My computer might be infected

[Kazuki]

I tried instaling Malwarebytes but kept getting infinity loop, so I opened a tread >

Was told that my computer might be infected and was pointed to here.

 

mb-check-results.zip

[kevinf80]

Hello Kazuki and welcome to the Malwarebytes Malware Removal Forum....

Please do not post zip files unless specifically asked for.... Thank you.

Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin...

[Kazuki]

I was told to post the zip file in the other thread. 
Here is the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by Forki (administrator) on FORKI-PC (31-10-2017 22:17:24)
Running from C:\Users\Forki\Downloads
Loaded Profiles: Forki (Available Profiles: Forki)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Forki\AppData\Roaming\uTorrent\uTorrent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(BitTorrent Inc.) C:\Users\Forki\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe
(BitTorrent Inc.) C:\Users\Forki\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM\...\Run: [SERVICE] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-31] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [ShutdownTime] => "C:\Program Files (x86)\ShutdownTime\ShutdownTime.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\Run: [uTorrent] => C:\Users\Forki\AppData\Roaming\uTorrent\uTorrent.exe [1982144 2017-09-29] (BitTorrent Inc.)
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\RunOnce: [mbam3AutoRunInstaller] => C:\Users\Forki\AppData\Local\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (3).exe [71535032 2017-10-31] (Malwarebytes ) <==== ATTENTION
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\MountPoints2: {22452fd7-9f35-11e4-a071-74d435ff1878} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\MountPoints2: {57008cb9-d1ef-11e4-a0bf-74d435ff1878} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\MountPoints2: {6bdeb51e-f431-11e5-81d5-74d435ff1878} - G:\SETUP.EXE
HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2017-10-30] () <==== ATTENTION
BootExecute: autocheck autochk * bootdeletebootdelete
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{2D207FEE-04A1-4DA7-97A6-DD8B8E858A27}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2D207FEE-04A1-4DA7-97A6-DD8B8E858A27}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130951105122452492&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130951105122462492&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1659470305-4037957700-2005133117-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-31] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-31] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-10-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-31] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-31] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-31] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-10-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-31] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-31] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 496a4j0f.default
FF DefaultProfile: 9iamq176.default
FF ProfilePath: C:\Users\Forki\AppData\Roaming\Zotero\Zotero\Profiles\496a4j0f.default [2016-01-13]
FF Extension: (No Name) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [not found]
FF ProfilePath: C:\Users\Forki\AppData\Roaming\Mozilla\Firefox\Profiles\9iamq176.default [2017-10-31]
FF Extension: (Copy Urls Expert) - C:\Users\Forki\AppData\Roaming\Mozilla\Firefox\Profiles\9iamq176.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2017-10-07]
FF Extension: (Adblock Plus) - C:\Users\Forki\AppData\Roaming\Mozilla\Firefox\Profiles\9iamq176.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Profile 4
CHR StartupUrls: Profile 4 -> "hxxp://www.facebook.com/","hxxp://www.searchnu.com/406","hxxp://www.google.com/"
CHR Profile: C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-31]
CHR Profile: C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-10-31]
CHR Extension: (Slides) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
CHR Extension: (Docs) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
CHR Extension: (Google Drive) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-23]
CHR Extension: (YouTube) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-23]
CHR Extension: (Advanced Font Settings) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2017-10-31]
CHR Extension: (ThemeBeta.com) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dgapacaaphnjgmcobfgjljpfkebhickc [2017-10-23]
CHR Extension: (Comtrade DigSig plugin) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dpfapjogmljlpglmpmkkmopacibdajgm [2017-10-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-23]
CHR Extension: (Video Downloader professional) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-10-23]
CHR Extension: (Sheets) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-23]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-23]
CHR Extension: (AdBlock) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-23]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-10-23]
CHR Extension: (Evernote Web) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2017-10-23]
CHR Extension: (Discord Screen Sharing) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lcbhdgefieegnkbopmgklhlpjjdgmbog [2017-10-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-10-23]
CHR Extension: (LINE) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\menkifleemblimdogmoihpfopnplikde [2017-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-23]
CHR Extension: (Gmail) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Forki\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-30]
CHR Profile: C:\Users\Forki\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-31]
CHR HKU\S-1-5-21-1659470305-4037957700-2005133117-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\Forki\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-31] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-31] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2848440 2015-07-04] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; C:\Users\Forki\Downloads\hitmanpro_x64.exe [11584088 2017-10-31] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-06] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-06] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-10-06] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2017-10-30] (Microsoft Corporation) [File not signed]
S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2016-04-01] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2016-04-01] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-01] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2017-04-01] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2017-04-01] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-10-06] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-08-19] (Razer, Inc.)
S2 uxpatch; C:\Windows\SysWOW64\drivers\uxpatch.sys [25448 2009-07-13] ()
S1 aswbidsdriver; \SystemRoot\system32\drivers\aswbidsdrivera.sys [X]
S0 aswbidsh; \SystemRoot\system32\drivers\aswbidsha.sys [X]
S0 aswblog; \SystemRoot\system32\drivers\aswbloga.sys [X]
S0 aswbuniv; \SystemRoot\system32\drivers\aswbuniva.sys [X]
S3 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; \SystemRoot\system32\drivers\aswRvrt.sys [X]
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S0 aswVmm; \SystemRoot\system32\drivers\aswVmm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-31 22:16 - 2017-10-31 22:17 - 002403328 _____ (Farbar) C:\Users\Forki\Downloads\FRST64.exe
2017-10-31 22:16 - 2017-10-31 22:16 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-10-31 22:16 - 2017-10-31 22:16 - 000000222 _____ C:\Windows\system32\bootdelete.lst
2017-10-31 22:13 - 2017-10-31 22:16 - 000000488 _____ C:\Windows\system32\.crusader
2017-10-31 22:10 - 2017-10-31 22:13 - 000000000 ____D C:\ProgramData\HitmanPro
2017-10-31 22:10 - 2017-10-31 22:10 - 011584088 _____ (SurfRight B.V.) C:\Users\Forki\Downloads\hitmanpro_x64.exe
2017-10-31 22:09 - 2017-10-31 22:10 - 000004742 _____ C:\Users\Forki\Desktop\Rkill.txt
2017-10-31 22:09 - 2017-10-31 22:09 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Forki\Downloads\rkill.exe
2017-10-31 22:05 - 2017-10-31 22:05 - 000002160 _____ C:\Users\Forki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-10-31 22:05 - 2017-10-31 22:05 - 000002104 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-10-31 22:05 - 2017-10-31 22:05 - 000002104 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-10-31 22:00 - 2017-10-31 22:00 - 000000000 ____D C:\Users\Forki\AppData\Roaming\AVAST Software
2017-10-31 21:59 - 2017-10-31 21:59 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-31 21:59 - 2017-10-31 21:59 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-31 21:59 - 2017-10-31 21:59 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-10-31 21:59 - 2017-10-31 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-10-31 21:58 - 2017-10-31 21:58 - 007161304 _____ (AVAST Software) C:\Users\Forki\Downloads\avast_free_antivirus_setup_online.exe
2017-10-31 21:58 - 2017-10-31 21:58 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-31 21:35 - 2017-10-31 21:35 - 002326984 _____ (Malwarebytes Corporation) C:\Users\Forki\Desktop\mb-check-3.1.8.1000 (1).exe
2017-10-31 21:35 - 2017-10-31 21:35 - 000052451 _____ C:\Users\Forki\Downloads\Addition.txt
2017-10-31 21:35 - 2017-10-31 21:35 - 000047556 _____ C:\Users\Forki\Desktop\mb-check-results.zip
2017-10-31 21:34 - 2017-10-31 22:17 - 000023156 _____ C:\Users\Forki\Downloads\FRST.txt
2017-10-31 21:34 - 2017-10-31 22:17 - 000000000 ____D C:\FRST
2017-10-31 19:04 - 2017-10-31 19:04 - 000000206 _____ C:\Users\Forki\Desktop\Emi.txt
2017-10-31 17:27 - 2017-10-31 17:27 - 004982912 _____ C:\Users\Forki\Desktop\Story board fixed.pptx
2017-10-31 17:23 - 2017-10-31 17:23 - 004611038 _____ C:\Users\Forki\Desktop\adsa.psd
2017-10-31 14:33 - 2017-10-31 14:33 - 000008126 _____ C:\Users\Forki\Downloads\trades.zip
2017-10-31 14:27 - 2017-10-31 14:27 - 000013305 _____ C:\Users\Forki\Downloads\ledgers.zip
2017-10-31 10:04 - 2017-10-31 10:04 - 000001602 _____ C:\Users\Forki\Downloads\chat.svg
2017-10-31 09:31 - 2017-10-31 22:05 - 000000000 ___RD C:\Users\Forki\OneDrive
2017-10-31 09:31 - 2017-10-31 22:05 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-10-31 09:31 - 2017-10-31 09:31 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-10-31 09:28 - 2017-10-31 09:31 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-31 09:28 - 2017-10-31 09:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-10-31 09:28 - 2017-10-31 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-10-31 09:26 - 2017-10-31 22:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-31 09:26 - 2017-10-31 09:26 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-31 08:58 - 2017-10-31 08:58 - 000209268 _____ C:\Users\Forki\Downloads\Office_2016_16.0.4229.1002_x86-x64_v2.8.torrent
2017-10-30 22:22 - 2017-10-30 22:23 - 001457365 _____ C:\Users\Forki\Desktop\Jurean_Storyboard_V3_Oct30_Graphics.pptx
2017-10-30 22:03 - 2017-10-30 22:03 - 000014032 _____ C:\Users\Forki\Downloads\Melissa_and_Joey_Season_4_HDTV_x264_PACK.torrent
2017-10-30 20:21 - 2017-10-31 08:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office2
2017-10-30 19:36 - 2017-10-30 19:35 - 000925184 _____ C:\Windows\expstart.exe
2017-10-30 19:35 - 2017-10-30 19:36 - 000000000 ____D C:\Windows\W7SOC
2017-10-30 19:35 - 2011-02-25 07:19 - 002871808 _____ (Microsoft Corporation) C:\Windows\explorer.backup.exe
2017-10-30 19:32 - 2017-10-30 19:32 - 000166099 _____ (Manuel Hoefs (Zottel)) C:\Users\Forki\Downloads\UltraUXThemePatcher_3.3.1.exe
2017-10-30 19:27 - 2017-10-30 19:27 - 004662612 _____ C:\Users\Forki\Downloads\Konobu remade.psd
2017-10-30 18:47 - 2017-10-30 18:48 - 029255661 _____ C:\Users\Forki\Downloads\sword_art_online_theme_for_windows_7_by_yorgash-d8fnuk6 (1).zip
2017-10-30 18:46 - 2017-10-30 18:46 - 000003270 _____ C:\Windows\System32\Tasks\{3332F196-827D-4C8B-875B-05F919F149CA}
2017-10-30 18:37 - 2017-10-30 18:37 - 000015877 _____ C:\Users\Forki\Downloads\Legit - Otaku order - 301017.xlsx
2017-10-29 17:56 - 2017-10-29 17:56 - 000002565 _____ C:\Users\Forki\Downloads\Popstar.Never.Stop.Never.Stopping.2016.BRRip.XviD.AC3-EVO.torrent
2017-10-29 17:50 - 2017-10-29 17:50 - 000111950 _____ C:\Users\Forki\Downloads\Ingrid.Goes.West.2017.BRRip.XviD.AC3-EVO.torrent
2017-10-29 11:34 - 2017-10-29 11:34 - 002241300 _____ C:\Users\Forki\Downloads\Pricing_with_market_power_web.pptx
2017-10-28 21:25 - 2017-10-28 21:25 - 000567808 _____ C:\Users\Forki\Downloads\part9.Pricing.ppt
2017-10-28 20:47 - 2017-10-28 20:47 - 000747234 _____ C:\Users\Forki\Downloads\Nicehash-testReport-TH (1).pdf
2017-10-28 20:43 - 2017-10-28 20:43 - 000576812 _____ C:\Users\Forki\Downloads\nicehash_mkebe.pdf
2017-10-27 12:34 - 2017-10-27 12:34 - 000073563 _____ C:\Users\Forki\Downloads\Predracun_st (2).pdf
2017-10-27 09:02 - 2017-10-27 09:02 - 000827634 _____ C:\Users\Forki\Downloads\Scan (1).pdf
2017-10-27 09:02 - 2017-10-27 09:02 - 000463624 _____ C:\Users\Forki\Downloads\Scan (2).pdf
2017-10-27 09:02 - 2017-10-27 09:02 - 000329047 _____ C:\Users\Forki\Downloads\Scan.pdf
2017-10-27 08:03 - 2017-10-27 08:03 - 000027874 _____ C:\Users\Forki\Downloads\Geographic location report (3).csv
2017-10-27 08:00 - 2017-10-27 08:00 - 000033282 _____ C:\Users\Forki\Downloads\Geographic location report (2).csv
2017-10-27 07:57 - 2017-10-27 07:57 - 000037566 _____ C:\Users\Forki\Downloads\Geographic location report (1).csv
2017-10-27 07:51 - 2017-10-27 07:51 - 000041698 _____ C:\Users\Forki\Downloads\Geographic location report.csv
2017-10-26 21:32 - 2017-10-26 21:32 - 000019680 _____ C:\Users\Forki\Downloads\Cars.2.2011.SLOSubs.BRRip.XviD-DrSi.torrent
2017-10-26 08:21 - 2017-10-26 08:21 - 002548713 _____ C:\Users\Forki\Downloads\Jurean_Storyboard_V2_Oct25.pptx
2017-10-26 07:28 - 2017-10-26 07:28 - 000073563 _____ C:\Users\Forki\Downloads\Predracun_st (1).pdf
2017-10-25 19:43 - 2017-10-25 19:43 - 000777375 _____ C:\Users\Forki\Downloads\IMB_2017_Costs_for_decision_making.pdf
2017-10-25 19:43 - 2017-10-25 19:43 - 000535953 _____ C:\Users\Forki\Downloads\IMB_2017_SEMINAR_costs_for_decision_making.pptx
2017-10-25 14:17 - 2017-10-25 14:17 - 000212813 _____ C:\Users\Forki\Downloads\LOGO-G-NAPIS.rar
2017-10-25 14:07 - 2017-10-25 14:07 - 000075992 _____ C:\Users\Forki\Downloads\Beaufort-Bold.ttf
2017-10-25 07:14 - 2010-11-21 04:24 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup
2017-10-25 07:14 - 2009-07-14 02:11 - 000245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup
2017-10-25 06:54 - 2017-10-25 06:54 - 000000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2017-10-24 15:00 - 2017-10-24 15:00 - 000006465 _____ C:\Users\Forki\Downloads\Microsoft_Office_Standard_2016_Volume_License_Edition_v15.14.torrent
2017-10-24 14:21 - 2017-10-24 14:21 - 595803532 _____ C:\Users\Forki\Downloads\GRAFIKA.psd
2017-10-24 07:44 - 2017-10-24 07:44 - 000018528 _____ C:\Users\Forki\Downloads\MAK.Kljuci.Windows.7.8.8.1.10.Office.2013.2016-ERiKC3000.torrent
2017-10-24 07:44 - 2017-10-24 07:44 - 000008625 _____ C:\Users\Forki\Downloads\Microsoft_Office_2016_Professional_Plus_16.0.4588.1000_September_2017__x86+x64__+_Activator.torrent
2017-10-24 07:42 - 2017-10-24 07:42 - 000419598 _____ C:\Users\Forki\Downloads\Adobe_Illustrator_CC_2017_v21.0.2.242__x86x64__Incl_Crack_+_Portable.torrent
2017-10-23 21:38 - 2017-10-23 21:38 - 000014435 _____ C:\Users\Forki\Downloads\Cars.2006.SloSubs.DVDRip.XviD.torrent
2017-10-23 19:24 - 2017-10-23 19:24 - 000012087 _____ C:\Users\Forki\Downloads\The_Emoji_Movie_2017_1080p_BluRay_x264_DRONES.torrent
2017-10-23 14:55 - 2017-10-23 14:55 - 000747234 _____ C:\Users\Forki\Downloads\Nicehash-testReport-TH.pdf
2017-10-23 07:19 - 2017-10-31 22:14 - 000000000 ____D C:\Users\Forki\AppData\LocalLow\uTorrent
2017-10-23 06:59 - 2017-10-25 07:06 - 000000000 ____D C:\Users\Forki\AppData\Roaming\zaav4vnwrme
2017-10-23 06:59 - 2017-10-25 07:06 - 000000000 ____D C:\Users\Forki\AppData\Roaming\fdfc2kuaaef
2017-10-23 06:59 - 2017-10-25 07:06 - 000000000 ____D C:\Users\Forki\AppData\Roaming\esgfujr5gse
2017-10-23 06:59 - 2017-10-23 07:31 - 000000000 ____D C:\Users\Forki\AppData\Local\kAUNCUkNWH
2017-10-23 06:59 - 2017-10-23 06:59 - 000000258 __RSH C:\Users\Forki\ntuser.pol
2017-10-23 06:58 - 2017-10-30 10:16 - 000000000 ____D C:\Windat
2017-10-23 06:58 - 2017-10-25 07:06 - 000000000 ____D C:\Users\Forki\AppData\Roaming\hkkzftkr4ul
2017-10-23 06:58 - 2017-10-23 07:31 - 000000000 ____D C:\Disk
2017-10-23 06:58 - 2017-10-23 06:58 - 000004886 __RSH C:\ProgramData\ntuser.pol
2017-10-23 06:57 - 2017-10-23 07:31 - 000000000 ____D C:\Users\Forki\AppData\Local\AdService
2017-10-23 06:57 - 2017-10-23 07:31 - 000000000 ____D C:\Applications
2017-10-23 06:57 - 2017-10-23 07:25 - 000000000 ____D C:\WinSys
2017-10-23 06:56 - 2017-10-23 06:56 - 000000000 ____D C:\Users\Forki\AppData\Local\AdvinstAnalytics
2017-10-22 20:32 - 2017-10-22 20:32 - 000006881 _____ C:\Users\Forki\Downloads\Cars.3.2017.HDRip.XviD.AC3-EVO.torrent
2017-10-21 18:14 - 2017-10-31 15:53 - 000000574 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2017-10-21 18:14 - 2017-10-21 18:14 - 000003130 _____ C:\Windows\System32\Tasks\Norton Product InstallerIdle
2017-10-21 18:03 - 2017-10-21 18:21 - 000000000 ____D C:\ProgramData\Norton
2017-10-21 18:03 - 2017-10-21 18:03 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-10-21 18:01 - 2017-10-21 18:01 - 000059924 _____ C:\Users\Forki\Documents\cc_20171021_190106.reg
2017-10-21 18:01 - 2017-10-21 18:01 - 000001364 _____ C:\Users\Forki\Documents\cc_20171021_190120.reg
2017-10-21 18:01 - 2017-10-21 18:01 - 000000746 _____ C:\Users\Forki\Documents\cc_20171021_190131.reg
2017-10-21 18:00 - 2017-10-21 18:00 - 000505152 _____ C:\Users\Forki\Documents\cc_20171021_190051.reg
2017-10-21 17:59 - 2017-10-21 17:59 - 000000000 ____D C:\Windows\pss
2017-10-21 17:33 - 2017-10-21 17:33 - 000000000 ____D C:\Users\Forki\AppData\Local\UnrealEngine
2017-10-21 17:33 - 2017-10-21 17:33 - 000000000 ____D C:\Users\Forki\AppData\Local\TslGame
2017-10-21 16:08 - 2017-10-21 16:08 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-10-21 16:08 - 2017-10-06 12:52 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-10-21 16:07 - 2017-10-09 13:20 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-10-21 16:07 - 2017-10-09 13:20 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 040237176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 036184000 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 035156600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 029228480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 023261256 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 019035344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 019008624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 018203456 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 016751224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-10-21 16:07 - 2017-10-06 14:32 - 013863000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 013251240 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 011777952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 010880672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 003807864 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 003346368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438792.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438792.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 001135280 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 001098360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 001030264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000981112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000932472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000171896 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000154392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000132256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-10-21 16:07 - 2017-10-06 14:32 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-10-21 16:07 - 2017-10-06 14:32 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-10-21 16:07 - 2017-10-06 14:32 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-10-21 11:02 - 2017-10-21 11:02 - 000178250 _____ C:\Users\Forki\Downloads\Document 3_1.pdf
2017-10-21 10:39 - 2017-10-21 10:39 - 000229910 _____ C:\Users\Forki\Downloads\Document 2_1.pdf
2017-10-21 10:34 - 2017-10-21 10:34 - 000508286 _____ C:\Users\Forki\Downloads\Document 1.pdf
2017-10-19 11:55 - 2017-10-19 11:55 - 000022503 _____ C:\Users\Forki\Downloads\menu-image.zip
2017-10-18 18:04 - 2017-10-18 18:04 - 000000000 ____D C:\Users\Public\Documents\uPlay
2017-10-18 15:53 - 2017-10-23 07:31 - 000001062 _____ C:\Users\Public\Desktop\South Park.lnk
2017-10-18 15:53 - 2017-10-18 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\South Park The Fractured But Whole
2017-10-18 15:47 - 2017-10-18 15:53 - 000000000 ____D C:\Program Files\South Park The Fractured But Whole
2017-10-17 07:18 - 2017-10-17 07:19 - 009194875 _____ C:\Users\Forki\Downloads\UVI presentation Light.pptx
2017-10-16 17:27 - 2017-10-18 10:52 - 000000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2017-10-16 17:27 - 2017-10-16 17:27 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Apple Computer
2017-10-16 17:27 - 2017-10-16 17:27 - 000000000 ____D C:\Users\Forki\AppData\Local\Apple Computer
2017-10-16 17:27 - 2017-10-16 17:27 - 000000000 ____D C:\Users\Forki\AppData\Local\Apple
2017-10-16 17:27 - 2017-10-16 17:27 - 000000000 ____D C:\ProgramData\Apple Computer
2017-10-16 17:22 - 2003-03-18 20:20 - 001060864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-10-16 17:22 - 2001-08-17 21:43 - 000024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2017-10-16 17:19 - 2017-10-18 11:12 - 000000000 ____D C:\Users\Public\Documents\Audible
2017-10-16 17:19 - 2017-10-16 17:22 - 000000000 ____D C:\Program Files (x86)\Audible
2017-10-16 17:19 - 2017-10-16 17:19 - 000000000 ____D C:\Users\Forki\Documents\Audible
2017-10-16 07:36 - 2017-10-16 07:36 - 000090624 _____ C:\Users\Forki\Downloads\Медиаплан LegitMarketing.xls
2017-10-13 11:17 - 2017-10-13 11:17 - 000652219 _____ C:\Users\Forki\Downloads\Fifa2018 (3).pptx
2017-10-13 11:17 - 2017-10-13 11:17 - 000652219 _____ C:\Users\Forki\Downloads\Fifa2018 (2).pptx
2017-10-13 10:17 - 2017-10-13 10:17 - 000002307 _____ C:\Users\Forki\Downloads\tool (1).svg
2017-10-13 09:43 - 2017-10-13 09:43 - 000652219 _____ C:\Users\Forki\Downloads\Fifa2018 (1).pptx
2017-10-13 09:42 - 2017-10-13 09:42 - 000652219 _____ C:\Users\Forki\Downloads\Fifa2018.pptx
2017-10-13 09:41 - 2017-10-13 09:41 - 000008379 _____ C:\Users\Forki\Downloads\FIFA18-TS-UVI-GS.odt
2017-10-12 14:48 - 2017-10-12 14:48 - 000073563 _____ C:\Users\Forki\Downloads\Predracun_st.pdf
2017-10-12 13:51 - 2017-10-12 13:51 - 000013787 _____ C:\Users\Forki\Downloads\Счет петров.xlsx
2017-10-12 08:06 - 2017-10-12 08:06 - 000081100 _____ C:\Users\Forki\Downloads\nexa.zip
2017-10-11 09:36 - 2017-10-11 09:36 - 000405756 _____ C:\Users\Forki\Downloads\logo (1).ai
2017-10-11 09:35 - 2017-10-11 09:35 - 002918289 _____ C:\Users\Forki\Downloads\logo.psd
2017-10-11 09:35 - 2017-10-11 09:35 - 001843634 _____ C:\Users\Forki\Downloads\logo (1).eps
2017-10-11 07:30 - 2017-10-11 07:30 - 000435858 _____ C:\Users\Forki\Downloads\logo (3).pdf
2017-10-10 19:04 - 2017-10-10 19:04 - 000426835 _____ C:\Users\Forki\Downloads\logo (2).pdf
2017-10-10 14:56 - 2017-10-10 14:56 - 001224748 _____ C:\Users\Forki\Downloads\Nicehash Mediaplan.xlsx
2017-10-10 13:38 - 2017-10-10 13:38 - 002109070 _____ C:\Users\Forki\Downloads\logo.eps
2017-10-10 13:38 - 2017-10-10 13:38 - 000426835 _____ C:\Users\Forki\Downloads\logo.pdf
2017-10-10 13:38 - 2017-10-10 13:38 - 000426835 _____ C:\Users\Forki\Downloads\logo (1).pdf
2017-10-10 13:38 - 2017-10-10 13:38 - 000400322 _____ C:\Users\Forki\Downloads\logo.ai
2017-10-10 11:33 - 2017-10-10 11:33 - 000004680 _____ C:\Users\Forki\Downloads\Customers_Export.csv
2017-10-09 10:36 - 2017-10-09 10:36 - 000029107 _____ C:\Users\Forki\Downloads\PlayGround_Price_2017_New (1).xlsx
2017-10-09 10:17 - 2017-10-09 10:17 - 000029107 _____ C:\Users\Forki\Downloads\PlayGround_Price_2017_New.xlsx
2017-10-09 10:16 - 2017-10-09 10:16 - 043777028 _____ C:\Users\Forki\Downloads\Oglasevanje_grafika.psd
2017-10-09 07:45 - 2017-10-09 07:45 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2017-10-09 07:45 - 2017-10-09 07:45 - 000000000 ____D C:\Users\Forki\AppData\Local\synology-note-station
2017-10-09 07:45 - 2017-10-09 07:45 - 000000000 ____D C:\Users\Forki\AppData\Local\NoteStation
2017-10-05 18:31 - 2017-10-05 18:31 - 001530049 _____ C:\Users\Forki\Downloads\Povpraševanje-o-sodelovanju.pdf
2017-10-04 13:49 - 2017-10-04 13:49 - 000087094 _____ C:\Users\Forki\Downloads\SI1760006344568 (1).pdf
2017-10-04 13:48 - 2017-10-04 13:48 - 000087094 _____ C:\Users\Forki\Downloads\SI1760006344568.pdf
2017-10-04 09:46 - 2017-10-04 09:46 - 000002307 _____ C:\Users\Forki\Downloads\tool.svg
2017-10-03 07:57 - 2017-10-03 07:57 - 000000000 ____D C:\Users\Forki\AppData\Roaming\PDAppFlex
2017-10-02 20:38 - 2017-10-02 20:38 - 000000000 ____D C:\ProgramData\Google
2017-10-02 16:35 - 2017-10-02 16:35 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Sublime Text 3
2017-10-02 16:35 - 2017-10-02 16:35 - 000000000 ____D C:\Users\Forki\AppData\Local\Sublime Text 3
2017-10-02 16:34 - 2017-10-23 07:31 - 000000930 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2017-10-02 16:34 - 2017-10-02 16:34 - 000000000 ____D C:\Program Files\Sublime Text 3
2017-10-02 14:22 - 2017-10-02 14:22 - 000026064 _____ C:\Users\Forki\Downloads\ZemestroStd.otf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-31 22:17 - 2015-01-13 16:33 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Skype
2017-10-31 22:16 - 2015-01-13 17:36 - 000000000 ____D C:\Users\Forki\AppData\Roaming\uTorrent
2017-10-31 22:16 - 2015-01-13 07:41 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-31 22:14 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-31 22:13 - 2015-10-05 12:59 - 000000000 ____D C:\Program Files\Controller
2017-10-31 22:02 - 2015-01-13 16:29 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-31 21:59 - 2015-09-17 11:50 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-31 21:57 - 2015-03-29 23:54 - 000000388 _____ C:\Windows\Tasks\update-sys.job
2017-10-31 21:12 - 2009-07-14 05:45 - 000029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-31 21:12 - 2009-07-14 05:45 - 000029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-31 21:11 - 2009-07-14 06:13 - 000006560 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-31 20:42 - 2017-09-04 16:06 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Slack
2017-10-31 20:42 - 2017-04-29 08:30 - 005209912 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-31 19:13 - 2015-03-29 23:54 - 000000388 _____ C:\Windows\Tasks\update-S-1-5-21-1659470305-4037957700-2005133117-1000.job
2017-10-31 18:12 - 2017-06-03 17:49 - 000001456 _____ C:\Users\Forki\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-10-31 17:22 - 2015-01-13 08:16 - 000000000 ____D C:\Users\Forki\AppData\Local\Microsoft Help
2017-10-31 14:18 - 2017-09-27 08:42 - 000000000 ____D C:\Users\Forki\Documents\Outlook Files
2017-10-31 09:47 - 2017-04-26 07:01 - 000142072 _____ C:\Users\Forki\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-31 09:31 - 2015-01-13 07:04 - 000000000 ____D C:\Users\Forki
2017-10-31 09:30 - 2015-01-13 16:52 - 000000000 ____D C:\Users\Forki\AppData\Roaming\vlc
2017-10-31 09:28 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-31 08:54 - 2015-01-13 16:48 - 000000000 ____D C:\Users\Forki\AppData\Local\CrashDumps
2017-10-31 08:52 - 2017-04-01 09:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-31 08:52 - 2015-01-13 08:16 - 000000000 ____D C:\Program Files\Microsoft Office
2017-10-31 08:52 - 2011-04-12 09:28 - 000000000 ____D C:\Windows\ShellNew
2017-10-31 08:52 - 2009-07-14 03:34 - 000000387 _____ C:\Windows\win.ini
2017-10-31 02:00 - 2015-01-13 08:24 - 000000000 ____D C:\Users\Forki\AppData\Local\Adobe
2017-10-30 20:35 - 2017-09-14 10:14 - 000000000 ____D C:\Users\Forki\AppData\Local\mpress
2017-10-30 19:35 - 2010-11-21 04:24 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-30 19:35 - 2009-07-14 00:39 - 000245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2017-10-30 19:32 - 2010-11-21 04:23 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-30 19:32 - 2009-07-14 00:55 - 000332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2017-10-30 19:32 - 2009-07-14 00:54 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2017-10-30 10:16 - 2015-01-13 08:17 - 000000000 ____D C:\Windows\PCHEALTH
2017-10-26 23:05 - 2015-10-05 13:07 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-26 09:07 - 2015-01-13 16:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-26 09:07 - 2015-01-13 16:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-26 09:07 - 2015-01-13 16:36 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-26 09:07 - 2015-01-13 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-26 09:07 - 2015-01-13 16:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-24 09:06 - 2017-09-21 14:04 - 000000033 _____ C:\Users\Forki\AppData\Roaming\AdobeWLCMCache.dat
2017-10-24 07:56 - 2015-01-13 18:13 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-10-23 20:21 - 2015-01-13 07:41 - 000000000 ____D C:\Users\Forki\AppData\Local\NVIDIA
2017-10-23 07:47 - 2017-08-09 18:35 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-10-23 07:31 - 2017-09-26 13:49 - 000001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-10-23 07:31 - 2017-09-21 14:01 - 000002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2017-10-23 07:31 - 2017-09-15 10:57 - 000000636 _____ C:\Users\Forki\Desktop\LEGIT.lnk
2017-10-23 07:31 - 2017-06-04 16:33 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-10-23 07:31 - 2017-04-01 09:56 - 000001265 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-10-23 07:31 - 2017-04-01 09:53 - 000002065 _____ C:\Users\Forki\Desktop\The Sims.lnk
2017-10-23 07:31 - 2017-01-07 11:44 - 000002036 _____ C:\Users\Forki\Desktop\Legacy of the Duelist.lnk
2017-10-23 07:31 - 2016-11-23 21:52 - 000001975 _____ C:\Users\Forki\Desktop\Yu-Gi-Oh! Online.lnk
2017-10-23 07:31 - 2016-11-22 22:24 - 000000682 _____ C:\Users\Forki\Desktop\Crap Winter.lnk
2017-10-23 07:31 - 2016-11-07 08:16 - 000000724 _____ C:\Users\Forki\Desktop\Crap Poletje 2016.lnk
2017-10-23 07:31 - 2016-03-20 15:27 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-23 07:31 - 2016-01-18 18:14 - 000000826 _____ C:\Users\Forki\Desktop\Spletna Stran.lnk
2017-10-23 07:31 - 2016-01-18 18:14 - 000000819 _____ C:\Users\Forki\Desktop\All The Crap.lnk
2017-10-23 07:31 - 2016-01-18 18:14 - 000000805 _____ C:\Users\Forki\Desktop\Crap Jesen.lnk
2017-10-23 07:31 - 2015-12-26 22:38 - 000000702 _____ C:\Users\Forki\Desktop\Playstation Portable.lnk
2017-10-23 07:31 - 2015-12-20 19:57 - 000001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2017-10-23 07:31 - 2015-12-10 20:03 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Nesstar Publisher.lnk
2017-10-23 07:31 - 2015-11-04 16:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-10-23 07:31 - 2015-10-09 19:16 - 000000080 _____ C:\Users\Forki\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2017-10-23 07:31 - 2015-07-21 14:51 - 000001654 _____ C:\Users\Forki\Desktop\Pokémon TCG.lnk
2017-10-23 07:31 - 2015-04-16 08:50 - 000001917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
2017-10-23 07:31 - 2015-03-28 15:41 - 000001396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-10-23 07:31 - 2015-02-21 04:07 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-10-23 07:31 - 2015-02-21 00:23 - 000001390 _____ C:\Users\Forki\Desktop\OBS.lnk
2017-10-23 07:31 - 2015-01-28 17:27 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2017-10-23 07:31 - 2015-01-13 18:19 - 000001794 _____ C:\Users\Forki\Desktop\PhotoShop.lnk
2017-10-23 07:31 - 2015-01-13 07:04 - 000001393 _____ C:\Users\Forki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-23 07:31 - 2014-12-11 20:40 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-10-23 07:31 - 2014-12-11 20:40 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-10-23 07:31 - 2009-07-14 06:01 - 000001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-10-23 07:31 - 2009-07-14 05:57 - 000001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-10-23 07:31 - 2009-07-14 05:57 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-10-23 07:31 - 2009-07-14 05:57 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-10-23 07:31 - 2009-07-14 05:54 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-10-23 07:31 - 2009-07-14 05:49 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-10-23 07:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system
2017-10-23 07:25 - 2016-09-16 09:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SETCCE proXSign
2017-10-23 07:19 - 2015-01-13 08:43 - 000000000 ____D C:\Users\Forki\AppData\Roaming\foobar2000
2017-10-23 07:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\L2Schemas
2017-10-23 07:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\IME
2017-10-23 07:08 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\addins
2017-10-23 06:58 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-10-21 18:02 - 2017-04-19 18:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-21 17:57 - 2015-02-21 04:04 - 000000000 ____D C:\Program Files\CCleaner
2017-10-21 17:33 - 2015-01-13 07:42 - 000000000 ____D C:\Users\Forki\AppData\Local\NVIDIA Corporation
2017-10-21 17:32 - 2015-01-13 07:49 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-21 17:19 - 2017-05-06 02:21 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-10-21 16:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-10-21 16:10 - 2015-01-13 07:40 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-21 16:09 - 2017-07-27 13:43 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:09 - 2017-04-01 12:02 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:08 - 2017-04-01 12:02 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:08 - 2017-04-01 12:02 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:08 - 2017-04-01 12:02 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:08 - 2017-04-01 12:02 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:08 - 2017-04-01 12:02 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:08 - 2017-04-01 12:02 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 16:08 - 2017-03-26 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-10-21 16:08 - 2015-01-13 18:17 - 000000000 ____D C:\Users\Forki\AppData\Roaming\NVIDIA
2017-10-21 16:08 - 2015-01-13 07:40 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-21 16:08 - 2015-01-13 07:39 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-18 18:04 - 2015-06-15 17:43 - 000000000 ____D C:\Users\Forki\Documents\My Games
2017-10-18 11:33 - 2016-05-09 13:30 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Hola
2017-10-18 11:33 - 2015-02-15 02:45 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Octoshape
2017-10-18 10:56 - 2016-10-29 09:36 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-10-18 10:54 - 2015-01-15 00:45 - 000000000 ____D C:\ProgramData\Apple
2017-10-18 01:09 - 2017-09-04 16:10 - 000000000 ____D C:\Users\Forki\AppData\Local\slack
2017-10-18 01:09 - 2017-09-04 16:06 - 000000000 ____D C:\Users\Forki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-10-18 01:09 - 2017-09-04 16:06 - 000000000 ____D C:\Users\Forki\AppData\Local\SquirrelTemp
2017-10-16 07:19 - 2017-09-21 13:59 - 000000000 ___RD C:\Users\Forki\Creative Cloud Files
2017-10-16 07:17 - 2017-04-01 09:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-11 08:50 - 2017-04-01 09:56 - 000000000 ____D C:\Users\Forki\AppData\LocalLow\Mozilla
2017-10-11 08:39 - 2016-03-15 20:59 - 000000112 _____ C:\Users\Forki\AppData\Roaming\JP2K CS6 Prefs
2017-10-09 13:20 - 2015-01-28 17:56 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-10-06 14:32 - 2017-07-27 13:42 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-10-06 14:32 - 2017-07-27 13:42 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-10-06 14:32 - 2017-04-01 12:03 - 001923008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-10-06 14:32 - 2017-04-01 12:03 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-10-06 14:32 - 2017-04-01 12:03 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-10-06 14:32 - 2017-04-01 12:03 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-10-06 14:32 - 2017-04-01 12:03 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-10-06 14:32 - 2017-04-01 12:02 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-10-06 14:32 - 2017-04-01 12:02 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-10-06 14:32 - 2017-03-26 22:18 - 003796960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-10-06 14:32 - 2017-03-26 22:18 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-10-06 14:32 - 2015-01-13 07:40 - 021738976 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-10-06 14:32 - 2015-01-13 07:40 - 015024912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-10-06 14:32 - 2015-01-13 07:40 - 004283120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-10-06 14:32 - 2015-01-13 07:40 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2017-10-06 12:44 - 2017-03-26 22:19 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-10-06 12:44 - 2017-03-26 22:19 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-10-06 12:44 - 2015-01-13 07:40 - 005960312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-10-06 12:44 - 2015-01-13 07:40 - 002587584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-10-06 12:44 - 2015-01-13 07:40 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-10-06 12:44 - 2015-01-13 07:40 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-10-06 12:44 - 2015-01-13 07:40 - 000122816 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-10-04 12:11 - 2015-01-13 17:04 - 000000000 ____D C:\Users\Forki\AppData\Roaming\OBS

==================== Files in the root of some directories =======

2015-01-13 18:46 - 2015-12-15 23:05 - 000000132 _____ () C:\Users\Forki\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-09-21 14:04 - 2017-10-24 09:06 - 000000033 _____ () C:\Users\Forki\AppData\Roaming\AdobeWLCMCache.dat
2015-09-17 11:44 - 2015-09-17 11:45 - 000007636 _____ () C:\Users\Forki\AppData\Roaming\ICARE.LOG
2016-03-15 20:59 - 2017-10-11 08:39 - 000000112 _____ () C:\Users\Forki\AppData\Roaming\JP2K CS6 Prefs
2017-06-03 17:49 - 2017-10-31 18:12 - 000001456 _____ () C:\Users\Forki\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-25 10:26 - 2016-04-25 10:44 - 000000861 _____ () C:\Users\Forki\AppData\Local\SilvesterPeliasUserSettings.xml
2015-03-29 23:54 - 2015-03-29 23:54 - 000000003 _____ () C:\Users\Forki\AppData\Local\updater.log
2015-03-29 23:54 - 2017-05-06 22:42 - 000000425 _____ () C:\Users\Forki\AppData\Local\UserProducts.xml
2016-02-16 19:34 - 2016-02-16 19:34 - 000048010 _____ () C:\ProgramData\1455646788.bdinstall.bin
2015-01-14 23:57 - 2015-01-14 23:57 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Forki\AppData\Local\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (3).exe

Some files in TEMP:
====================
2017-10-31 20:45 - 2017-10-04 17:20 - 000863696 _____ (Malwarebytes) C:\Users\Forki\AppData\Local\Temp\mb-clean.exe
2017-10-31 21:05 - 2017-10-31 21:04 - 071535032 _____ (Malwarebytes                                                ) C:\Users\Forki\AppData\Local\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (3).exe
2017-10-31 20:45 - 2017-10-31 20:45 - 071535032 _____ (Malwarebytes                                                ) C:\Users\Forki\AppData\Local\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-30 15:06

==================== End of FRST.txt ============================

Addition.txt

[kevinf80]

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Malwarebytes version 3 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... To get the log from Malwarebytes do the following:   Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system.... 32 Bit version: https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en 64 Bit version: https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply, also tell me if there are any remaining issues or concerns.... Thank you, Kevin

 

fixlist.txt

[Kazuki]

I still get the same problem with infinite loop when trying to install the program.

 

Fixlog.txt

[kevinf80]

Very odd, I shift the autorun entry for Malwarebytes which is causing the loop.... run frst again please..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

 

[Kazuki]

When I ran Malicious Software Removal Tool it said there are no malicious things on my computer. 

Same goes for ADW cleaner.

[kevinf80]

That is good, run FRST again and post fresh logs...

[Kazuki]

Here are the new logs

Addition.txt

FRST.txt

[kevinf80]

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Is auto loop for Malwarebytes gone...?

 

fixlist.txt

[Kazuki]

Did that and I am still getting the loop.

Added Fixlog as well

Fixlog.txt

[kevinf80]

This is very odd, where do you get Malwarebytes Installer from...  Please follow these instructions for a Clean install....

Totally Remove Malwarebytes from your system: Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop..   Double-click mb-clean.exe to run it A prompt to confirm the cleanup will appear, select Yes or No Yes - will proceed with the cleanup process <---- Select this option to start the tool No - will exit the utility The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes. Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot We recommend an immediate reboot <--- Do Not miss out this step Suppressing the reboot may result in an incomplete cleanup Upon reboot Malwarebytes will be totally removed from your system To re-install Malwarebytes: Download Malwarebytes version 3 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/   Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

[Kazuki]

Still the same problem.

All I got now was a status repair from Windows once my computer restarted for the 2nd time.

[Kazuki]

Here is the MB clean report

mb-clean-results.txt

[kevinf80]

I want you to set up your system for a "Clean Boot" that is all none Microsoft Services (system services) disabled. So have Malwarebytes Installer on your Desktop or the folder you save to, then reboot cleanly, try to install Malwarebytes again...

Full instructions for clean boot are at the following link, expand the option for your version of Windows:

https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

All none system services should be disabled, lets see if Malwarebytes install completes in that mode...

[Kazuki]

Tried it and still the same thing...

[kevinf80]

Reset your system back to Normal mode, instructions at the same link for clean boot mode...

Next,

Please download Gmer from Here by clicking on the "Download EXE" Button.   Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Show All ( should be unchecked by default )   Leave everything else as it is. Close all other running Programs as well as your Browsers. Click the Scan button & wait for it to finish. Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop. Please post the content of the ark.txt here. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries **If GMER crashes** Follow the instructions here and disable your security temporarily…

[Kazuki]

Here are the results:

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-11-01 00:36:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006c INTEL___ rev.DC32 111,79GB
Running: 9btzhwwt.exe; Driver: C:\Users\Forki\AppData\Local\Temp\pgloypoc.sys

---- User code sections - GMER 2.2 ----

.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  0000000076a31465 2 bytes [A3, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                 0000000076a314bb 2 bytes [A3, 76]
.text  ...                                                                                                                                                                                             * 2

---- User IAT/EAT - GMER 2.2 ----

IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??2@YAPEAX_K@Z]                                                                                            [a] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscpy_s]                                                                                                  [80020004] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscat_s]                                                                                                  [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??_V@YAXPEAX@Z]                                                                                            [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!malloc]                                                                                                    [6563786556413f2e] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!free]                                                                                                      [40406e6f697470] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcsncpy_s]                                                                                                 [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__CxxFrameHandler3]                                                                                        [69676f6c56413f2e] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_XcptFilter]                                                                                               [40726f7272655f63] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_initterm]                                                                                                 [4040647473] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_unlock]                                                                                                   [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__dllonexit]                                                                                               [676e656c56413f2e] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_lock]                                                                                                     [726f7272655f6874] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_onexit]                                                                                                   [404064747340] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_errno]                                                                                                    [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ]                                                                                     [5f74756f56413f2e] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!memcpy_s]                                                                                                  [65676e61725f666f] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??3@YAXPEAX@Z]                                                                                             [404064747340] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenServiceW]                                                                                            [10000000000] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenSCManagerW]                                                                                          [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!CloseServiceHandle]                                                                                      [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegSetValueExW]                                                                                          [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCloseKey]                                                                                             [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegEnumKeyExW]                                                                                           [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegOpenKeyExW]                                                                                           [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegDeleteValueW]                                                                                         [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegQueryInfoKeyW]                                                                                        [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCreateKeyExW]                                                                                         [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!QueryServiceStatus]                                                                                      [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentThreadId]                                                                                      [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetTickCount]                                                                                            [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!QueryPerformanceCounter]                                                                                 [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!Sleep]                                                                                                   [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcessId]                                                                                     [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetVersionExA]                                                                                           [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!lstrcmpiW]                                                                                               [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetSystemTimeAsFileTime]                                                                                 [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!TerminateProcess]                                                                                        [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcess]                                                                                       [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!UnhandledExceptionFilter]                                                                                [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SetUnhandledExceptionFilter]                                                                             [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlVirtualUnwind]                                                                                        [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlLookupFunctionEntry]                                                                                  [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlCaptureContext]                                                                                       [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!OutputDebugStringA]                                                                                      [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetLastError]                                                                                            [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FindResourceW]                                                                                           [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FreeLibrary]                                                                                             [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryExW]                                                                                          [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleHandleW]                                                                                        [ffffffffffffffff] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryW]                                                                                            [ffffad5f2d9b4e8d] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SizeofResource]                                                                                          [11d16528b62f5910] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleFileNameW]                                                                                      [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetProcAddress]                                                                                          [437d690] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemFree]                                                                                              [455f584356413f2e] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!StringFromGUID2]                                                                                            [6e6f697470656378] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemRealloc]                                                                                           [4040] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!UnregisterClassA]                                                                                          [0] 
IAT    C:\Windows\system32\svchost.exe[948] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!CharNextW]                                                                                                 [0] 

---- Registry - GMER 2.2 ----

Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Forki\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 2.2 ----
 

[kevinf80]

There is no obvious malware or infection left on your system according to the latest scans we`ve completed... One mor AV scan by ESET, this is a very thorough scan and can take several hours to complete depending on size of your system, amount of data etc etc......

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop. Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how Right click on and select "Run as Administrator" In the new Window accept the terms of service In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings" In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan" In the new Window new virus database signatures will download, Do Not Select Stop The Window will progress showing the scan in action.... In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply... If threats are found the following Window will open: Click on "Select All" then "Save to Text file" name and save that file, attach to your reply. Now select "Do not clean" and then close out....   Thank you,   Kevin...

[Kazuki]

Did it. It found quite a lot of threats.

Report.txt

[Kazuki]

1 hour ago, kevinf80 said:

There is no obvious malware or infection left on your system according to the latest scans we`ve completed... One mor AV scan by ESET, this is a very thorough scan and can take several hours to complete depending on size of your system, amount of data etc etc......

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop. Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how Right click on and select "Run as Administrator" In the new Window accept the terms of service In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings" In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan" In the new Window new virus database signatures will download, Do Not Select Stop The Window will progress showing the scan in action.... In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply... If threats are found the following Window will open: Click on "Select All" then "Save to Text file" name and save that file, attach to your reply. Now select "Do not clean" and then close out....   Thank you,   Kevin...

 

[kevinf80]

The majority of those found entries are already in quarantine so are quite safe, the remaining 4 of the remaining 5 are from P2P/Torrenting that you are more than likely aware of, they are showing in red, The one in green is not untrustworthy per se, it is an installer for CCleaner that comes bundled with a toolbar....

Quote

C:\Users\Forki\AppData\Roaming\uTorrent\updates\3.4.2_37951.exe    a variant of Win32/OpenCandy.A potentially unsafe application    
C:\Users\Forki\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe    a variant of Win32/OpenCandy.A potentially unsafe application    
D:\Spletna Stran\Downloadć\AdobeCC2015crackXFORCE__5543_il2375.exe.tar.gz    a variant of Win32/Amonetize.NM potentially unwanted application    
D:\Spletna Stran\Downloadć\ccsetup502.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
E:\Office_2016_16.0.4229.1002_x86-x64_v2.8\KMSAuto Lite\KMSAuto.exe    a variant of Win32/HackKMS.Q potentially unsafe application 

We have removed all found Malware/Infection that was known to be present. We have used Malwarebytes cleanup tool to ensure all remnants of Malarebytes wrere removed. We have also tried with your system in "Clean Boot" that is all none system services disabled, as yet the installation ends up with a no progress loop. 

Boot your system into Safe mmode with networking, try to install Malwarebytes in that mode. Full instructions at the following link:

https://support.eset.com/kb2268/?locale=en_US

Thank you,

Kevin.....

 

Edited November 1, 2017 by kevinf80
typing error