Persistent malware

[Luciferx33]

So, basically I decided to download a free cheat for Fortnite that I seen on Youtube. Lots of positive reviews on it and whatnot, but come to find out - it didn't even work. I tried to delete said cheat and then I realized that the .exe had changed its own name and moved from my desktop where I'd put it. Shortly thereafter, my computer told me I needed to restart if I wanted to turn off UAC. I thought to myself: "No freakin way this is gonna happen." So, I find the .exe and try to remove it. No dice, I'm denied access. I install a program called ProcessHacker 2 and attempt to end the process and destroy the .exe. Access denied, and once I tried again, it gave me a BSOD. I got my PC back up - this time in safe mode - and decided to try again with the Process Hacker. The exe lost its icon and when attempting to use it on the .exe that I could clearly see, the program said that the exe didn't exist. I open task manager and see a LOT of new processes that are running my CPU to 100% way too much, and decide to try ProcessHacker on it. Access denied. Properties > Security > Access denied. I'm the only account and administrator on this computer and I'm denied access to everything that came from this virus. So, many longer stories on many more different tools (yes I backed up my important files on a thumb drive) I'm still stuck in the same spot with only one hope... Malwarebytes' specialists. Hope we can accomplish some goals because I'd very much like to get back to gaming. Thanks in advance.

Addition.txt

FRST.txt

logmbam.txt

[Aura]

Hi Luciferx33

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
  

This being said, it's time to clean-up some malware, so let's get started, shall we?

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after. 

[Luciferx33]

Hello Aura. I already had a recent version of mbar but I decided to go ahead and get one on my desktop and follow your instructions. Below is the log.

I would like to also state that it seems to make itself invisible to most of the things I've tried. There was one thing called "Emsisoft" that detected and quarantined most of the virus, but it came back and now Emsisoft is completely oblivious to it. This was all before I posted here, though, so I'll just be awaiting further instruction.

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.10.25.11
  rootkit: v2017.10.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
AMD :: AMD-PC [administrator]

11/18/2017 12:45:48 AM
mbar-log-2017-11-18 (00-45-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 332759
Time elapsed: 18 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

[Aura]

Alright, do you have a USB Flash Drive? If so, how big is it?

[Luciferx33]

It's only 29 GB and it has 19.3 GB free.

[Aura]

It'll do the trick. Follow the instructions below.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Fix button
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
• Copy and paste its content in your next reply
  

fixlist.txt

[Luciferx33]

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by AMD (18-11-2017 14:36:32) Run:1
Running from C:\Users\AMD\Desktop
Loaded Profiles: AMD (Available Profiles: AMD & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
*****************

========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========

========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========

========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
mbamchameleon         \Device\Mup                             400900       mbamchameleon Instance     0    
mbamchameleon         C:                                      400900       mbamchameleon Instance     0    
mbamchameleon         E:                                      400900       mbamchameleon Instance     0    
mbamchameleon                                                 400900       mbamchameleon Instance     0    
mbamchameleon         F:                                      400900       mbamchameleon Instance     0    
epp                   \Device\Mup                             328900       epp Instance             0    
epp                   C:                                      328900       epp Instance             0    
epp                   E:                                      328900       epp Instance             0    
epp                                                           328900       epp Instance             0    
epp                   F:                                      328900       epp Instance             0    
MpFilter              \Device\Mup                             328000       MpFilter Instance        0    
MpFilter              C:                                      328000       MpFilter Instance        0    
MpFilter              E:                                      328000       MpFilter Instance        0    
MpFilter                                                      328000       MpFilter Instance        0    
MpFilter              F:                                      328000       MpFilter Instance        0    
luafv                 C:                                      135000       luafv                    0    
nrpdobug              \Device\Mup                              45666       nrpdobug Instance        0    
nrpdobug              C:                                       45666       nrpdobug Instance        0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo              E:                                       45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
FileInfo              F:                                       45000       FileInfo                 0    

========= End of CMD: =========

========= dir C:\Windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is 5E42-656D

 Directory of C:\Windows\system32\drivers

11/17/2017  04:25 AM    <DIR>          .
11/17/2017  04:25 AM    <DIR>          ..
07/13/2009  07:06 PM            68,096 1394bus.sys
11/20/2010  10:23 PM           229,888 1394ohci.sys
11/18/2017  12:44 AM           255,928 1F31257C.sys
11/17/2017  03:25 AM           255,928 7171870E.sys
11/20/2010  10:23 PM           334,208 acpi.sys
11/20/2010  10:23 PM            12,800 acpipmi.sys
07/13/2009  08:52 PM           491,088 adp94xx.sys
07/13/2009  08:52 PM           339,536 adpahci.sys
07/13/2009  08:52 PM           182,864 adpu320.sys
04/04/2017  09:53 AM           496,128 afd.sys
07/13/2009  07:10 PM            60,416 agilevpn.sys
07/13/2009  08:52 PM            61,008 AGP440.sys
07/13/2009  08:52 PM            15,440 aliide.sys
11/02/2017  02:09 PM           305,544 amdacpksd.sys
07/13/2009  08:52 PM            15,440 amdide.sys
02/18/2010  08:18 AM            46,136 amdiox64.sys
07/13/2009  06:19 PM            64,512 amdk8.sys
07/13/2009  06:19 PM            60,928 amdppm.sys
03/11/2011  01:41 AM           107,904 amdsata.sys
07/13/2009  08:52 PM           194,128 amdsbs.sys
03/11/2011  01:41 AM            27,008 amdxata.sys
09/13/2017  10:00 AM            62,464 appid.sys
07/13/2009  08:52 PM            87,632 arc.sys
07/13/2009  08:52 PM            97,856 arcsas.sys
11/10/2011  10:14 AM           311,872 ArcSec.sys
07/31/2017  10:54 PM           146,664 aswmonflt.sys.150155971284703
12/31/2007  11:02 PM           360,792 aswvmm.sys.119916015007206
07/13/2009  07:10 PM            23,040 asyncmac.sys
07/13/2009  08:52 PM            24,128 atapi.sys
08/04/2013  09:25 PM           155,584 ataport.sys
11/02/2017  02:11 PM            60,296 ati2erec.dll
09/01/2017  06:15 PM            96,256 AtihdW76.sys
11/02/2017  02:10 PM        40,034,184 atikmdag.sys
11/02/2017  02:12 PM           536,456 atikmpag.sys
06/10/2009  03:34 PM           270,848 b57nd60a.sys
07/13/2009  08:52 PM            28,240 battc.sys
12/12/2011  04:42 PM         1,256,192 bcmwlhigh664.sys
07/13/2009  07:00 PM             6,656 beep.sys
07/13/2009  06:35 PM            45,056 blbdrive.sys
10/05/2016  09:54 AM            90,112 bowser.sys
06/10/2009  03:41 PM            18,432 BrFiltLo.sys
06/10/2009  03:41 PM             8,704 BrFiltUp.sys
07/13/2009  08:01 PM            95,232 bridge.sys
07/13/2009  08:19 PM           286,720 BrSerId.sys
06/10/2009  03:41 PM            47,104 BrSerWdm.sys
06/10/2009  03:41 PM            14,976 BrUsbMdm.sys
06/10/2009  03:41 PM            14,720 BrUsbSer.sys
07/13/2009  07:06 PM            72,192 bthmodem.sys
06/10/2009  03:34 PM           468,480 bxvbda.sys
07/13/2009  06:19 PM            92,160 cdfs.sys
11/20/2010  10:23 PM           147,456 cdrom.sys
07/13/2009  07:06 PM            45,568 circlass.sys
11/20/2010  10:24 PM           179,072 Classpnp.sys
07/13/2009  06:31 PM            17,664 CmBatt.sys
07/13/2009  08:52 PM            17,488 cmdide.sys
11/20/2016  09:07 AM           467,392 cng.sys
07/13/2009  08:52 PM            21,584 compbatt.sys
11/20/2010  10:23 PM            38,912 CompositeBus.sys
07/13/2009  08:47 PM            39,504 crashdmp.sys
07/13/2009  08:47 PM            24,144 crcdisk.sys
09/08/2016  09:55 AM           106,496 dfsc.sys
07/13/2009  06:37 PM            40,448 discache.sys
01/20/2016  07:51 PM            73,664 disk.sys
02/03/2014  09:35 PM            27,584 Diskdump.sys
12/08/2015  01:54 PM           116,736 drmk.sys
12/08/2015  01:11 PM             5,632 drmkaud.sys
07/13/2009  08:47 PM            28,736 Dumpata.sys
07/13/2009  08:43 PM            55,128 dumpfve.sys
07/13/2009  06:38 PM            16,896 dxapi.sys
07/13/2009  06:38 PM            98,816 dxg.sys
05/16/2017  10:35 AM           986,856 dxgkrnl.sys
05/16/2017  10:35 AM           265,448 dxgmms1.sys
07/13/2009  08:47 PM           530,496 elxstor.sys
11/15/2017  07:19 AM    <DIR>          en-US
07/13/2009  06:31 PM             9,728 errdev.sys
11/17/2017  04:42 AM    <DIR>          etc
06/10/2009  03:34 PM         3,286,016 evbda.sys
03/10/2017  10:55 AM           195,584 exfat.sys
11/01/2017  01:19 AM           101,784 farflt.sys
03/10/2017  10:55 AM           205,312 fastfat.sys
07/13/2009  07:00 PM            29,696 fdc.sys
07/13/2009  08:47 PM            70,224 fileinfo.sys
07/13/2009  06:25 PM            34,304 filetrace.sys
07/13/2009  07:00 PM            24,576 flpydisk.sys
11/20/2010  10:24 PM           289,664 fltMgr.sys
07/13/2009  08:47 PM            55,376 fsdepends.sys
03/01/2012  01:46 AM            23,408 fs_rec.sys
01/24/2013  01:01 AM           223,752 fvevol.sys
05/29/2017  11:56 PM           287,976 FWPKCLNT.SYS
07/13/2009  08:47 PM            65,088 GAGP30KX.SYS
06/10/2009  03:30 PM         3,440,660 gm.dls
06/10/2009  03:30 PM               646 gmreadme.txt
09/06/2016  05:48 PM            83,008 hcmon.sys
06/10/2009  03:31 PM            31,232 hcw85cir.sys
11/20/2010  10:23 PM           122,368 hdaudbus.sys
11/20/2010  10:23 PM           350,208 HdAudio.sys
07/13/2009  06:31 PM            26,624 hidbatt.sys
07/13/2009  07:06 PM           100,864 hidbth.sys
07/02/2013  11:05 PM            76,800 hidclass.sys
07/13/2009  07:06 PM            46,592 hidir.sys
07/02/2013  11:05 PM            32,896 hidparse.sys
11/20/2010  10:23 PM            30,208 hidusb.sys
06/22/2017  09:49 AM            55,232 hitmanpro37.sys
11/20/2010  10:23 PM            78,720 HpSAMD.sys
06/15/2017  03:23 PM           753,664 http.sys
11/20/2010  10:24 PM            14,720 hwpolicy.sys
07/13/2009  06:19 PM           105,472 i8042prt.sys
03/11/2011  01:41 AM           410,496 iaStorV.sys
07/13/2009  08:48 PM            44,112 iirsp.sys
07/13/2009  08:48 PM            16,960 intelide.sys
07/13/2009  06:19 PM            62,464 intelppm.sys
11/20/2010  10:24 PM            82,944 ipfltdrv.sys
11/20/2010  10:23 PM            78,848 IPMIDrv.sys
07/13/2009  07:10 PM           116,224 ipnat.sys
07/13/2009  07:09 PM           120,320 irda.sys
07/13/2009  07:08 PM            17,920 irenum.sys
07/13/2009  08:48 PM            20,544 isapnp.sys
07/13/2009  08:48 PM            50,768 kbdclass.sys
11/20/2010  10:23 PM            33,280 kbdhid.sys
12/04/2009  12:35 AM            20,992 KMWDFILTER.sys
11/20/2010  10:24 PM           243,712 ks.sys
09/13/2017  10:32 AM            95,464 ksecdd.sys
09/13/2017  10:32 AM           154,856 ksecpkg.sys
07/13/2009  07:00 PM            20,992 ksthunk.sys
07/13/2009  07:08 PM            60,928 lltdio.sys
11/17/2017  03:37 AM           140,112 lsdfilos.sys
07/13/2009  08:48 PM           114,752 lsi_fc.sys
07/13/2009  08:48 PM           106,560 lsi_sas.sys
07/13/2009  08:48 PM            65,600 lsi_sas2.sys
07/13/2009  08:48 PM           115,776 lsi_scsi.sys
10/11/2017  07:20 PM           113,152 luafv.sys
01/18/2012  06:23 AM           266,828 LVAFT.cfg
01/18/2012  06:44 AM           351,136 lvrs64.sys
01/18/2012  06:44 AM         4,865,568 lvuvc64.sys
05/31/2017  11:09 AM            77,376 mbae64.sys
11/01/2017  01:19 AM            45,472 mbam.sys
11/17/2017  04:25 AM           192,952 MBAMChameleon.sys
11/17/2017  04:16 AM           253,856 MBAMSwissArmy.sys
07/13/2009  07:01 PM            22,016 mcd.sys
07/13/2009  08:48 PM            35,392 megasas.sys
07/13/2009  08:48 PM           284,736 MegaSR.sys
07/13/2009  07:10 PM            40,448 modem.sys
07/13/2009  06:38 PM            30,208 monitor.sys
07/13/2009  08:48 PM            49,216 mouclass.sys
07/13/2009  07:00 PM            31,232 mouhid.sys
05/07/2017  10:33 AM            94,440 mountmgr.sys
01/25/2014  12:19 AM           268,512 MpFilter.sys
11/20/2010  10:23 PM           155,008 mpio.sys
07/13/2009  07:08 PM            77,312 mpsdrv.sys
09/08/2016  09:55 AM           142,336 mrxdav.sys
09/13/2017  09:53 AM           159,744 mrxsmb.sys
09/13/2017  09:53 AM           291,328 mrxsmb10.sys
09/13/2017  09:53 AM           129,536 mrxsmb20.sys
11/20/2010  10:23 PM            31,104 msahci.sys
11/20/2010  10:23 PM           140,672 msdsm.sys
07/13/2009  06:19 PM            26,112 msfs.sys
11/28/2012  05:56 PM                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
06/02/2012  09:57 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
07/13/2009  07:06 PM             8,192 mshidkmdf.sys
07/13/2009  08:48 PM            15,424 msisadrv.sys
02/03/2014  09:35 PM           274,880 msiscsi.sys
07/13/2009  07:00 PM            11,136 mskssrv.sys
07/13/2009  07:00 PM             7,168 mspclock.sys
07/13/2009  07:00 PM             6,784 mspqm.sys
11/20/2010  10:24 PM           366,976 msrpc.sys
07/13/2009  08:48 PM            32,320 mssmbios.sys
07/13/2009  07:00 PM             8,064 mstee.sys
07/13/2009  07:02 PM            15,360 MTConfig.sys
07/13/2009  08:48 PM            60,496 mup.sys
11/04/2017  01:13 AM            84,256 mwac.sys
10/12/2015  11:57 PM           950,720 ndis.sys
07/13/2009  07:08 PM            35,328 ndiscap.sys
07/13/2009  07:10 PM            24,064 ndistapi.sys
11/20/2010  10:24 PM            56,832 ndisuio.sys
11/20/2010  10:24 PM           164,352 ndiswan.sys
11/20/2010  10:24 PM            57,856 ndproxy.sys
02/27/2015  06:32 PM            28,640 Neo_0056.sys
02/22/2015  11:51 PM            28,640 Neo_0114.sys
07/13/2009  07:09 PM            44,544 netbios.sys
08/11/2017  01:00 AM           262,656 netbt.sys
05/29/2017  11:56 PM           377,576 netio.sys
06/10/2009  03:35 PM           707,072 netr7364.sys
07/13/2009  08:48 PM            51,264 nfrd960.sys
03/11/2014  08:52 AM           133,928 NisDrvWFP.sys
02/28/2013  08:49 PM            36,600 npf.sys
07/13/2009  06:19 PM            44,032 npfs.sys
08/11/2017  12:58 AM            26,112 nsiproxy.sys
10/16/2017  06:07 PM         1,680,616 ntfs.sys
07/13/2009  06:19 PM             6,144 null.sys
03/11/2011  01:41 AM           148,352 nvraid.sys
03/11/2011  01:41 AM           166,272 nvstor.sys
07/13/2009  08:48 PM           122,960 NV_AGP.SYS
09/13/2017  10:05 AM           324,608 nwifi.sys
07/13/2009  07:06 PM            72,832 ohci1394.sys
11/20/2010  10:24 PM           131,584 pacer.sys
07/13/2009  07:00 PM            97,280 parport.sys
03/17/2012  02:58 AM            75,120 partmgr.sys
11/20/2010  10:23 PM           184,704 pci.sys
07/13/2009  08:45 PM            12,352 pciide.sys
07/13/2009  08:45 PM            48,720 pciidex.sys
07/13/2009  08:45 PM           220,752 pcmcia.sys
07/13/2009  08:45 PM            50,768 pcw.sys
06/14/2016  12:11 PM           663,552 PEAuth.sys
12/08/2015  01:12 PM           230,400 portcls.sys
07/13/2009  06:19 PM            60,416 processr.sys
01/26/2015  12:29 PM            27,136 ptun0901.sys
07/13/2009  08:45 PM         1,524,816 ql2300.sys
07/13/2009  08:45 PM           128,592 ql40xx.sys
07/13/2009  07:09 PM            46,592 qwavedrv.sys
07/13/2009  07:10 PM            14,848 rasacd.sys
11/20/2010  10:24 PM           129,536 rasl2tp.sys
07/13/2009  07:10 PM            92,672 raspppoe.sys
11/20/2010  10:24 PM           111,104 raspptp.sys
07/13/2009  07:10 PM            83,968 rassstp.sys
11/20/2010  10:24 PM           309,248 rdbss.sys
07/13/2009  07:17 PM            24,064 rdpbus.sys
07/13/2009  07:16 PM             7,680 RDPCDD.sys
07/13/2009  07:16 PM             7,680 RDPENCDD.sys
07/13/2009  07:16 PM             8,192 RDPREFMP.sys
08/23/2012  09:10 AM            19,456 rdpvideominiport.sys
07/16/2014  08:21 PM           212,480 rdpwd.sys
11/20/2010  10:24 PM           213,888 rdyboost.sys
11/05/2015  04:53 AM           146,944 rmcast.sys
07/04/2012  03:26 PM            41,472 RNDISMP.sys
07/13/2009  07:10 PM            11,264 rootmdm.sys
07/13/2009  07:08 PM            76,800 rspndr.sys
04/09/2013  10:09 PM           849,992 Rt64win7.sys
07/02/2013  05:26 AM           615,249 RTAIODAT.DAT
07/02/2013  09:20 AM         3,472,600 RTKVHD64.sys
06/13/2013  06:20 AM         5,448,460 rtvienna.dat
08/27/2012  06:50 PM           114,568 rusb3hub.sys
08/27/2012  06:51 PM           230,280 rusb3xhc.sys
09/04/2014  10:27 PM            39,592 rzendpt.sys
06/09/2014  04:49 AM            32,768 RzMaelstromVAD.sys
09/04/2014  10:27 PM           160,424 rzudd.sys
11/20/2010  10:23 PM           103,808 sbp2port.sys
11/20/2010  10:24 PM            29,696 scfilter.sys
07/22/2011  09:33 AM            25,056 SCMNdisP.sys
07/01/2010  01:21 PM            38,992 ScreamingBAudio64.sys
11/20/2010  10:24 PM           171,392 scsiport.sys
06/10/2009  03:37 PM            23,040 secdrv.sys
02/22/2015  11:56 PM            38,240 see.sys
07/13/2009  07:00 PM            23,552 serenum.sys
07/13/2009  07:00 PM            94,208 serial.sys
07/13/2009  07:00 PM            26,624 sermouse.sys
07/13/2009  07:01 PM            14,336 sffdisk.sys
07/13/2009  07:01 PM            13,824 sffp_mmc.sys
11/20/2010  10:23 PM            14,336 sffp_sd.sys
07/13/2009  07:01 PM            16,896 sfloppy.sys
07/13/2009  08:45 PM            43,584 sisraid2.sys
07/13/2009  08:45 PM            80,464 sisraid4.sys
07/13/2009  07:09 PM            93,184 smb.sys
07/13/2009  07:00 PM            20,992 smclib.sys
07/13/2009  08:45 PM            19,008 spldr.sys
06/10/2009  03:48 PM           426,496 spsys.sys
09/07/2017  09:55 AM           461,312 srv.sys
09/07/2017  09:55 AM           405,504 srv2.sys
09/07/2017  09:55 AM           168,448 srvnet.sys
07/13/2009  08:45 PM            24,656 stexstor.sys
02/03/2014  09:35 PM           190,912 storport.sys
04/10/2015  10:19 PM            69,888 stream.sys
07/13/2009  08:45 PM            12,496 swenum.sys
04/21/2016  04:10 AM            27,136 tap0901.sys
07/13/2009  07:01 PM            29,184 tape.sys
05/29/2017  11:56 PM         1,895,656 tcpip.sys
07/07/2016  10:08 AM            46,080 tcpipreg.sys
11/20/2010  10:24 PM            26,624 tdi.sys
07/13/2009  07:16 PM            15,872 tdpipe.sys
02/16/2012  11:57 PM            23,552 tdtcp.sys
07/29/2017  09:56 AM           117,248 tdx.sys
11/20/2010  10:23 PM            63,360 termdd.sys
08/13/2017  04:45 PM            40,448 tssecsrv.sys
10/01/2013  09:22 PM            56,832 TsUsbFlt.sys
08/23/2012  09:08 AM            30,208 TsUsbGD.sys
11/20/2010  10:24 PM           125,440 tunnel.sys
07/13/2009  08:45 PM            64,080 UAGP35.SYS
11/20/2010  10:23 PM           328,192 udfs.sys
07/13/2009  08:45 PM            64,592 ULIAGPKX.SYS
11/20/2010  10:23 PM            48,640 umbus.sys
05/13/2015  02:15 AM    <DIR>          UMDF
07/13/2009  07:06 PM             9,728 umpass.sys
02/11/2013  11:12 PM            19,968 usb8023.sys
11/05/2015  03:23 PM            54,784 usbaapl64.sys
07/12/2013  05:40 AM           109,824 USBAUDIO.sys
11/20/2010  10:24 PM            32,896 USBCAMD2.sys
10/17/2017  09:06 PM            99,840 usbccgp.sys
07/12/2013  05:41 AM           100,864 usbcir.sys
10/17/2017  09:06 PM             7,808 usbd.sys
10/17/2017  09:06 PM            56,320 usbehci.sys
10/17/2017  09:06 PM           344,064 usbhub.sys
10/17/2017  09:06 PM            25,600 usbohci.sys
10/17/2017  09:06 PM           327,168 usbport.sys
07/13/2009  07:38 PM            25,088 usbprint.sys
11/20/2010  10:24 PM            31,744 usbrpm.sys
02/03/2016  01:07 PM            91,648 USBSTOR.SYS
10/17/2017  09:06 PM            30,720 usbuhci.sys
11/21/2014  01:57 PM           916,024 VBoxDrv.sys
11/21/2014  01:55 PM           141,440 VBoxNetAdp.sys
11/21/2014  01:55 PM           156,360 VBoxNetFlt.sys
11/21/2014  01:55 PM           128,080 VBoxUSBMon.sys
07/13/2009  08:45 PM            36,432 vdrvroot.sys
07/13/2009  06:38 PM            29,184 vga.sys
07/13/2009  06:38 PM            29,184 vgapnp.sys
11/20/2010  10:23 PM           215,936 vhdmp.sys
07/13/2009  08:45 PM            17,488 viaide.sys
07/13/2009  06:38 PM           129,024 videoprt.sys
09/30/2016  12:11 AM           106,560 vmci.sys
11/11/2016  10:16 PM            52,288 vmkbd.sys
11/11/2016  10:05 PM            45,632 vmnet.sys
11/11/2016  10:05 PM            46,144 vmnetadapter.sys
11/11/2016  10:05 PM            66,624 vmnetbridge.sys
11/11/2016  10:05 PM            44,096 vmnetuserif.sys
11/11/2016  10:16 PM            88,128 vmx86.sys
11/20/2010  10:23 PM            71,552 volmgr.sys
07/07/2017  10:33 AM           363,752 volmgrx.sys
11/20/2010  10:23 PM           295,808 volsnap.sys
05/26/2014  02:22 PM            66,728 vrtaucbl.sys
07/13/2009  08:45 PM           161,872 vsmraid.sys
09/30/2016  12:11 AM            93,248 vsock.sys
07/13/2009  07:07 PM            24,576 vwifibus.sys
07/13/2009  07:07 PM            59,904 vwififlt.sys
07/13/2009  07:07 PM            17,920 vwifimp.sys
07/13/2009  07:02 PM            27,776 wacompen.sys
11/20/2010  10:24 PM            88,576 wanarp.sys
07/13/2009  06:37 PM            42,496 watchdog.sys
07/13/2009  08:45 PM            21,056 wd.sys
06/25/2013  05:55 PM           785,624 Wdf01000.sys
11/28/2012  05:56 PM            54,376 WdfLdr.sys
07/13/2009  07:09 PM            12,800 wfplwf.sys
07/13/2009  08:45 PM            22,096 wimmount.sys
08/16/2010  08:22 AM             2,239 win7Logo.inf
12/08/2011  04:44 AM             7,456 win7_64logo.cat
11/20/2010  10:23 PM            41,984 winusb.sys
07/13/2009  06:31 PM            14,336 wmiacpi.sys
07/13/2009  08:45 PM            16,464 wmilib.sys
07/13/2009  07:10 PM            21,504 ws2ifsl.sys
07/25/2012  09:26 PM            87,040 WUDFPf.sys
07/25/2012  09:26 PM           198,656 WUDFRd.sys
             335 File(s)    106,704,104 bytes
               5 Dir(s)  22,503,124,992 bytes free

========= End of CMD: =========

==== End of Fixlog 14:36:33 ====

 

[Aura]

And now for the fun part.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

• USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
• CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
• Another computer (optional: only needed if you cannot work from the infected computer directly)
  

Preparing the USB Flash Drive

• Download the right version of FRST for your system:
  
  • FRST 64-bit
    
• Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
• Download the attached fixlist.txt, and move it on your USB Flash Drive as well
  

Boot in the Recovery Environment

• Plug your USB Flash Drive in the infected computer
• To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
    
• To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
  Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
• To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
  Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  

Once in the command prompt

• In the command prompt, type notepad and press on Enter
• Notepad will open. Click on the File menu and select Open
• Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
• In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
• Note: Replace the letter e with the drive letter of your USB Flash Drive
• FRST will open
• Click on Yes to accept the disclaimer
• Click on the Fix button and wait for the scan to complete
• A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply
  

fixlist.txt

[Luciferx33]

I would like to note that my freezing has stopped and the programs are not listed on my Task Manager any more.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by SYSTEM (18-11-2017 15:32:34) Run:2
Running from g:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\nrpdobug

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\AMD\AppData\Roaming\Microsoft\Protect\4bc386-7bb387-7e1f3568-bbc3e2-efa0.rs" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\AMD\AppData\Roaming\Microsoft\Protect\4bc386-7bb387-7e1f3568-bbc3e2-efa0.rs" <==== ATTENTION

R3 1F31257C; C:\Windows\system32\drivers\1F31257C.sys [255928 2017-11-17] (Malwarebytes)
S3 7171870E; C:\Windows\system32\drivers\7171870E.sys [255928 2017-11-17] (Malwarebytes)

C:\Program Files (x86)\Frittering
C:\Program Files (x86)\Holte
C:\Program Files (x86)\uniondale
C:\ProgramData\Fortnite Updater
C:\ProgramData\rvlkl
C:\Users\AMD\AppData\Local\{8C7DF2B8-82C5-45F2-BDB3-FD22BAB5E067}
C:\Users\AMD\AppData\Local\pwmeron
C:\Users\AMD\AppData\Local\uprxhlk
C:\Users\AMD\AppData\Local\igfxmtc
C:\Users\AMD\AppData\Local\6086765B
C:\Users\AMD\AppData\Local\xylelo.dll
C:\Users\AMD\AppData\Local\Temp\Server.exe
C:\Users\AMD\AppData\Roaming\Oxy
C:\Users\AMD\AppData\Roaming\Microsoft\Protect\4bc386-7bb387-7e1f3568-bbc3e2-efa0.rs
C:\Windows\b65769390
C:\Windows\cron.exe
C:\Windows\system32\ushmzxp
C:\Windows\System32\wekdopusvc.exe
C:\Windows\system32\Drivers\lsd*.sys
C:\Windows\SysWOW64\ushmzxp
*****************

HKLM\SYSTEM\ControlSet001\Services\nrpdobug => key removed successfully
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value not found.
HKLM\System\ControlSet001\Services\1F31257C => key removed successfully
1F31257C => service removed successfully
HKLM\System\ControlSet001\Services\7171870E => key removed successfully
7171870E => service removed successfully
"C:\Program Files (x86)\Frittering" => not found.
"C:\Program Files (x86)\Holte" => not found.
"C:\Program Files (x86)\uniondale" => not found.
C:\ProgramData\Fortnite Updater => moved successfully
"C:\ProgramData\rvlkl" => not found.
C:\Users\AMD\AppData\Local\{8C7DF2B8-82C5-45F2-BDB3-FD22BAB5E067} => moved successfully
C:\Users\AMD\AppData\Local\pwmeron => moved successfully
C:\Users\AMD\AppData\Local\uprxhlk => moved successfully
C:\Users\AMD\AppData\Local\igfxmtc => moved successfully
C:\Users\AMD\AppData\Local\6086765B => moved successfully
"C:\Users\AMD\AppData\Local\xylelo.dll" => not found.
"C:\Users\AMD\AppData\Local\Temp\Server.exe" => not found.
"C:\Users\AMD\AppData\Roaming\Oxy" => not found.
C:\Users\AMD\AppData\Roaming\Microsoft\Protect\4bc386-7bb387-7e1f3568-bbc3e2-efa0.rs => moved successfully
C:\Windows\b65769390 => moved successfully
C:\Windows\cron.exe => moved successfully
C:\Windows\system32\ushmzxp => moved successfully
C:\Windows\System32\wekdopusvc.exe => moved successfully

=========== "C:\Windows\system32\Drivers\lsd*.sys" ==========

C:\Windows\system32\Drivers\lsdoruxb.sys => moved successfully

========= End -> "C:\Windows\system32\Drivers\lsd*.sys" ========

C:\Windows\SysWOW64\ushmzxp => moved successfully

==== End of Fixlog 15:32:37 ====

[Aura]

That's good! Now let's do a scan with Malwarebytes.

Malwarebytes - Clean Mode

• Download and install the free version of Malwarebytes
  Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
• Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
• Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
• Let the scan run, the time required to complete the scan depends of your system and computer specs
• Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
  
  • If it asks you to restart your computer to complete the removal, do so
    
• Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply
  

[Luciferx33]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/18/17
Scan Time: 3:48 PM
Log File: e36bfcd4-cca1-11e7-b2e7-448a5b2986f1.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3290
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AMD-PC\AMD

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389612
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.BetterAds, HKLM\SOFTWARE\WOW6432NODE\betterads, Quarantined, [497], [383836],1.0.3290

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

 

[Aura]

Good. Now let's do a sweep with AdwCleaner and RogueKiller.

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the EULA (I accept), then click on Scan
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
  

RogueKiller

• Download the right version of RogueKiller for your Windows version (32 or 64-bit)
• Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
• Wait for the scan to complete
• On completion, the results will be displayed
• Check every single entry (threat found), and click on the Remove Selected button
• On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
• This will open the report in Notepad. Copy/paste its content in your next reply
  

Your next reply(ies) should therefore contain:

• Copy/pasted AdwCleaner clean log
• Copy/pasted RogueKiller clean log
  

[Luciferx33]

AdwCleaner: 

# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 19 01:14:08 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Administrator\AppData\Local\torch
Deleted: C:\Users\Guest\AppData\Local\torch
Deleted: C:\Users\HomeGroupUser$\AppData\Local\torch
Deleted: C:\Windows\SysNative\Tasks\Microsoft\Windows\RVLKL
Deleted: C:\Users\AMD\AppData\LocalLow\avg web tuneup
Deleted: C:\Users\Guest.AMD-PC\AppData\LocalLow\avg web tuneup

***** [ Files ] *****

Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Oxy
Deleted: Microsoft\Windows\RVLKL\RVLKL

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKCU\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Software\Idle~Crawler
Deleted: [Key] - HKCU\Software\Idle~Crawler
Deleted: [Key] - HKLM\SOFTWARE\TBID
Deleted: [Key] - HKLM\SOFTWARE\torch
Deleted: [Key] - HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Software\torch
Deleted: [Key] - HKCU\Software\torch
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Deleted: [Value] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|WinResSync
Deleted: [Value] - HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Software\Microsoft\Windows\CurrentVersion\Run|WinResSync
Deleted: [Value] - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run|WinResSync
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinResSync
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Key] - HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Software\AppDataLow\Software\CompeteInc
Deleted: [Key] - HKCU\Software\AppDataLow\Software\CompeteInc
Deleted: [Key] - HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{18036347-28AF-43F7-9DF1-231029BDD605}
Deleted: [Key] - HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3550 B] - [2017/11/19 1:13:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

______________________________________________________________________________________

 

RogueKiller:

RogueKiller V12.11.24.0 (x64) [Nov 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : AMD [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/18/2017 20:22:32 (Duration : 00:16:10)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\TBID -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {56E2E7CF-A11B-43FA-AAC5-8A0343641197} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\AMD\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupIn| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {43A87342-0619-4E6B-A062-D1E4861D06D7} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\AMD\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupOut| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {19852406-D9C5-4963-A858-E209F0BD2721} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\AMD\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveIn| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3990BE1F-5E93-42B4-9F8B-4358A508B2FA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\AMD\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveOut| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {02B72497-7A94-4001-8E9A-5C4C384E851A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\AMD\AppData\Local\Temp\server.exe|Name=server.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9DF5D3F7-ABCF-4A45-84A9-AE6FE3E1E458} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\AMD\AppData\Local\Temp\server.exe|Name=server.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FDC662A-8AFC-4398-A12E-ABD576DB5BD1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\AMD\AppData\Local\Temp\server.exe|Name=server.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {56E2E7CF-A11B-43FA-AAC5-8A0343641197} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\AMD\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupIn| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {43A87342-0619-4E6B-A062-D1E4861D06D7} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\AMD\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupOut| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {19852406-D9C5-4963-A858-E209F0BD2721} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\AMD\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveIn| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3990BE1F-5E93-42B4-9F8B-4358A508B2FA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\AMD\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveOut| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {02B72497-7A94-4001-8E9A-5C4C384E851A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\AMD\AppData\Local\Temp\server.exe|Name=server.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9DF5D3F7-ABCF-4A45-84A9-AE6FE3E1E458} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\AMD\AppData\Local\Temp\server.exe|Name=server.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FDC662A-8AFC-4398-A12E-ABD576DB5BD1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\AMD\AppData\Local\Temp\server.exe|Name=server.exe| [x] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-537105303-1443369179-2062714536-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-537105303-1443369179-2062714536-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Replaced (1)

¤¤¤ Tasks : 2 ¤¤¤
[PUP.Gen1] \Oxy Updater -- C:\Users\AMD\AppData\Roaming\Oxy\Loader.exe -> Deleted
[Suspicious.Path] \Server -- C:\Users\AMD\AppData\Local\Temp/Server.exe -> Deleted

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][Stream] C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD} -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 110e3145f7dd15683ad6e4ec3cf1d329
[BSP] a23febdc45217dad52b0256a8559779a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: KINGSTON SH103S3120G ATA Device +++++
--- User ---
[MBR] 6e710caf90158767dee0a6f98ab7fe72
[BSP] 39f6d14c38daadf5424158bd17824f92 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Aura]

Awesome! Now run a new scan with FRSTand provide me a fresh set of logs. We'll look for remnants.

[Luciferx33]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2017
Ran by AMD (administrator) on AMD-PC (19-11-2017 00:20:29)
Running from C:\Users\AMD\Desktop
Loaded Profiles: AMD (Available Profiles: AMD & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Discord Inc.) C:\Users\AMD\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\AMD\AppData\Local\Discord\app-0.0.298\Discord.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Discord Inc.) C:\Users\AMD\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) E:\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2017-11-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\Run: [Discord] => C:\Users\AMD\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\Run: [Steam] => E:\Steam\steam.exe [3111712 2017-11-16] (Valve Corporation)
HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\MountPoints2: {dfab13bb-fe1f-11e5-8893-448a5b2986f1} - F:\windows\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\AMD\AppData\Roaming\Microsoft\Protect\4bc386-7bb387-7e1f3568-bbc3e2-efa0.rs" <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-11-18]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8C0243FC-D39F-4E55-A3CD-A3F0661673DB}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A6C28FA7-D3DA-4687-9F4B-E06EBF2BD66F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F6818255-FC9C-4996-A056-291767E57AC2}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-31] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-537105303-1443369179-2062714536-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\AMD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default [2017-11-19]
CHR Extension: (Google Drive) - C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-17]
CHR Extension: (YouTube) - C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-17]
CHR Extension: (Adblock Plus) - C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Into The Mist) - C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2017-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR HKU\S-1-5-21-537105303-1443369179-2062714536-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AMD\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-537105303-1443369179-2062714536-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-11-02] (Advanced Micro Devices) [File not signed]
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-15] ()
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2017-09-28] (EasyAntiCheat Ltd)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-28] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-11] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2017-11-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 TermService; C:\Windows\rdpwrap.dll [116736 2017-06-08] (Stas'M Corp.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [536346624 2017-11-16] () [File not signed]
S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2017-11-02] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-06-22] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [48672 2017-06-19] (IObit)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-18] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0114.sys [28640 2015-02-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0056.sys [28640 2015-02-27] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [14136 2009-10-05] (MSI)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2015-02-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] (VMware, Inc.)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 aswbdisk; no ImagePath
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 tap-tb-0901; system32\DRIVERS\tap-tb-0901.sys [X]
S3 udiskMgr; system32\drivers\filosv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-18 22:03 - 2017-11-18 22:03 - 000001893 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2017-11-18 22:03 - 2017-11-18 22:03 - 000001893 _____ C:\ProgramData\Desktop\SoftEther VPN Client Manager.lnk
2017-11-18 22:02 - 2017-11-18 22:10 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2017-11-18 21:56 - 2017-11-18 21:58 - 045095360 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Users\AMD\Desktop\softether-vpnclient-v4.24-9651-beta-2017.10.23-windows-x86_x64-intel.exe
2017-11-18 21:19 - 2017-11-18 21:19 - 000000000 ____D C:\Program Files\Epic Games
2017-11-18 21:18 - 2017-11-18 21:19 - 000000000 ____D C:\ProgramData\Epic
2017-11-18 21:18 - 2017-11-18 21:18 - 000001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-11-18 21:18 - 2017-11-18 21:18 - 000001230 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-11-18 21:18 - 2017-11-18 21:18 - 000001230 _____ C:\ProgramData\Desktop\Epic Games Launcher.lnk
2017-11-18 21:18 - 2017-11-18 21:18 - 000000000 ____D C:\Users\AMD\AppData\Local\EpicGamesLauncher
2017-11-18 21:18 - 2017-11-18 21:18 - 000000000 ____D C:\Program Files (x86)\Epic Games
2017-11-18 21:16 - 2017-11-18 21:16 - 032059392 _____ C:\Users\AMD\Desktop\EpicInstaller-6.9.0-fortnite-5b30c517ac1e44e7ac775d09e304878e.msi
2017-11-18 20:56 - 2017-11-18 20:56 - 000013130 _____ C:\Users\AMD\Desktop\FilesFez.txt
2017-11-18 20:22 - 2017-11-18 20:22 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-18 20:21 - 2017-11-18 21:07 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-18 20:21 - 2017-11-18 20:21 - 000000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-18 20:21 - 2017-11-18 20:21 - 000000818 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2017-11-18 20:21 - 2017-11-18 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-18 20:21 - 2017-11-18 20:21 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-18 20:20 - 2017-11-18 20:20 - 036156920 _____ (Adlice Software ) C:\Users\AMD\Desktop\roguesetup.exe
2017-11-18 20:11 - 2017-11-18 20:14 - 000000000 ____D C:\AdwCleaner
2017-11-18 20:11 - 2017-11-18 20:11 - 008261584 _____ (Malwarebytes) C:\Users\AMD\Desktop\AdwCleaner.exe
2017-11-18 16:01 - 2017-11-18 16:02 - 000002086 _____ C:\Users\AMD\Desktop\Clear Unused RAM.lnk
2017-11-18 15:54 - 2017-11-18 15:54 - 000001237 _____ C:\Users\AMD\Desktop\yabroski.txt
2017-11-18 15:48 - 2017-11-18 22:10 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-18 15:48 - 2017-11-18 15:48 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-18 15:48 - 2017-11-18 15:48 - 000001827 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2017-11-18 15:48 - 2017-11-18 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-18 15:48 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-18 15:45 - 2017-11-18 15:45 - 078346672 _____ (Malwarebytes ) C:\Users\AMD\Desktop\mb3-setup-consumer-3.3.1.2183.exe
2017-11-18 14:36 - 2017-11-18 14:36 - 000021545 _____ C:\Users\AMD\Desktop\Fixlog.txt
2017-11-18 14:36 - 2017-11-18 14:36 - 000000000 ____D C:\Users\AMD\Desktop\FRST-OlderVersion
2017-11-18 00:42 - 2017-11-18 01:04 - 000000000 ____D C:\Users\AMD\Desktop\mbar
2017-11-18 00:42 - 2017-11-18 00:42 - 014161479 _____ C:\Users\AMD\Desktop\mbar-1.10.3.1001-nr.exe
2017-11-17 20:13 - 2017-11-17 20:14 - 000056250 _____ C:\Users\AMD\Desktop\Addition.txt
2017-11-17 20:12 - 2017-11-19 00:20 - 000012605 _____ C:\Users\AMD\Desktop\FRST.txt
2017-11-17 20:12 - 2017-11-18 14:36 - 002392064 _____ (Farbar) C:\Users\AMD\Desktop\FRST64.exe
2017-11-17 19:51 - 2017-11-18 00:42 - 000000000 ____D C:\Users\AMD\Desktop\desktopstuff
2017-11-17 17:15 - 2017-11-17 17:15 - 000000000 ____D C:\Users\AMD\AppData\Roaming\XRay
2017-11-17 17:12 - 2017-11-17 17:12 - 000000000 ____D C:\Users\AMD\AppData\Local\XRay
2017-11-17 17:12 - 2017-11-17 17:12 - 000000000 ____D C:\Users\AMD\AppData\Local\_
2017-11-17 14:58 - 2017-11-18 20:15 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-11-17 14:52 - 2017-11-17 16:35 - 000000000 ____D C:\EEK
2017-11-17 06:06 - 2017-11-17 14:15 - 000000000 ____D C:\Users\AMD\AppData\Roaming\mIRC
2017-11-17 06:06 - 2017-11-17 06:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2017-11-17 06:06 - 2017-11-17 06:06 - 000000000 ____D C:\Program Files (x86)\mIRC
2017-11-17 05:33 - 2017-11-17 05:33 - 000000000 ____D C:\Users\AMD\AppData\Roaming\Process Hacker 2
2017-11-17 05:24 - 2017-11-17 05:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-11-17 05:03 - 2017-11-19 00:20 - 000000000 ____D C:\FRST
2017-11-17 04:25 - 2017-11-18 00:44 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1F31257C.sys
2017-11-17 03:25 - 2017-11-17 03:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7171870E.sys
2017-11-17 03:24 - 2017-11-18 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-17 02:08 - 2017-11-17 02:08 - 000000000 ____D C:\NoBot
2017-11-17 00:30 - 2017-11-17 00:30 - 000275752 _____ C:\Windows\Minidump\111717-10998-01.dmp
2017-11-17 00:21 - 2017-11-17 00:21 - 000275752 _____ C:\Windows\Minidump\111717-11934-01.dmp
2017-11-17 00:01 - 2017-11-17 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-11-17 00:01 - 2017-11-17 00:01 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-11-16 23:57 - 2017-11-16 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2017-11-16 23:57 - 2017-11-16 23:57 - 000000000 ____D C:\Program Files (x86)\IObit
2017-11-15 12:30 - 2017-11-15 12:30 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2017-11-15 12:30 - 2017-11-15 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-11-15 12:29 - 2017-11-15 12:29 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-11-15 12:27 - 2017-11-15 12:27 - 000000000 ____D C:\Users\AMD\AppData\Local\RadeonInstaller
2017-11-15 12:26 - 2017-11-15 12:26 - 025900000 _____ (AMD Inc.) C:\Users\AMD\Downloads\radeon-crimson-relive-17.11.1-minimalsetup-171109_64bit.exe
2017-11-14 20:55 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-14 20:55 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-14 20:55 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-14 20:55 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-14 20:55 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-14 20:55 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-14 20:55 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-14 20:55 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-14 20:55 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-14 20:55 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-14 20:55 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-14 20:55 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-14 20:55 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-14 20:55 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-14 20:55 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-14 20:55 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-14 20:55 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-14 20:55 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-14 20:55 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-14 20:55 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-14 20:55 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-14 20:55 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-14 20:55 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-14 20:55 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-14 20:55 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-14 20:55 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-14 20:55 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-14 20:55 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-14 20:55 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-14 20:55 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-14 20:55 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-14 20:55 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-14 20:55 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-14 20:55 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-14 20:55 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-14 20:55 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-14 20:55 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-14 20:55 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-14 20:55 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-14 20:55 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-14 20:55 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-14 20:55 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-14 20:55 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-14 20:55 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-14 20:55 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-14 20:55 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-14 20:55 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-14 20:55 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-14 20:55 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-14 20:55 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-14 20:55 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-14 20:55 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-14 20:55 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-14 20:55 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-14 20:55 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-14 20:55 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-14 20:55 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-14 20:55 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-14 20:55 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-14 20:55 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-14 20:55 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-14 20:55 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-14 20:55 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-14 20:55 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-14 20:55 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-14 20:55 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-14 20:55 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-14 20:55 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-14 20:55 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-14 20:55 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-14 20:55 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-14 20:55 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-14 20:55 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-14 20:55 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-14 20:55 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-14 20:55 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-14 20:55 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-14 20:55 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-14 20:55 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-14 20:55 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-14 20:55 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-14 20:55 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-14 20:55 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-14 20:55 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-14 20:55 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-14 20:55 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-14 20:55 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-14 20:55 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-14 20:55 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-14 20:55 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-14 20:55 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-14 20:55 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-14 20:55 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-14 20:55 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-14 20:55 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-14 20:55 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-14 20:55 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-14 20:55 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-14 20:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-14 20:54 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-14 20:54 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-14 20:54 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-14 20:54 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-14 20:54 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-14 20:54 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-14 20:54 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-14 20:54 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-14 20:54 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-14 20:54 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-11 08:56 - 2017-11-11 08:56 - 000000000 ____D C:\Users\AMD\AppData\Local\FortniteGame
2017-11-11 08:35 - 2017-11-11 08:56 - 000000000 ____D C:\Users\AMD\AppData\Local\UnrealEngine
2017-11-11 08:35 - 2017-11-11 08:35 - 000000805 _____ C:\Users\AMD\Desktop\Epic Games Launcher.lnk
2017-11-11 08:35 - 2017-11-11 08:35 - 000000000 ____D C:\Users\AMD\AppData\Local\UnrealEngineLauncher
2017-11-11 08:35 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-11-11 08:35 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-11-11 08:35 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-11-11 08:35 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-11-11 08:35 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-11-11 08:35 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-11-11 08:35 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-11-04 14:52 - 2017-11-04 14:53 - 000000000 ____D C:\Users\AMD\AppData\Roaming\kingdom_rush_frontiers
2017-11-04 14:52 - 2017-11-04 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-11-04 14:52 - 2017-11-04 14:52 - 000000000 ____D C:\GOG Games
2017-11-04 02:08 - 2017-11-04 02:08 - 000000000 ____D C:\Users\AMD\AppData\Local\MW2_Trainer
2017-11-02 14:13 - 2017-11-02 14:13 - 011579464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2017-11-02 14:13 - 2017-11-02 14:13 - 009412328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2017-11-02 14:13 - 2017-11-02 14:13 - 000470920 _____ C:\Windows\system32\dgtrayicon.exe
2017-11-02 14:13 - 2017-11-02 14:13 - 000449416 _____ C:\Windows\system32\GameManager64.dll
2017-11-02 14:13 - 2017-11-02 14:13 - 000172680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2017-11-02 14:13 - 2017-11-02 14:13 - 000143352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2017-11-02 14:13 - 2017-11-02 14:13 - 000020360 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000698760 _____ (AMD) C:\Windows\system32\atieclxx.exe
2017-11-02 14:12 - 2017-11-02 14:12 - 000547208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000536456 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2017-11-02 14:12 - 2017-11-02 14:12 - 000475016 _____ (AMD) C:\Windows\system32\atitmm64.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000472456 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2017-11-02 14:12 - 2017-11-02 14:12 - 000461192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000405384 _____ C:\Windows\system32\atieah64.exe
2017-11-02 14:12 - 2017-11-02 14:12 - 000325512 _____ C:\Windows\SysWOW64\atieah32.exe
2017-11-02 14:12 - 2017-11-02 14:12 - 000194440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000149896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2017-11-02 14:12 - 2017-11-02 14:12 - 000033160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 015728520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 014318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 011820496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 010747768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2017-11-02 14:11 - 2017-11-02 14:11 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000170888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2017-11-02 14:11 - 2017-11-02 14:11 - 000065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2017-11-02 14:11 - 2017-11-02 14:11 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 040034184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2017-11-02 14:10 - 2017-11-02 14:10 - 012084104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 009776520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 002915208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 001052040 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 001052040 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 000694664 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 000342920 _____ C:\Windows\system32\clinfo.exe
2017-11-02 14:10 - 2017-11-02 14:10 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-11-02 14:10 - 2017-11-02 14:10 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 061976968 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 031403912 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 013527944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 011090824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 002533256 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 001232264 _____ (AMD) C:\Windows\system32\coinst_17.40.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000436616 _____ C:\Windows\system32\amdgfxinfo64.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000352136 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2017-11-02 14:09 - 2017-11-02 14:09 - 000159624 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000157064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000136584 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2017-11-02 14:09 - 2017-11-02 14:09 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2017-11-02 14:08 - 2017-11-02 14:08 - 048013704 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2017-11-02 14:08 - 2017-11-02 14:08 - 028929416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2017-11-02 14:08 - 2017-11-02 14:08 - 025040776 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2017-11-02 13:42 - 2017-11-02 13:42 - 002428928 _____ C:\Windows\system32\amdacpusl.pdb
2017-11-02 13:34 - 2017-11-02 13:34 - 000365056 _____ (Advanced Micro Devices) C:\Windows\system32\amdacpusl.dll
2017-11-02 13:34 - 2017-11-02 13:34 - 000306176 _____ C:\Windows\system32\amdacpusl.pdb.pub
2017-11-02 13:34 - 2017-11-02 13:34 - 000248832 _____ (Advanced Micro Devices) C:\Windows\SysWOW64\amdacpusl.dll
2017-11-02 13:30 - 2017-11-02 13:30 - 000835448 _____ C:\Windows\SysWOW64\atiapfxx.blb
2017-11-02 13:30 - 2017-11-02 13:30 - 000835448 _____ C:\Windows\system32\atiapfxx.blb
2017-11-02 13:27 - 2017-11-02 13:27 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2017-11-02 13:22 - 2017-11-02 13:22 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2017-10-31 02:19 - 2017-10-31 02:19 - 000000000 ____D C:\Users\AMD\AppData\Roaming\DucPlugin
2017-10-27 15:59 - 2017-10-27 15:59 - 000000000 ____D C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2017-10-21 10:23 - 2017-10-21 10:23 - 000000200 _____ C:\Users\AMD\Desktop\Garry's Mod.url
2017-10-20 23:11 - 2017-11-15 13:45 - 000000000 ____D C:\Users\AMD\AppData\LocalLow\AMD
2017-10-20 22:57 - 2017-10-20 22:57 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-10-20 22:56 - 2017-10-21 00:13 - 000000000 ____D C:\Windows\system32\DAX2
2017-10-20 22:56 - 2017-10-20 22:56 - 000000000 ____D C:\ProgramData\Audyssey Labs
2017-10-20 22:51 - 2017-10-21 00:13 - 000000000 ____D C:\ProgramData\ProductData
2017-10-20 22:51 - 2017-10-20 22:51 - 000000000 ____D C:\Windows\IObit
2017-10-20 22:50 - 2017-11-16 23:57 - 000000000 ____D C:\ProgramData\IObit
2017-10-20 22:50 - 2017-10-20 23:24 - 000000000 ____D C:\Users\AMD\AppData\Roaming\IObit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-18 22:17 - 2009-07-13 23:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-18 22:17 - 2009-07-13 23:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-18 22:14 - 2009-07-14 00:13 - 000786022 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-18 22:14 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-11-18 22:11 - 2016-05-24 01:15 - 000000000 ____D C:\Users\AMD\AppData\Roaming\discord
2017-11-18 22:10 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-18 22:03 - 2017-06-01 09:25 - 000001899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-11-18 22:03 - 2015-02-22 23:50 - 000143808 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2017-11-18 21:43 - 2014-07-23 01:45 - 000000000 ____D C:\Users\AMD\AppData\Local\ElevatedDiagnostics
2017-11-18 21:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-11-18 20:14 - 2008-01-01 00:04 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-11-18 17:10 - 2014-03-11 19:25 - 000000000 ____D C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-18 15:48 - 2014-05-24 15:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-18 15:26 - 2009-07-13 21:34 - 026476544 _____ C:\Windows\system32\config\HARDWARE
2017-11-17 19:53 - 2016-02-19 21:35 - 000000000 ___RD C:\Users\AMD\Desktop\JUNK FOLDER
2017-11-17 14:25 - 2016-07-03 04:16 - 000000000 ____D C:\Windows\pss
2017-11-17 05:49 - 2017-06-01 22:27 - 000000000 ____D C:\Users\AMD\AppData\Local\CrashDumps
2017-11-17 04:12 - 2017-07-10 15:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-17 04:09 - 2017-08-13 09:26 - 000000000 ____D C:\Users\AMD\AppData\Roaming\VMware
2017-11-17 04:09 - 2017-08-13 09:23 - 000000000 ____D C:\ProgramData\VMware
2017-11-17 04:07 - 2017-07-29 23:58 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-11-17 01:35 - 2017-06-15 03:44 - 000029696 ___SH C:\Users\AMD\AppData\Roaming\Thumbs.db
2017-11-17 00:40 - 2017-06-15 04:20 - 000361542 _____ C:\Windows\ntbtlog.txt
2017-11-17 00:30 - 2014-03-11 22:29 - 000000000 ____D C:\Windows\Minidump
2017-11-16 23:28 - 2009-07-14 00:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-11-16 23:26 - 2009-07-13 23:45 - 000269128 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-16 23:02 - 2014-03-21 19:01 - 000000000 ____D C:\Program Files\Microsoft Security Client
2017-11-16 23:02 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Defender
2017-11-15 21:30 - 2014-03-11 04:57 - 000058472 _____ C:\Users\AMD\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-15 12:30 - 2017-08-16 14:31 - 000000000 ____D C:\Program Files (x86)\AMD
2017-11-15 12:30 - 2014-03-10 17:38 - 000000000 ____D C:\Program Files\AMD
2017-11-15 12:27 - 2017-07-10 15:52 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-11-15 12:26 - 2017-05-24 13:42 - 000000000 ____D C:\AMD
2017-11-15 07:45 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-11-15 07:19 - 2014-12-10 03:19 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 03:01 - 2014-03-11 04:48 - 000778144 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-14 02:54 - 2016-08-17 03:56 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 02:54 - 2016-08-17 03:56 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-11 08:35 - 2017-08-26 11:51 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-04 14:52 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-02 14:14 - 2017-09-28 14:52 - 000195888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2017-11-02 14:14 - 2017-09-28 14:52 - 000161344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2017-11-02 14:13 - 2017-09-28 14:52 - 015934280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2017-11-02 14:13 - 2017-09-28 14:52 - 000357256 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-11-02 14:12 - 2017-09-28 14:52 - 013131144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2017-11-02 14:12 - 2017-09-28 14:52 - 001931408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-11-02 14:12 - 2017-09-28 14:52 - 001541080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-11-02 14:12 - 2017-09-28 14:52 - 000223112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-11-02 14:12 - 2017-09-28 14:52 - 000144776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2017-11-02 14:12 - 2017-09-28 14:52 - 000020360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2017-11-02 14:10 - 2017-09-28 14:52 - 001454984 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2017-11-02 14:07 - 2017-09-28 14:52 - 035220872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2017-10-28 21:43 - 2017-08-27 07:34 - 000000000 ____D C:\Users\AMD\AppData\Roaming\.minecraft
2017-10-25 01:35 - 2015-02-15 12:58 - 000000000 ____D C:\Users\AMD\Documents\DyingLight
2017-10-21 00:14 - 2014-03-11 04:16 - 000000000 ____D C:\Users\AMD
2017-10-21 00:13 - 2017-10-18 10:33 - 000000000 ____D C:\Users\AMD\Documents\FLiNGTrainer
2017-10-21 00:13 - 2017-09-29 21:45 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2017-10-21 00:13 - 2017-09-18 23:17 - 000000000 ____D C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KongHack
2017-10-21 00:13 - 2017-08-13 09:23 - 000000000 ____D C:\Program Files\Common Files\VMware
2017-10-21 00:13 - 2017-08-13 09:23 - 000000000 ____D C:\Program Files (x86)\VMware
2017-10-21 00:13 - 2017-08-13 09:12 - 000000000 ____D C:\Users\AMD\AppData\Roaming\Andy
2017-10-21 00:13 - 2015-04-25 20:39 - 000000000 ____D C:\Users\Guest.AMD-PC
2017-10-21 00:13 - 2014-03-11 04:44 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-10-21 00:13 - 2011-04-12 03:28 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-10-21 00:13 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\security
2017-10-21 00:13 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2017-10-20 23:27 - 2017-08-26 11:52 - 000000000 ____D C:\Users\AMD\AppData\Roaming\Wireshark
2017-10-20 23:25 - 2017-09-18 23:17 - 000000000 ____D C:\Users\AMD\AppData\Local\Deployment

==================== Files in the root of some directories =======

2014-10-13 06:37 - 2014-10-13 06:37 - 000000034 _____ () C:\Users\AMD\AppData\Roaming\AdobeWLCMCache.dat
2017-06-15 03:44 - 2017-11-17 01:35 - 000029696 ___SH () C:\Users\AMD\AppData\Roaming\Thumbs.db
2017-05-24 14:27 - 2017-05-24 14:27 - 000022192 _____ () C:\Users\AMD\AppData\Roaming\UserTile.png
2016-11-21 02:47 - 2017-09-25 23:15 - 000007597 _____ () C:\Users\AMD\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-11-18 20:21 - 2017-09-13 10:31 - 001732864 _____ (Microsoft Corporation) C:\Users\AMD\AppData\Local\Temp\dllnt_dump.dll
2017-08-03 10:25 - 2016-08-09 14:02 - 077324608 _____ (Adobe Systems, Inc.                                         ) C:\Users\AMD\AppData\Local\Temp\Install.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-09 03:34

==================== End of FRST.txt ============================

 

...addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by AMD (19-11-2017 00:20:58)
Running from C:\Users\AMD\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-11 09:16:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-537105303-1443369179-2062714536-500 - Administrator - Disabled)
AMD (S-1-5-21-537105303-1443369179-2062714536-1000 - Administrator - Enabled) => C:\Users\AMD
Guest (S-1-5-21-537105303-1443369179-2062714536-501 - Limited - Disabled) => C:\Users\Guest.AMD-PC
HomeGroupUser$ (S-1-5-21-537105303-1443369179-2062714536-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Out of date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Out of date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Reflector Desktop (HKLM-x32\...\{34795E6B-338D-4A6D-8BCE-906AD056AF4F}) (Version: 9.0.1.374 - Red Gate Software Ltd)
ACP Application (HKLM\...\{CC5B3AA9-1152-E9B3-7DCF-0F2B313DFFB3}) (Version: 2017.1102.1434.20 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
AIDA64 Extreme v4.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.20 - FinalWire Ltd.)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Andy OS (HKLM\...\Andy OS) (Version: 46.16 - Andy OS, Inc)
ANDY OS (HKLM-x32\...\Andy OS) (Version: 1.1 - andyroid.net)
AVG 2014 (HKLM\...\{B42D82E8-FF97-48BB-91AA-86717B2B6B16}) (Version: 14.0.4765 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
Discord (HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{80B15934-444B-4B4F-B2A9-439FCCBA4C81}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.4.1.0 (HKLM-x32\...\{BF83FC65-8072-4850-A4CE-969A5F3570DA}) (Version: 1.4.1.0 - Facebook)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.15 - Riot Games, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
KH Ultra Trainer (HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\4f344c4511ef18b2) (Version: 0.1.0.76 - KongHack)
Kingdom Rush Frontiers (HKLM-x32\...\1195536024_is1) (Version: 2.4.0.6 - GOG.com)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League client alpha (HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mIRC (HKLM-x32\...\mIRC) (Version: 7.51 - mIRC Co. Ltd.)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
RogueKiller version 12.11.24.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.24.0 - Adlice Software)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.24.9651 - SoftEther VPN Project)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.3.50306 - Telerik)
Unity Web Player (HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VMware Player (HKLM\...\{6D211A09-EB2A-4B83-ACCB-13B1BC12AF4E}) (Version: 12.5.2 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.6.00000 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-537105303-1443369179-2062714536-1000\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-05-26] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-05-26] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-05-26] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-05-26] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03CA0BCA-E78C-4375-90B6-C0611E0E8414} - \Microsoft\Windows\Maintenance\Idle~Crawler Update -> No File <==== ATTENTION
Task: {1482D4D7-A4B7-4ACD-8E24-BA4FA80FEAA2} - \5567562 -> No File <==== ATTENTION
Task: {193BF99B-0EE6-4A39-893F-860C5C803D8C} - System32\Tasks\{B54CFFBE-EDA5-4CF8-B453-A92C95F2E4B5} => E:\Steam\Steam.exe [2017-11-16] (Valve Corporation)
Task: {1E6A57E7-D79C-412D-BEA1-6D5B8CCA76A8} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {2D460134-E4ED-4349-9B4D-611337C01FFB} - System32\Tasks\{1E2FF62B-4446-48A3-90B8-BD60B757A3E0} => C:\Users\AMD\Desktop\MW2_ Liberation\MW2_Liberation.exe
Task: {32069488-DE30-4B47-B617-3D018EF70572} - System32\Tasks\{FAD8248B-FDBD-4EF5-BDA1-611AB1CC5E65} => E:\Steam\Steam.exe [2017-11-16] (Valve Corporation)
Task: {4A3446DC-5FF2-4608-9ABB-12A035BFEBCF} - \Idle~Crawler Runner -> No File <==== ATTENTION
Task: {676AEF44-0FF9-4634-B00F-4FA33522EE27} - System32\Tasks\AdobeAAMUpdater-1.0-AMD-PC-AMD => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {7631E890-C209-4905-809C-5A8EF4D626CA} - System32\Tasks\{D17199E8-D6E2-438B-8AC2-F8E1373F1CCD} => E:\Steam\Steam.exe [2017-11-16] (Valve Corporation)
Task: {864B6DE8-39E9-4AF9-BAA1-8D992ED2039A} - System32\Tasks\{59282B1A-4120-4D4D-A88D-0C725EEE10A5} => C:\Users\AMD\Downloads\Assassin's Creed IV Black Flag\setup.exe
Task: {88540D50-8621-4754-9ECD-81FC5C8B357D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {8FD39077-1FE9-4654-9701-75F2DC06659B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.)
Task: {A99215EB-84B1-4B00-B339-463D8D276118} - System32\Tasks\{9F074620-6D0C-427F-A65B-906D56C48EC5} => C:\Users\AMD\Downloads\Assassin's Creed IV Black Flag\setup.exe
Task: {AB56E03C-184A-4924-A77A-96A457B206CB} - System32\Tasks\{D3010003-9BBE-4A8D-9D46-36737E0D81CC} => E:\Steam\Steam.exe [2017-11-16] (Valve Corporation)
Task: {AD39F008-686F-4785-AA90-0597560628E4} - System32\Tasks\{50311CD5-DAEB-45EA-AC0E-B95217DC46F0} => C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe [2017-11-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
Task: {C21454FA-4F6C-410F-8986-DE80AC78E182} - System32\Tasks\{17AB1DF1-B9B6-4119-91BB-4E01CCE8663E} => C:\Users\AMD\Downloads\Assassin's Creed IV Black Flag\setup.exe
Task: {C5A277C9-1D72-4296-86B6-6742D91B595F} - System32\Tasks\{09DE55FC-15CE-434C-A4DD-A93430801F63} => E:\Steam\Steam.exe [2017-11-16] (Valve Corporation)
Task: {E9400ABE-2742-4100-B181-FB1D9567D261} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {E9A30224-D1A5-4104-8B8A-DE9F2E35FD31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {EC27991E-42B4-445B-804C-6C4B735897E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-31] (Adobe Systems Incorporated)
Task: {F00BD019-C587-40F9-85BD-F78B5EF3B780} - System32\Tasks\{84670DB8-5B52-4D13-B2FD-FB9484DF8777} => C:\Users\AMD\Downloads\Assassin's Creed IV Black Flag\setup.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\AMD\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

ShortcutWithArgument: C:\Users\AMD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-11-18 15:48 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-25 12:25 - 2017-07-25 12:25 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-11-14 16:02 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-14 16:02 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-08-20 21:56 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\AMD\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-20 21:56 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\AMD\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-20 21:56 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\AMD\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-08 21:46 - 2017-10-09 07:01 - 009722360 _____ () \\?\C:\Users\AMD\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-08 21:46 - 2017-11-08 13:22 - 001471992 _____ () \\?\C:\Users\AMD\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-18 22:11 - 2017-11-18 22:11 - 000148992 _____ () \\?\C:\Users\AMD\AppData\Local\Temp\CC62.tmp.node
2017-08-08 21:45 - 2017-08-08 21:45 - 002658296 _____ () \\?\C:\Users\AMD\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-08 21:46 - 2017-08-08 21:46 - 002673656 _____ () \\?\C:\Users\AMD\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2014-03-11 19:11 - 2017-10-24 03:29 - 000704288 _____ () E:\Steam\SDL2.dll
2014-12-15 11:39 - 2016-08-31 20:02 - 004969248 _____ () E:\Steam\v8.dll
2014-12-15 11:39 - 2016-08-31 20:02 - 001563936 _____ () E:\Steam\icui18n.dll
2014-12-15 11:39 - 2016-08-31 20:02 - 001195296 _____ () E:\Steam\icuuc.dll
2014-05-22 15:50 - 2017-11-16 19:23 - 002558752 _____ () E:\Steam\video.dll
2017-11-07 23:03 - 2017-11-03 20:54 - 005137696 _____ () E:\Steam\libavcodec-57.dll
2017-11-07 23:03 - 2017-11-03 20:54 - 000847136 _____ () E:\Steam\libavutil-55.dll
2017-11-07 23:03 - 2017-11-03 20:54 - 000695584 _____ () E:\Steam\libavformat-57.dll
2017-11-07 23:03 - 2017-11-03 20:54 - 000351520 _____ () E:\Steam\libavresample-3.dll
2017-11-07 23:03 - 2017-11-03 20:54 - 000783648 _____ () E:\Steam\libswscale-4.dll
2015-01-30 13:42 - 2017-11-16 19:23 - 000904992 _____ () E:\Steam\bin\chromehtml.DLL
2016-02-19 03:47 - 2016-07-04 17:17 - 000266560 _____ () E:\Steam\openvr_api.dll
2017-06-07 20:54 - 2017-09-06 21:04 - 000678400 _____ () E:\Steam\bin\cef\cef.win7\SDL2.dll
2016-10-31 21:34 - 2017-10-30 23:44 - 071471904 _____ () E:\Steam\bin\cef\cef.win7\libcef.dll
2014-12-20 12:49 - 2015-09-24 18:52 - 000119208 _____ () E:\Steam\winh264.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000191488 _____ () E:\Steam\steamapps\common\GarrysMod\hl2.exe
2017-10-21 10:26 - 2017-11-15 12:22 - 000219136 _____ () E:\Steam\steamapps\common\GarrysMod\bin\launcher.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000274432 _____ () E:\Steam\steamapps\common\GarrysMod\bin\tier0.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000194560 _____ () E:\Steam\steamapps\common\GarrysMod\bin\vstdlib.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000674304 _____ () E:\Steam\steamapps\common\GarrysMod\bin\filesystem_stdio.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 004554752 _____ () e:\steam\steamapps\common\garrysmod\bin\engine.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000163840 _____ () e:\steam\steamapps\common\garrysmod\bin\inputsystem.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 001165312 _____ () e:\steam\steamapps\common\garrysmod\bin\materialsystem.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000281088 _____ () e:\steam\steamapps\common\garrysmod\bin\datacache.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000534016 _____ () e:\steam\steamapps\common\garrysmod\bin\studiorender.dll
2017-10-21 10:23 - 2017-10-21 10:23 - 000914344 _____ () e:\steam\steamapps\common\garrysmod\bin\vphysics.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 001380352 _____ () e:\steam\steamapps\common\garrysmod\bin\vguimatsurface.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000380928 _____ () e:\steam\steamapps\common\garrysmod\bin\vgui2.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000957440 _____ () E:\Steam\steamapps\common\GarrysMod\bin\shaderapidx9.dll
2014-03-11 19:11 - 2017-07-18 20:53 - 000384288 _____ () E:\Steam\steam.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000174592 _____ () e:\steam\steamapps\common\garrysmod\bin\stdshader_dbg.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000256512 _____ () e:\steam\steamapps\common\garrysmod\bin\stdshader_dx6.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000186368 _____ () e:\steam\steamapps\common\garrysmod\bin\stdshader_dx7.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000377344 _____ () e:\steam\steamapps\common\garrysmod\bin\stdshader_dx8.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000589312 _____ () e:\steam\steamapps\common\garrysmod\bin\stdshader_dx9.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000186880 _____ () e:\steam\steamapps\common\garrysmod\garrysmod\bin\game_shader_generic_garrysmod.dll
2017-10-21 10:26 - 2017-10-21 10:26 - 000070056 _____ () E:\Steam\steamapps\common\GarrysMod\bin\unicode.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 007051264 _____ () e:\steam\steamapps\common\garrysmod\garrysmod\bin\client.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 010387968 _____ () e:\steam\steamapps\common\garrysmod\garrysmod\bin\server.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000178176 _____ () E:\Steam\steamapps\common\GarrysMod\bin\soundemittersystem.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000101376 _____ () E:\Steam\steamapps\common\GarrysMod\bin\scenefilecache.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000509952 _____ () e:\steam\steamapps\common\garrysmod\garrysmod\bin\lua_shared.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 002170368 _____ () e:\steam\steamapps\common\garrysmod\garrysmod\bin\menusystem.dll
2017-10-21 10:23 - 2017-11-15 12:22 - 000973824 _____ () e:\steam\steamapps\common\garrysmod\garrysmod\bin\resources.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000117760 _____ () e:\steam\steamapps\common\garrysmod\garrysmod\bin\gmhtml.dll
2017-10-21 10:26 - 2017-11-15 12:22 - 000114688 _____ () E:\Steam\steamapps\common\GarrysMod\bin\gmod_audio.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-537105303-1443369179-2062714536-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: amdacpusrsvc => 2
MSCONFIG\Services: AODService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SEVPNCLIENT => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: WSWNA3100 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Genie.lnk => C:\Windows\pss\NETGEAR WNA3100 Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^AMD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupfolder: C:^Users^AMD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hyper.vbs => C:\Windows\pss\Hyper.vbs.Startup
MSCONFIG\startupfolder: C:^Users^AMD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^nth.lnk => C:\Windows\pss\nth.lnk.Startup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: alleging => "C:\Program Files (x86)\Holte\ached.exe"
MSCONFIG\startupreg: allegingalleging => "C:\Program Files (x86)\Frittering\ached.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: chilton => "C:\Program Files (x86)\uniondale\chilton.exe"
MSCONFIG\startupreg: contenders => "C:\Program Files (x86)\Holte\ached.exe"
MSCONFIG\startupreg: dodgers => "C:\Program Files (x86)\Holte\ached.exe"
MSCONFIG\startupreg: dodgersdodgers => "C:\Program Files (x86)\Frittering\ached.exe"
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\AMD\AppData\Local\Temp\DiscordLauncher.exe" ..
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcdonnel => "C:\Program Files (x86)\Holte\ached.exe"
MSCONFIG\startupreg: mcdonnelmcdonnel => "C:\Program Files (x86)\Frittering\ached.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\AMD\AppData\Roaming\Auto Clicker\AutoClicker.exe :silent
MSCONFIG\startupreg: perceptual => "C:\Program Files (x86)\Holte\ached.exe"
MSCONFIG\startupreg: perceptualperceptual => "C:\Program Files (x86)\Frittering\ached.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: supertintin_skype => C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe /start_context sys_auto
MSCONFIG\startupreg: Thanks => C:\PROGRAMDATA\MALWAREBYTES\MALWAREBYTES ANTI-MALWARE\CONFIGURATION\THANKS.BAT
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
MSCONFIG\startupreg: xylelo => rundll32.exe "C:\Users\AMD\AppData\Local\xylelo.dll",xylelo

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0BDC732-421E-47BA-BEDB-AC3ED64D79AC}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [TCP Query User{B796C96F-DDD5-49FF-8481-CBC503F8C21C}E:\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{21D5CE4B-A8C5-4364-9280-61DE207B8A98}E:\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{C66AD1C6-EE7D-437F-9D38-430C58F7ABEE}] => (Allow) E:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{00C506DD-ED05-4CD5-8348-F7BD35CD629A}] => (Allow) E:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5E8FD704-44CF-4AD1-B793-45ABBA8CB099}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C3EC86AE-5F56-4ED0-80C7-252715503D7D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{19DA7191-7982-4C13-B48C-4D04DE00659A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F07082AC-743D-44DD-8115-3CE288305A73}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{14CE080C-70E6-4E26-AE92-BA9F9AA4DDCB}C:\users\amd\appdata\roaming\sh-it.exe] => (Allow) C:\users\amd\appdata\roaming\sh-it.exe
FirewallRules: [UDP Query User{F4552F0D-F8FB-40ED-BC05-2AE01C14D8B8}C:\users\amd\appdata\roaming\sh-it.exe] => (Allow) C:\users\amd\appdata\roaming\sh-it.exe
FirewallRules: [{C8A2D233-1020-4F48-8BC1-288981E6FC13}] => (Allow) E:\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{1CFF1A4F-E86C-4726-B0CA-21458455FBAD}] => (Allow) E:\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [TCP Query User{FA98613F-A15C-4A01-BCE1-E2BF1079363A}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe
FirewallRules: [UDP Query User{2C1AF393-6B2B-43F1-B25B-71FBA5C93FA3}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe
FirewallRules: [{ACA064B8-83EC-4718-99AC-A76AD12636CF}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{99B5D4F1-D9E4-463B-81B7-B26ABA8D3B5D}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{14A74042-E70C-4E46-A036-9D7408EB80B8}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0723F1B2-0EE3-4DB3-9FF4-AC4E62D99508}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [TCP Query User{56BA5A7A-C66C-4602-9DB8-6B58252A4CA4}C:\users\amd\desktop\new folder\necro.exe] => (Allow) C:\users\amd\desktop\new folder\necro.exe
FirewallRules: [UDP Query User{7B51F1B9-7CFD-4FFC-B88C-9FC8A841D80F}C:\users\amd\desktop\new folder\necro.exe] => (Allow) C:\users\amd\desktop\new folder\necro.exe
FirewallRules: [{9A8996EC-3C75-4B58-91AF-91C2F9125081}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BD6FFAD9-A756-48AE-A0C4-342FA53BEA72}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{9049A031-7BB5-45BB-9A70-A094C3A5E382}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7010E737-6295-4C96-9B4B-2F4A6BCB6B0F}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{355159EE-F062-48A9-A670-C6675E71783D}C:\users\amd\desktop\7 days to die\7daystodie.exe] => (Allow) C:\users\amd\desktop\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{C46AFDF0-C172-4FF1-924D-0848F66B111A}C:\users\amd\desktop\7 days to die\7daystodie.exe] => (Allow) C:\users\amd\desktop\7 days to die\7daystodie.exe
FirewallRules: [{A33CCDE0-E7CE-4CC5-B789-E72B8371AC26}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [TCP Query User{ABE3AC4C-6177-403F-842B-EF610BD1CE1F}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{B4462035-04A7-466D-AE13-1023EB2C666F}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{AFB192F4-0357-4BB7-90B5-CA90EC5AA009}] => (Allow) E:\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{5441974B-40D5-4C5D-B4C2-1215DB75C40C}] => (Allow) E:\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [TCP Query User{244E8309-2E03-49B8-87A1-EC075491D27D}C:\users\amd\desktop\admin\rustadminrelease\rustadmin.exe] => (Allow) C:\users\amd\desktop\admin\rustadminrelease\rustadmin.exe
FirewallRules: [UDP Query User{E04B8B5E-4455-4154-91AE-B1F220C96E51}C:\users\amd\desktop\admin\rustadminrelease\rustadmin.exe] => (Allow) C:\users\amd\desktop\admin\rustadminrelease\rustadmin.exe
FirewallRules: [TCP Query User{E82F0AD1-DEEA-4311-A16F-A97589E775A8}C:\users\amd\downloads\anydesk.exe] => (Allow) C:\users\amd\downloads\anydesk.exe
FirewallRules: [UDP Query User{D8417505-157C-4C0F-A697-773C32B23C99}C:\users\amd\downloads\anydesk.exe] => (Allow) C:\users\amd\downloads\anydesk.exe
FirewallRules: [{44802691-B8C1-486B-8AD7-0EC2406AAB19}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{15326F2E-9442-4845-8CDC-D69ECA8C6ED5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{75FF1F58-BC8D-4F63-8873-220A8B209311}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1A6A4D33-EF2C-4D4E-B3B1-E406EA719D6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{31BBDC77-2178-4626-AF2E-E5FC364DC4B0}] => (Allow) E:\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{1460312B-F844-457D-BEF6-0EF5EEBEC7C2}] => (Allow) E:\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [TCP Query User{4CD02819-9AC9-4E61-BF7C-B5B45DAC7D25}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{9C314D64-0EFD-4305-A8C3-9B056C9232AB}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{4E49AD4E-389D-4BB6-A661-35C6338788E2}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{169436E5-13BA-4E2A-B2CF-B27C18C78480}C:\users\amd\desktop\mozie\necrobot2.win.exe] => (Allow) C:\users\amd\desktop\mozie\necrobot2.win.exe
FirewallRules: [UDP Query User{A9FF34D0-354A-4CBB-8184-04074B2263F7}C:\users\amd\desktop\mozie\necrobot2.win.exe] => (Allow) C:\users\amd\desktop\mozie\necrobot2.win.exe
FirewallRules: [{76022549-497E-4BDA-A91A-3919E4AAA32C}] => (Allow) E:\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{1D38CF8B-E79A-4E90-9A1B-1D84AF8D9E0D}] => (Allow) E:\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{19775ADE-0176-40DB-8564-0DEE35A202E8}] => (Allow) E:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{8A29252F-CF27-46CA-9859-309713696338}] => (Allow) E:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{5085D602-1B1A-4FC5-9FCD-94EC2227F20D}E:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) E:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{E700E4B8-EDF6-4D76-9B4A-F04A19E218FC}E:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) E:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{818506D3-52B4-44BD-81E7-EAFE71FEABA7}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{C9EB66C3-DD21-4F15-934C-7D19A6BBA48A}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{EDC4B32E-8CAF-46D3-B5C8-D3F1A12E57AE}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{7A1195D8-1E19-4C99-895A-0000EAB12406}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{151CF619-81F5-4C0D-98B5-BC1B0695283E}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{D98628DD-0B24-4EF8-9180-7B6F2EF83C93}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{1A4CA4A5-E4B5-4524-960A-E1A4D465E84D}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{F95BB7A6-AFD7-4F6B-A2FB-5C4848509666}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{EC461F07-7BA3-40F0-B02D-1C30285C21C5}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{EF84CB15-C885-40A4-A124-4EF9A5FA84B3}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{EAE8A161-A11E-4969-97D1-24DFC8D7DE04}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{90045E4F-658F-4993-B34F-F7F850C1553F}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{A771BD5A-86B1-4429-AB11-01B956B3F99D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{610A377F-FE15-4EC7-A809-869AEAC4DDFF}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{20F556C4-DC9B-47B6-82BD-5462605C4EF8}] => (Allow) C:\Users\AMD\AppData\Local\Temp\system.exe
FirewallRules: [{9CB96BC1-5356-43DB-94A8-810C6436A736}] => (Block) C:\Users\AMD\AppData\Local\Temp\system.exe
FirewallRules: [{E947EFAB-05C8-4F95-975B-DE67F8F09C66}] => (Allow) C:\Users\AMD\AppData\Local\Temp\system.exe
FirewallRules: [{E573425B-EB13-4248-9FBD-12E25EAE5DA3}] => (Allow) C:\Users\AMD\AppData\Local\Temp\system.exe
FirewallRules: [TCP Query User{844DD3C1-AD24-4776-8E32-5005CBE98C98}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BB563696-0979-4B98-AEB9-98A3846A7D1E}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F73936CF-9D9D-4EB1-90FC-476957B1C9E1}] => (Block) E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{23D74417-120E-400A-9BCD-AAF65BE1395A}] => (Block) E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D07EEAAA-37D6-478D-AF43-6B54758851A0}] => (Allow) E:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{A035E959-07CE-48AF-94AF-03281627FA26}] => (Allow) E:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [TCP Query User{88DB3798-2A10-46CD-9A68-CFB745532979}C:\users\amd\appdata\local\apps\2.0\rcc8b2m8.7rh\apcbca74.wy4\kong..tion_0000000000000000_0000.0001_ae491a261636499a\konghacktrainer.exe] => (Allow) C:\users\amd\appdata\local\apps\2.0\rcc8b2m8.7rh\apcbca74.wy4\kong..tion_0000000000000000_0000.0001_ae491a261636499a\konghacktrainer.exe
FirewallRules: [UDP Query User{51E4F72D-4D6F-46EE-9C61-4BF89A32C721}C:\users\amd\appdata\local\apps\2.0\rcc8b2m8.7rh\apcbca74.wy4\kong..tion_0000000000000000_0000.0001_ae491a261636499a\konghacktrainer.exe] => (Allow) C:\users\amd\appdata\local\apps\2.0\rcc8b2m8.7rh\apcbca74.wy4\kong..tion_0000000000000000_0000.0001_ae491a261636499a\konghacktrainer.exe
FirewallRules: [{6990ADC7-C6CE-4F20-9C6D-5C4A426072BA}] => (Block) C:\users\amd\appdata\local\apps\2.0\rcc8b2m8.7rh\apcbca74.wy4\kong..tion_0000000000000000_0000.0001_ae491a261636499a\konghacktrainer.exe
FirewallRules: [{932A67B1-9E01-4F84-836F-17EE28FB0D8D}] => (Block) C:\users\amd\appdata\local\apps\2.0\rcc8b2m8.7rh\apcbca74.wy4\kong..tion_0000000000000000_0000.0001_ae491a261636499a\konghacktrainer.exe
FirewallRules: [{C6186706-C1A7-48F7-BDC5-067EFDC8E3D8}] => (Allow) E:\Steam\SteamApps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{881E4B0D-904E-4893-A426-762DB1500DC8}] => (Allow) E:\Steam\SteamApps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{81D714EF-0771-4BDC-A357-2FCE4D319FF4}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{B68BA2ED-060E-4380-B5CC-2DFA76B658A2}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{43DEF53F-DE36-4642-BD67-8CFBA32E300D}] => (Allow) E:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{F431CD7E-AE56-41E2-AEB0-217F861A1643}] => (Allow) E:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{7C4EA312-0DBB-44E8-8A21-C5F7AA70FD45}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{BEFEB142-E9EA-4908-8115-59EEBA7BE112}] => (Allow) E:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [TCP Query User{DEC5DF80-D6D0-4835-87B3-26BCC524F77E}C:\users\amd\desktop\nanocore 1.2.2.0_cracked by alcatraz3222\nanocore.exe] => (Allow) C:\users\amd\desktop\nanocore 1.2.2.0_cracked by alcatraz3222\nanocore.exe
FirewallRules: [UDP Query User{CA19C81B-475C-49D8-92A0-5659A9C6D65D}C:\users\amd\desktop\nanocore 1.2.2.0_cracked by alcatraz3222\nanocore.exe] => (Allow) C:\users\amd\desktop\nanocore 1.2.2.0_cracked by alcatraz3222\nanocore.exe
FirewallRules: [{EEADFD78-E1A6-4F25-ADB2-77A4FEF9448A}] => (Block) C:\users\amd\desktop\nanocore 1.2.2.0_cracked by alcatraz3222\nanocore.exe
FirewallRules: [{7F79FA60-7AAF-4AF6-8AAF-36442AFB2EE0}] => (Block) C:\users\amd\desktop\nanocore 1.2.2.0_cracked by alcatraz3222\nanocore.exe
FirewallRules: [{893B00FF-C570-4A7F-B3AB-573A1DEC478A}] => (Allow) E:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{B00791C9-8901-446E-B957-AD630DE24963}] => (Allow) E:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{49787BAB-FACB-40BA-9755-07B7300F63D5}] => (Allow) E:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{FFAF86B5-44E1-4C4D-A93F-5EFE2A86B6C6}] => (Allow) E:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{1D3596E4-21EE-48DA-87EC-44C804DC2479}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{F22CC781-34D6-4683-9A4E-23006F695CA6}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{B8BF4F09-1CC9-4916-A12F-B85207A779C3}] => (Block) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{CAAB8DED-A682-4431-B4ED-93DAA7C2AA54}] => (Block) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{D6582C48-E80C-4967-AD20-7C398859ADA0}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{96AE6E2E-6EED-411B-83FA-AB7A7AA2F53A}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{C6B05555-64E4-4AC5-8846-728A12BA67F8}] => (Block) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{2194D95A-857D-4FB7-ACA7-7014E5203B1F}] => (Block) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{BD155223-70C9-4C6D-905D-C8C7EDA8D0A9}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{5F7BA3FD-CFDC-4820-B474-D04211D30FF3}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{4D55ADA2-EDA6-45BD-A260-3277AC9E11EE}] => (Block) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{D27D5F52-BBD5-4390-90DB-421630D4CCD8}] => (Block) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{3EF6C0F1-D3D6-4013-B9BA-0AA201426C09}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0DAEDE8D-CB35-4935-8357-ADEDF519D4D2}] => (Allow) C:\Program Files (x86)\Holte\ached.exe
FirewallRules: [{50DE8745-34A8-4FFA-A70C-99D2D959236D}] => (Allow) C:\Program Files (x86)\Frittering\ached.exe
FirewallRules: [TCP Query User{CFFF6C6B-DAAF-4769-BFC4-CF45CD500970}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{FB4CF1A8-F948-42E2-BF5F-B95FA8150D4E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{931AF76B-6AEF-436A-9681-348EB9421BBA}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{4148BAF9-6B56-4ADA-B30E-ED3D5632712A}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{EDA2F101-A582-4042-96C0-6985F74DECA2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{512114E8-24D6-4496-83B1-B59C23AA3901}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{0C9A099B-73CB-49AB-92C8-46A16445F4D0}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{6838B7EE-3E78-4928-80ED-A34AB88AA992}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{C2D337E6-D9AB-4D12-B1E5-5B5B8FB6EC7A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{A13563BA-5802-431E-938B-21C9452614B7}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{E3E2F3A2-BCFA-475D-990D-1C65A0EDE89E}] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{D33A98D1-DEA5-4A2A-BD86-7FE7F12FE1A8}] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe

==================== Restore Points =========================

18-11-2017 21:18:44 Installed DirectX

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2017 10:10:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2017 08:15:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2017 03:47:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2017 03:36:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2017 04:56:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 4.24.50.43 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1070

Start Time: 01d35feeab234928

Termination Time: 3

Application Path: E:\Steam\Steam.exe

Report Id: f82810ab-cbe1-11e7-aad1-005056c00008

Error: (11/17/2017 05:49:12 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\wekdopusvc.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Process Hacker because of this error.

Program: Process Hacker
File: C:\Windows\System32\wekdopusvc.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (11/17/2017 05:49:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProcessHacker.exe, version: 2.39.0.124, time stamp: 0x56f9db89
Faulting module name: ProcessHacker.exe, version: 2.39.0.124, time stamp: 0x56f9db89
Exception code: 0xc0000006
Fault offset: 0x00000000000ded50
Faulting process id: 0xc58
Faulting application start time: 0x01d35f91b448a631
Faulting application path: C:\Users\AMD\Desktop\Process Hacker 2\ProcessHacker.exe
Faulting module path: C:\Users\AMD\Desktop\Process Hacker 2\ProcessHacker.exe
Report Id: f2361b3e-cb84-11e7-aad1-005056c00008

Error: (11/17/2017 04:08:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2017 04:07:19 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Steam\bin\cef\cef.win7\steamwebhelper.exe

Error: (11/17/2017 04:07:19 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Steam\steam.exe

System errors:
=============
Error: (11/19/2017 12:13:34 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/19/2017 12:12:35 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 11:58:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 11:43:26 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 11:42:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 11:28:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 11:13:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 11:02:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 10:44:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2017 10:29:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

CodeIntegrity:
===================================
  Date: 2017-11-18 15:58:29.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:48:55.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:48:55.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:47:48.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:47:48.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:47:48.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:47:48.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:47:47.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:47:47.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 00:47:47.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 973 Processor
Percentage of memory in use: 39%
Total physical RAM: 6108.24 MB
Available physical RAM: 3705.35 MB
Total Virtual: 12214.66 MB
Available Virtual: 9551.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:2.02 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:70.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0F0F864F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 17FA78DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Aura]

Almost done! Follow the instructions below.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Fix button
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
• Copy and paste its content in your next reply
  

fixlist.txt

[Aura]

Hi Luciferx33,

Are you still with me?

[Aura]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!