-EF76-49CC-8B8D-6B59E638C5C1} - System32\Tasks\Norton 360\Norton 360 Premier Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.9.4.8\SymErr.exe

Task: {3F675CDF-DB52-4800-9731-E52BE5562AE9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.9.4.8\WSCStub.exe

Task: {49FE4D14-0860-4CE1-8011-339FD6D9C9B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

Task: {6BE27C70-6670-4A02-962A-CF91A27F86D5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe

Task: {7A5F34C1-A7FA-40F3-B93E-7BAC8FD71B02} - System32\Tasks\Norton 360\Norton 360 Premier Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.9.4.8\SymErr.exe

Task: {C21ACA81-3C92-4CF3-AA36-13BDFDB4EB43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-181722827-57792355-565291125-1001UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {D397DAC0-25D4-4F69-98E9-3B71DF81D9CA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe

Task: {DDE9FCA6-2FB3-45AC-B1D6-B94243C5870E} - System32\Tasks\{0D405FDC-3464-4A0B-8CF7-06E48AF5F588} => C:\Program Files (x86)\Norton Internet Security\Engine64\19.8.0.14\uistub.exe

Task: {EB2DAFAD-A74F-4B70-9A88-45FBD6312883} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-181722827-57792355-565291125-1001Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-01-12 20:46 - 2011-04-02 20:05 - 000290304 _____ () C:\Windows\System32\HP1100LM.DLL

2013-01-12 20:46 - 2011-04-02 20:04 - 000074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2012-07-19 11:57 - 2013-10-23 04:20 - 000102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2013-06-15 18:48 - 2013-06-15 18:48 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll

2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll

2012-07-19 12:01 - 2009-05-07 04:51 - 000071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2012-07-19 12:01 - 2009-05-07 04:53 - 000379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2012-07-19 12:01 - 2008-01-18 02:50 - 000098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll

2012-07-19 12:01 - 2009-09-01 21:26 - 047601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll

2017-08-18 22:47 - 2017-08-11 03:40 - 003824472 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\60.0.3112.101\libglesv2.dll

2017-08-18 22:47 - 2017-08-11 03:40 - 000100184 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\60.0.3112.101\libegl.dll

2017-08-09 11:03 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\ffmpeg.dll

2017-03-27 14:37 - 2017-05-16 21:54 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2017-03-27 14:37 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll

2017-03-27 14:37 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2017-03-27 14:37 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2017-03-27 14:37 - 2017-07-17 20:33 - 002497824 _____ () C:\Program Files (x86)\Steam\video.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2017-03-27 14:37 - 2017-07-17 20:33 - 000884512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2017-03-27 14:37 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll

2017-08-09 11:03 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\libglesv2.dll

2017-08-09 11:03 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\libegl.dll

2017-08-19 17:42 - 2017-08-19 17:43 - 009601016 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node

2017-08-19 17:42 - 2017-08-19 17:42 - 001440248 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node

2017-08-23 21:15 - 2017-08-23 21:15 - 000148992 _____ () \\?\C:\Users\Daniel\AppData\Local\Temp\254B.tmp.node

2017-08-19 17:42 - 2017-08-19 17:42 - 002658296 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node

2017-08-19 17:43 - 2017-08-19 17:43 - 002673656 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node

2017-03-27 14:38 - 2017-07-06 13:58 - 073088800 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll

2017-06-14 12:02 - 2017-05-16 21:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll

2017-03-27 14:37 - 2017-07-17 20:33 - 000384288 _____ () C:\Program Files (x86)\Steam\steam.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\sony.com -> sony.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2017-03-21 11:58 - 000000035 ____N C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-181722827-57792355-565291125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\startupfolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.Startup

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SurfEasy => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [TCP Query User{616811EC-B8D7-40E5-A2DC-F1A17F45B08C}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe

FirewallRules: [UDP Query User{746E000F-C917-4317-8BDD-837DD845F11F}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe

FirewallRules: [TCP Query User{FF0C0C29-0C81-4A45-A1E3-C94D32A4B854}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{44A83173-7F21-4D1F-806F-1E9855FA020A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{939E823A-5297-48AE-8407-3C2D22A8F65F}C:\users\daniel\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\daniel\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [UDP Query User{146BD445-C0BC-4B93-8C60-FAFD86128E04}C:\users\daniel\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\daniel\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [{2F33F2E3-4C28-4F6F-801B-3077407847F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{6A1D9805-511F-4510-BB82-319F15A8CDCC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{CC7EE425-DCAB-4DDC-97A1-B7254CFCC294}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{C9F1F42D-7E22-4993-AAA8-AA26B1517F97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{5244004D-97F8-442E-9A92-49210F4B3FF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{4909A4AA-DFD7-4F4F-99F9-7EAF0CAB44ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

 

==================== Restore Points =========================

 

20-08-2017 22:07:36 Windows Backup

23-08-2017 08:09:04 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: ZAM Helper Driver

Description: ZAM Helper Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: ZAM

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: ZAM Guard Driver

Description: ZAM Guard Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: ZAM_Guard

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: BAPIDRV

Description: BAPIDRV

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: BAPIDRV

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: 

Description: 

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/25/2017 08:04:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (08/24/2017 05:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

 

Error: (08/24/2017 05:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8003

 

Error: (08/24/2017 05:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/24/2017 05:11:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

 

Error: (08/24/2017 05:11:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7005

 

Error: (08/24/2017 05:11:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/24/2017 05:11:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

 

Error: (08/24/2017 05:11:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6006

 

Error: (08/24/2017 05:11:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (08/23/2017 08:39:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Norton Safe Web Lite service failed to start due to the following error: 

The system cannot find the file specified.

 

Error: (08/23/2017 08:37:01 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

 

Error: (08/22/2017 06:12:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

 

Error: (08/21/2017 07:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

Error: (08/21/2017 07:19:19 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (08/21/2017 07:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

Error: (08/21/2017 07:19:18 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (08/21/2017 07:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

Error: (08/21/2017 07:19:18 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (08/21/2017 07:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

 

==================== Memory info =========================== 

 

Processor: AMD FX(tm)-6100 Six-Core Processor 

Percentage of memory in use: 44%

Total physical RAM: 8175.24 MB

Available physical RAM: 4556.83 MB

Total Virtual: 16348.67 MB

Available Virtual: 10357.1 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:596.84 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16AC9EBF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017

Ran by Daniel (25-08-2017 08:21:08)

Running from C:\Users\Daniel\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2012-07-27 04:41:42)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-181722827-57792355-565291125-500 - Administrator - Disabled)

Daniel (S-1-5-21-181722827-57792355-565291125-1001 - Administrator - Enabled) => C:\Users\Daniel

Guest (S-1-5-21-181722827-57792355-565291125-501 - Limited - Disabled) => C:\Users\Guest

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)

Aftermath version 1.0 (HKLM-x32\...\{024D0ADC-6846-4B7A-B12F-D571DF826068}}_is1) (Version: 1.0 - Free Reign Entertainment)

Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)

Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)

ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)

Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)

AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)

Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)

BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)

Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version:  - Treyarch)

Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)

Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version:  - Treyarch)

Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)

Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)

Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Discord (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)

Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)

Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)

Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Freemake Audio Converter version 1.1.3 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.3 - Ellora Assets Corporation)

From Dust (HKLM\...\Steam App 33460) (Version:  - Ubisoft Montpellier)

Google Chrome (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)

Guild Wars (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\Guild Wars) (Version:  - )

Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)

Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)

H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)

H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)

HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.7.27.15 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden

Insaniquarium! Deluxe (HKLM\...\Steam App 3320) (Version:  - PopCap Games, Inc.)

iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)

Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)

Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)

MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Media View (HKLM-x32\...\MediaViewV1alpha1965) (Version: 1.1 - Media View) <==== ATTENTION

Media View (HKLM-x32\...\MediaViewV1alpha215) (Version: 1.1 - Media View) <==== ATTENTION

Media Viewer (HKLM-x32\...\MediaViewerV1alpha1126) (Version: 1.1 - Media Viewer) <==== ATTENTION

Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 2.0.0.16 - Symantec Corporation)

NVIDIA 3D Vision Controller Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

PlanetSide 2 (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)

Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Rich Media View (HKLM-x32\...\RichMediaViewV1release932) (Version: 1.1 - Rich Media View) <==== ATTENTION

Savage Lands (HKLM\...\Steam App 307880) (Version:  - Signal Studios)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.6.34 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )

Time Clickers (HKLM\...\Steam App 385770) (Version:  - Proton Studio Inc)

Town of Salem (HKLM\...\Steam App 334230) (Version:  - BlankMediaGames)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Unity Web Player (HKU\S-1-5-21-181722827-57792355-565291125-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Warhammer: End Times - Vermintide (HKLM-x32\...\Steam App 235540) (Version:  - Fatshark)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

HKU\S-1-5-21-181722827-57792355-565291125-1001\...\ChromeHTML: -> C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File

ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-10-23] (NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {04466F8C-184E-4130-8F8D-9AA985C90221} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)

Task: {050482AB-F035-4BAF-AA10-2321E87601AD} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2017-05-26] (Symantec Corporation)

Task: {1A5489B5-0FAD-46C1-9D85-86C40FEEAEDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)

Task: {30ECFBA3-EF76-49CC-8B8D-6B59E638C5C1} - System32\Tasks\Norton 360\Norton 360 Premier Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.9.4.8\SymErr.exe

Task: {3F675CDF-DB52-4800-9731-E52BE5562AE9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.9.4.8\WSCStub.exe

Task: {49FE4D14-0860-4CE1-8011-339FD6D9C9B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

Task: {6BE27C70-6670-4A02-962A-CF91A27F86D5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe

Task: {7A5F34C1-A7FA-40F3-B93E-7BAC8FD71B02} - System32\Tasks\Norton 360\Norton 360 Premier Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.9.4.8\SymErr.exe

Task: {C21ACA81-3C92-4CF3-AA36-13BDFDB4EB43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-181722827-57792355-565291125-1001UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {D397DAC0-25D4-4F69-98E9-3B71DF81D9CA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe

Task: {DDE9FCA6-2FB3-45AC-B1D6-B94243C5870E} - System32\Tasks\{0D405FDC-3464-4A0B-8CF7-06E48AF5F588} => C:\Program Files (x86)\Norton Internet Security\Engine64\19.8.0.14\uistub.exe

Task: {EB2DAFAD-A74F-4B70-9A88-45FBD6312883} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-181722827-57792355-565291125-1001Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-01-12 20:46 - 2011-04-02 20:05 - 000290304 _____ () C:\Windows\System32\HP1100LM.DLL

2013-01-12 20:46 - 2011-04-02 20:04 - 000074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2012-07-19 11:57 - 2013-10-23 04:20 - 000102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2013-06-15 18:48 - 2013-06-15 18:48 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll

2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll

2012-07-19 12:01 - 2009-05-07 04:51 - 000071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2012-07-19 12:01 - 2009-05-07 04:53 - 000379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2012-07-19 12:01 - 2008-01-18 02:50 - 000098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll

2012-07-19 12:01 - 2009-09-01 21:26 - 047601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll

2017-08-18 22:47 - 2017-08-11 03:40 - 003824472 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\60.0.3112.101\libglesv2.dll

2017-08-18 22:47 - 2017-08-11 03:40 - 000100184 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\60.0.3112.101\libegl.dll

2017-08-09 11:03 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\ffmpeg.dll

2017-03-27 14:37 - 2017-05-16 21:54 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2017-03-27 14:37 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll

2017-03-27 14:37 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2017-03-27 14:37 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2017-03-27 14:37 - 2017-07-17 20:33 - 002497824 _____ () C:\Program Files (x86)\Steam\video.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2017-03-27 14:37 - 2016-01-27 03:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2017-03-27 14:37 - 2017-07-17 20:33 - 000884512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2017-03-27 14:37 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll

2017-08-09 11:03 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\libglesv2.dll

2017-08-09 11:03 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.298\libegl.dll

2017-08-19 17:42 - 2017-08-19 17:43 - 009601016 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node

2017-08-19 17:42 - 2017-08-19 17:42 - 001440248 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node

2017-08-23 21:15 - 2017-08-23 21:15 - 000148992 _____ () \\?\C:\Users\Daniel\AppData\Local\Temp\254B.tmp.node

2017-08-19 17:42 - 2017-08-19 17:42 - 002658296 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node

2017-08-19 17:43 - 2017-08-19 17:43 - 002673656 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node

2017-03-27 14:38 - 2017-07-06 13:58 - 073088800 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll

2017-06-14 12:02 - 2017-05-16 21:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll

2017-03-27 14:37 - 2017-07-17 20:33 - 000384288 _____ () C:\Program Files (x86)\Steam\steam.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-181722827-57792355-565291125-1001\...\sony.com -> sony.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2017-03-21 11:58 - 000000035 ____N C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-181722827-57792355-565291125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\startupfolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.Startup

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SurfEasy => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [TCP Query User{616811EC-B8D7-40E5-A2DC-F1A17F45B08C}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe

FirewallRules: [UDP Query User{746E000F-C917-4317-8BDD-837DD845F11F}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe

FirewallRules: [TCP Query User{FF0C0C29-0C81-4A45-A1E3-C94D32A4B854}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{44A83173-7F21-4D1F-806F-1E9855FA020A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{939E823A-5297-48AE-8407-3C2D22A8F65F}C:\users\daniel\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\daniel\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [UDP Query User{146BD445-C0BC-4B93-8C60-FAFD86128E04}C:\users\daniel\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\daniel\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [{2F33F2E3-4C28-4F6F-801B-3077407847F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{6A1D9805-511F-4510-BB82-319F15A8CDCC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{CC7EE425-DCAB-4DDC-97A1-B7254CFCC294}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{C9F1F42D-7E22-4993-AAA8-AA26B1517F97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{5244004D-97F8-442E-9A92-49210F4B3FF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{4909A4AA-DFD7-4F4F-99F9-7EAF0CAB44ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

 

==================== Restore Points =========================

 

20-08-2017 22:07:36 Windows Backup

23-08-2017 08:09:04 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: ZAM Helper Driver

Description: ZAM Helper Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: ZAM

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: ZAM Guard Driver

Description: ZAM Guard Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: ZAM_Guard

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: BAPIDRV

Description: BAPIDRV

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: BAPIDRV

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: 

Description: 

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/25/2017 08:04:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (08/24/2017 05:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

 

Error: (08/24/2017 05:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8003

 

Error: (08/24/2017 05:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/24/2017 05:11:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

 

Error: (08/24/2017 05:11:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7005

 

Error: (08/24/2017 05:11:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/24/2017 05:11:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

 

Error: (08/24/2017 05:11:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6006

 

Error: (08/24/2017 05:11:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (08/23/2017 08:39:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Norton Safe Web Lite service failed to start due to the following error: 

The system cannot find the file specified.

 

Error: (08/23/2017 08:37:01 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

 

Error: (08/22/2017 06:12:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

 

Error: (08/21/2017 07:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

Error: (08/21/2017 07:19:19 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (08/21/2017 07:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

Error: (08/21/2017 07:19:18 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (08/21/2017 07:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

Error: (08/21/2017 07:19:18 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (08/21/2017 07:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

 

==================== Memory info =========================== 

 

Processor: AMD FX(tm)-6100 Six-Core Processor 

Percentage of memory in use: 44%

Total physical RAM: 8175.24 MB

Available physical RAM: 4556.83 MB

Total Virtual: 16348.67 MB

Available Virtual: 10357.1 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:596.84 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16AC9EBF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Step # Scan with Zemana Anti-malware
    Download and install Zemana anti-malware from here. .

    • Double-click to run the software;
    • Click on the gear-icon on the top right portion to navigate to Settings
      • Click on Scan > put a tick on Create System Restore
      • Click on Advanced > put a tick on Check for Suspicious (root CA) Certificates
    • Click the home icon on top left and click on Scan
    • After scan finishes click on the report tab on the top right corner;
    • Choose the latest report by clicking on it and click on Open Report afterward.
    • Copy and Paste the contents of the report in your next reply.

Link to post
Share on other sites

RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Daniel [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/13/2017 19:21:54 (Duration : 02:21:13)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-05-02 23:10:27&v=15.0.1.2&pid=safeguard&sg=1&sap=hp|http://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-05-26 14:10:23&v=15.2.0.8&pid=safeguard&sg=1&sap=hp|http://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-05-26 14:10:23&v=15.3.0.11&pid=safeguard&sg=0&sap=hp|http://mysearch.avg.com/?cid={38D075A9-6ADE-445F-AF7A-7FFB7BDF96BD}&mid=91d9d76d5e8447d09d3781fe85846512-8755fd1575f6d8c5c2a796516b7805076352fff4&lang=en&ds=AVG&pr=fr&d=2013-08-26 15:31:50&v=15.6.1.2&pid=safeguard&sg=0&sap=hp] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EALX-009BA0 SCSI Disk Device +++++
--- User ---
[MBR] 5b2732cc8e2eb1ff37cbcf794d8ffb60
[BSP] 5c0378f0bf17ea877dcf9194a6639426 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.