Jump to content

igfxmtc and lsntize.exe virus


Masked

Recommended Posts

Hi Masked :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after. 

Link to post
Share on other sites

So it didn't find anything, alright.

Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply


 
Link to post
Share on other sites

I have a 4 gig usb flash drive, but I've been using it with this infected computer. Should I still use it? can I use an sd card, since I don't have any more usb flash drives?

Here's the text from FRST and Addition

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Mask (administrator) on TONY (06-12-2017 09:24:32)
Running from C:\Users\Mask\Desktop
Loaded Profiles: Mask (Available Profiles: Mask)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\WINDOWS\System32\exenisrsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(The Within Network, LLC) C:\WINDOWS\unsignedthemes.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\WINDOWS\runSW.exe
(Realtek) C:\WINDOWS\SwUSB.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Mask\AppData\Local\igfxmtc\igfxmtc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Flux Software LLC) C:\Users\Mask\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8850344 2017-11-30] (Emsisoft Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [uTorrent] => C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-04] (BitTorrent Inc.)
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\MountPoints2: {0a3756e0-18ae-11e5-bef2-f065dd6449f8} - "D:\LaunchU3.exe" -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C31A6F0A-842F-4E34-9E92-04E018C7F29D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DB1B3F01-A4ED-475E-A9AF-E28E365A8A0D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-31] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\Mask\AppData\Roaming\Mozilla\Firefox\Profiles\64vbxj6y.default-1468980204841 [2017-12-05]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default [2017-12-06]
CHR Extension: (Slides) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04]
CHR Extension: (YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-04]
CHR Extension: (Tampermonkey) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14]
CHR Extension: (Dark Reader) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2017-09-20]
CHR Extension: (uBlock) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-04-04]
CHR Extension: (Sheets) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-12-04]
CHR Extension: (Gmail) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-22]
CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22]
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-22]
CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22]
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9216648 2017-11-30] (Emsisoft Ltd)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-09-13] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-12] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 RunSwUSB; C:\WINDOWS\runSW.exe [44760 2014-12-12] ()
R2 UnsignedThemes; C:\WINDOWS\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 01679346; C:\WINDOWS\System32\drivers\82601126.sys [208216 2017-12-05] (Kaspersky Lab, GERT)
S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-11-12] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-11-12] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-03-08] (Disc Soft Ltd)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [43456 2014-11-23] (hxxp://libusb-win32.sourceforge.net)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-30] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-30] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-30] (Malwarebytes)
S3 mt7612US; C:\WINDOWS\system32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
S3 NSTDUSB3; C:\WINDOWS\System32\Drivers\cyusb.sys [47616 2011-10-18] (Cypress Semiconductor)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] ()
S3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] ()
S3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] ()
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [5632528 2016-12-05] (Realtek Semiconductor Corporation )
R3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 uxstyle; C:\WINDOWS\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC)
S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [42760 2016-02-22] (Microsoft Corporation)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 ysusb_w8_1_64; C:\WINDOWS\system32\drivers\ysusb_w8_1_64.sys [136432 2017-03-07] (Yamaha Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-05] (Zemana Ltd.)
U0 aswVmm; no ImagePath
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S1 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
R3 udiskMgr; system32\drivers\wzcfjm.sys [X]
S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 09:24 - 2017-12-06 09:24 - 000020923 _____ C:\Users\Mask\Desktop\FRST.txt
2017-12-06 09:12 - 2017-12-06 09:12 - 002391552 _____ (Farbar) C:\Users\Mask\Desktop\FRST64.exe
2017-12-06 01:13 - 2017-12-06 01:13 - 000140112 ____N C:\WINDOWS\system32\Drivers\nihlosvy.sys
2017-12-05 19:44 - 2017-12-05 19:44 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\332141CA.sys
2017-12-05 19:42 - 2017-12-05 22:05 - 000000000 ____D C:\Users\Mask\Desktop\mbar
2017-12-05 19:41 - 2017-12-05 19:41 - 014161479 _____ C:\Users\Mask\Desktop\mbar-1.10.3.1001-nr.exe
2017-12-05 15:20 - 2017-12-05 15:20 - 000001167 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\ProgramData\IObit
2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\Program Files (x86)\IObit
2017-12-05 15:00 - 2017-12-05 15:13 - 000000000 ____D C:\EEK
2017-12-05 14:57 - 2017-12-05 14:59 - 304451232 _____ C:\Users\Mask\Desktop\EmsisoftEmergencyKit.exe
2017-12-05 14:54 - 2017-12-05 14:54 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-12-05 14:02 - 2017-12-05 14:02 - 008187336 _____ (Malwarebytes) C:\Users\Mask\Desktop\adwcleaner_7.0.5.0.exe
2017-12-05 13:43 - 2017-12-05 13:43 - 000001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-05 13:43 - 2017-12-05 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-05 13:43 - 2017-12-05 13:43 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-05 13:42 - 2017-12-05 13:42 - 011584088 _____ (SurfRight B.V.) C:\Users\Mask\Desktop\hitmanpro_x64.exe
2017-12-05 13:02 - 2017-12-05 13:02 - 000000000 ____D C:\WINDOWS\pss
2017-12-05 12:54 - 2017-12-05 12:55 - 000003690 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.54.22_log.txt
2017-12-05 12:51 - 2017-12-05 12:51 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\82601126.sys
2017-12-05 12:51 - 2017-12-05 12:51 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-12-05 12:50 - 2017-12-05 12:51 - 000160444 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.50.08_log.txt
2017-12-05 11:15 - 2017-12-05 11:15 - 000000576 _____ C:\Users\Mask\Documents\Quarantine_171205-111500.txt
2017-12-05 10:54 - 2017-12-05 10:54 - 000001131 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-12-05 10:54 - 2017-12-05 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-12-05 09:39 - 2017-12-05 12:40 - 000000000 ____D C:\ProgramData\Emsisoft
2017-12-05 09:27 - 2017-12-05 09:27 - 000000915 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-12-05 09:27 - 2017-12-05 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-12-05 09:26 - 2017-12-06 09:20 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-12-05 01:53 - 2017-12-05 01:53 - 000000877 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-05 01:53 - 2017-12-05 01:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-05 01:53 - 2017-12-05 01:53 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-05 01:22 - 2017-12-05 01:22 - 000003190 _____ C:\WINDOWS\System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9}
2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-12-04 21:12 - 2017-12-04 21:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\775AE746.sys
2017-12-04 21:10 - 2017-12-06 01:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-04 21:10 - 2017-12-05 19:43 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-04 20:47 - 2017-12-04 21:24 - 000000000 ____D C:\Program Files (x86)\Task Killer
2017-12-04 20:47 - 2017-12-04 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Killer
2017-12-04 19:57 - 2017-12-05 09:20 - 000000000 ____D C:\Users\Mask\AppData\LocalLow\uTorrent
2017-12-04 19:24 - 2017-12-05 14:54 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-04 19:14 - 2017-12-04 19:14 - 000106051 _____ C:\Users\Mask\Documents\bookmarks_12_4_17.html
2017-12-04 16:24 - 2017-12-06 09:18 - 000000000 ____D C:\FRST
2017-12-02 17:40 - 2017-12-05 19:12 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-02 17:39 - 2017-12-02 18:27 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-02 13:41 - 2017-12-02 13:41 - 000000000 ____D C:\ProgramData\dbg
2017-12-02 13:36 - 2017-12-06 09:24 - 000061144 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-02 13:36 - 2017-12-06 09:24 - 000032134 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-02 13:36 - 2017-12-05 13:53 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-02 13:36 - 2017-12-02 13:36 - 000000000 ____D C:\Users\Mask\AppData\Local\Zemana
2017-12-02 13:18 - 2017-12-05 00:46 - 000004130 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-02 12:37 - 2017-12-05 14:08 - 000000000 ____D C:\AdwCleaner
2017-12-01 13:54 - 2017-12-01 13:54 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-11-29 08:49 - 2017-11-30 09:49 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-29 08:49 - 2017-11-30 09:49 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-26 20:35 - 2017-11-26 20:35 - 000000000 ___HD C:\$AV_AVG
2017-11-23 11:52 - 2017-11-23 11:52 - 000099876 _____ C:\Users\Mask\Downloads\bookmarks_11_23_17.html
2017-11-22 17:18 - 2017-11-22 21:08 - 000000000 ____D C:\Users\Mask\AppData\Local\secohpr
2017-11-22 17:16 - 2017-11-30 09:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-22 17:15 - 2017-12-06 09:05 - 000000000 ____D C:\Users\Mask\AppData\Local\lsntize
2017-11-22 17:15 - 2017-11-30 09:51 - 000000000 ____D C:\Users\Mask\AppData\Local\igfxmtc
2017-11-22 17:13 - 2017-12-06 09:02 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\exenisrsvc.exe
2017-11-22 17:13 - 2017-11-23 15:47 - 000000000 ____D C:\Users\Mask\AppData\Local\eai
2017-11-22 17:13 - 2017-11-22 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\wdbuzxi
2017-11-22 17:13 - 2017-11-22 17:13 - 000000000 ____D C:\WINDOWS\system32\wdbuzxi
2017-11-22 17:13 - 2017-11-22 17:13 - 000000000 ____D C:\Users\Mask\AppData\Roaming\et
2017-11-20 19:09 - 2017-12-04 13:41 - 000000000 ____D C:\Users\Mask\Desktop\Flip&Staw
2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-11-20 17:17 - 2016-12-05 07:03 - 005632528 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys
2017-11-20 17:17 - 2016-12-05 02:59 - 000014443 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt
2017-11-20 17:17 - 2016-12-05 02:59 - 000011488 _____ C:\WINDOWS\system32\Drivers\FJCP.txt
2017-11-20 17:17 - 2016-12-05 02:59 - 000011332 _____ C:\WINDOWS\system32\Drivers\CCEN.txt
2017-11-20 17:17 - 2016-06-30 16:21 - 000454360 _____ (Realtek) C:\WINDOWS\SwUSB.exe
2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe
2017-11-17 01:49 - 2017-11-17 01:49 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-15 16:27 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\AppData\Roaming\iZotope
2017-11-15 16:01 - 2017-11-15 16:01 - 000001637 _____ C:\Users\Public\Desktop\RX 6 Audio Editor (64-bit).lnk
2017-11-15 15:58 - 2017-11-15 16:07 - 000000000 ____D C:\Program Files (x86)\Vstplugins
2017-11-15 15:58 - 2017-11-15 16:00 - 000000000 ____D C:\Program Files\Vstplugins
2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\VST3
2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\Avid
2017-11-15 15:57 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\Documents\iZotope
2017-11-15 15:57 - 2017-11-15 15:57 - 000000000 ____D C:\Program Files (x86)\iZotope
2017-11-15 14:14 - 2017-11-15 15:51 - 000000000 ____D C:\Users\Mask\AppData\Local\ImpaqSpeed
2017-11-15 08:26 - 2017-10-17 11:11 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 08:26 - 2017-10-16 10:38 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 08:26 - 2017-10-14 05:04 - 001548624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 08:26 - 2017-10-14 00:38 - 025731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 08:26 - 2017-10-14 00:23 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-11-15 08:26 - 2017-10-14 00:13 - 002903552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-11-15 08:26 - 2017-10-14 00:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 08:26 - 2017-10-14 00:09 - 005979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 08:26 - 2017-10-14 00:01 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 08:26 - 2017-10-13 23:36 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-11-15 08:26 - 2017-10-13 23:31 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-11-15 08:26 - 2017-10-13 23:30 - 015266816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 08:26 - 2017-10-13 23:30 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 08:26 - 2017-10-13 23:30 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 08:26 - 2017-10-13 23:29 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 08:26 - 2017-10-13 23:27 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 08:26 - 2017-10-13 23:21 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 08:26 - 2017-10-13 23:14 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 08:26 - 2017-10-13 23:09 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-15 08:26 - 2017-10-13 23:05 - 015431680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 08:26 - 2017-10-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-11-15 08:26 - 2017-10-13 22:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 08:26 - 2017-10-13 22:50 - 002293760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-11-15 08:26 - 2017-10-13 22:45 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 08:26 - 2017-10-13 22:33 - 004542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 08:26 - 2017-10-13 22:28 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 08:26 - 2017-10-13 22:28 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-11-15 08:26 - 2017-10-13 22:25 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-11-15 08:26 - 2017-10-13 22:24 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 08:26 - 2017-10-13 22:24 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 08:26 - 2017-10-13 22:23 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 08:26 - 2017-10-13 22:14 - 013317632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 08:26 - 2017-10-13 22:10 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 08:26 - 2017-10-13 22:07 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-15 08:26 - 2017-10-13 22:04 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-11-15 08:26 - 2017-10-10 08:36 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 08:26 - 2017-10-10 07:38 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 08:26 - 2017-10-10 07:38 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-11-15 08:26 - 2017-10-10 07:11 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 08:26 - 2017-10-10 07:08 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-11-15 08:26 - 2017-10-04 23:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 08:26 - 2017-09-14 15:52 - 000986968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-11-15 08:26 - 2017-09-08 09:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-11-15 08:26 - 2017-09-08 08:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-11-15 08:26 - 2017-09-07 19:31 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-11-15 08:26 - 2017-09-07 19:28 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-11-15 08:26 - 2017-09-07 13:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-11-15 08:26 - 2017-09-07 11:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\system32\locale.nls
2017-11-15 08:26 - 2017-09-07 05:40 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-11-15 08:26 - 2017-09-07 05:40 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-11-15 08:26 - 2017-09-06 15:07 - 000158552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-11-15 08:26 - 2017-09-06 13:17 - 000461144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-11-15 08:26 - 2017-09-06 13:17 - 000443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-11-15 08:26 - 2017-09-06 06:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-11-15 08:26 - 2017-08-10 17:39 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-11-15 08:26 - 2017-08-10 17:30 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-11-15 08:18 - 2017-10-10 23:35 - 000143016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 08:18 - 2017-10-10 07:21 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 002023936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 08:18 - 2017-10-10 05:18 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\ProgramData\Yamaha_Uninstaller
2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\Program Files (x86)\Yamaha
2017-11-12 10:39 - 2017-11-12 10:39 - 000001951 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-11-12 10:39 - 2017-11-12 10:38 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-11-12 10:39 - 2017-11-12 10:38 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-11-11 11:25 - 2017-11-11 11:25 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_xinputhid_01011.Wdf
2017-11-10 22:21 - 2017-11-10 22:21 - 000000000 ____D C:\Program Files\Tobias Erichsen
2017-11-06 23:22 - 2017-11-11 01:10 - 000000000 ____D C:\Users\Mask\AppData\Roaming\DarkAudacity
2017-11-06 23:22 - 2017-11-06 23:22 - 000000000 ____D C:\Users\Mask\AppData\Local\DarkAudacity

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 09:18 - 2013-11-14 13:31 - 000000000 ____D C:\Users\Mask\AppData\Roaming\ClassicShell
2017-12-06 09:07 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-06 09:04 - 2015-01-28 01:17 - 000000000 ____D C:\Users\Mask
2017-12-06 09:04 - 2013-08-22 06:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-06 09:03 - 2015-01-28 01:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-06 08:22 - 2013-08-22 05:25 - 016515072 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-05 22:46 - 2013-08-22 05:36 - 000000000 ____D C:\WINDOWS\Inf
2017-12-05 17:26 - 2013-10-22 21:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2499287152-2841305583-4123039165-1002
2017-12-05 16:50 - 2013-08-26 22:27 - 000000000 ____D C:\Users\Mask\Desktop\Youtube Files,turtle beach etc
2017-12-05 13:09 - 2013-10-27 19:55 - 000000000 ____D C:\Users\Mask\AppData\Local\ElevatedDiagnostics
2017-12-05 11:24 - 2016-09-25 20:24 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-05 09:20 - 2016-10-23 13:09 - 000000000 ____D C:\Users\Mask\AppData\Roaming\uTorrent
2017-12-05 00:46 - 2017-05-27 10:44 - 000004178 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-04 21:12 - 2015-08-01 01:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-04 16:40 - 2014-11-20 20:44 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-03 02:57 - 2013-08-22 05:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-12-02 21:44 - 2015-01-31 04:56 - 005876224 ___SH C:\Users\Mask\Desktop\Thumbs.db
2017-12-02 16:52 - 2012-07-25 23:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-02 16:36 - 2013-10-22 21:23 - 000000000 ____D C:\Users\Mask\AppData\Local\Packages
2017-12-02 16:36 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-02 13:18 - 2013-10-23 22:52 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-02 13:18 - 2013-10-23 22:52 - 000000000 ____D C:\Program Files\CCleaner
2017-12-01 14:03 - 2013-08-22 07:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-30 21:59 - 2017-09-11 19:06 - 000001224 _____ C:\Users\Mask\Desktop\Roblox Studio.lnk
2017-11-30 21:59 - 2017-09-11 19:06 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-30 00:17 - 2017-06-05 14:14 - 000000000 ____D C:\Users\Mask\Desktop\NSMB2 Files
2017-11-29 16:53 - 2013-10-25 11:18 - 000000000 ____D C:\Users\Mask\AppData\Roaming\vlc
2017-11-27 23:37 - 2013-10-27 20:08 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Audacity
2017-11-25 22:39 - 2015-04-03 15:00 - 000000000 ____D C:\Users\Mask\Desktop\Dxtory
2017-11-24 12:10 - 2010-01-31 14:00 - 000000000 ____D C:\Users\Mask\Desktop\OpenHardwareMonitor
2017-11-23 18:15 - 2015-08-20 17:08 - 000000000 ____D C:\Users\Mask\Desktop\Pc Games
2017-11-23 17:20 - 2013-11-15 12:03 - 000000000 ____D C:\Users\Mask\AppData\Local\CrashDumps
2017-11-20 17:17 - 2013-10-23 21:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-19 18:52 - 2013-10-24 09:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-19 18:48 - 2017-10-10 23:10 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-19 18:48 - 2016-04-13 12:44 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 01:49 - 2017-09-26 18:04 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-16 09:33 - 2013-08-22 06:44 - 000525280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-16 02:53 - 2015-04-16 14:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 13:28 - 2016-04-04 20:17 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 10:39 - 2017-05-27 10:44 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-11-14 16:18 - 2016-04-14 00:57 - 000001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-11-14 16:18 - 2016-04-14 00:57 - 000000990 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-11-14 16:18 - 2016-04-14 00:57 - 000000000 ____D C:\Program Files (x86)\Audacity
2017-11-14 09:28 - 2017-06-28 13:56 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 09:28 - 2017-06-28 13:55 - 000004464 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-13 13:31 - 2016-04-04 20:16 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 13:31 - 2016-04-04 20:16 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-12 10:38 - 2017-05-27 10:44 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-11-12 10:37 - 2017-05-27 10:44 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-11-12 10:11 - 2016-12-06 15:48 - 000000000 ____D C:\ProgramData\PreSonus
2017-11-10 22:20 - 2014-04-26 00:55 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-06 21:08 - 2017-05-27 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-06 21:08 - 2017-05-27 10:41 - 000001028 _____ C:\Users\Public\Desktop\AVG.lnk

==================== Files in the root of some directories =======

2013-02-16 19:27 - 2013-02-16 19:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2017-03-16 16:47 - 2017-03-16 16:47 - 000000132 _____ () C:\Users\Mask\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-12-29 18:29 - 2013-12-29 18:47 - 000099384 _____ () C:\Users\Mask\AppData\Roaming\inst.exe
2013-12-29 18:29 - 2013-12-29 18:47 - 000007859 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.cat
2013-12-29 18:29 - 2013-12-29 18:47 - 000001167 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.inf
2013-12-29 18:29 - 2013-12-29 18:47 - 000000055 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.log
2013-12-29 18:29 - 2013-12-29 18:47 - 000082816 _____ (VSO Software) C:\Users\Mask\AppData\Roaming\pcouffin.sys
2014-01-02 01:31 - 2017-08-21 20:26 - 000001456 _____ () C:\Users\Mask\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-06 03:14 - 2016-08-15 01:35 - 000004608 _____ () C:\Users\Mask\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-07 10:20 - 2016-07-07 10:20 - 000000764 _____ () C:\Users\Mask\AppData\Local\recently-used.xbel
2014-05-14 10:40 - 2014-05-14 10:40 - 000007606 _____ () C:\Users\Mask\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-12-05 12:51 - 2017-12-05 12:46 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Mask\AppData\Local\Temp\79104729-3343-4B5B-BA05-1861AD80E16C.exe
2017-12-02 17:39 - 2017-09-14 11:30 - 001737600 _____ (Microsoft Corporation) C:\Users\Mask\AppData\Local\Temp\dllnt_dump.dll
2017-12-01 02:21 - 2017-12-01 02:21 - 000000000 _____ () C:\Users\Mask\AppData\Local\Temp\jl-9p9i7.dll
2017-10-31 14:29 - 2017-10-31 14:29 - 001856576 _____ (Oracle Corporation) C:\Users\Mask\AppData\Local\Temp\jre-8u151-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\nihlosvy.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-06-24 22:25

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Mask (06-12-2017 09:25:01)
Running from C:\Users\Mask\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-01-28 09:38:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2499287152-2841305583-4123039165-500 - Administrator - Disabled)
Guest (S-1-5-21-2499287152-2841305583-4123039165-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2499287152-2841305583-4123039165-1005 - Limited - Enabled)
Mask (S-1-5-21-2499287152-2841305583-4123039165-1002 - Administrator - Enabled) => C:\Users\Mask

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Out of date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
1.0 (HKLM-x32\...\ALAN Wake_is1) (Version:  - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
AnyMedia Player 4.5.1 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 4.5.1 - cyan soft ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS USB-AC68 WLAN Card Driver (HKLM-x32\...\{56A6C59A-E783-41CB-A5F9-9240CA3C6B87}) (Version: 2.1.3.9 - ASUS)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dolphin 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Development Team)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.11 - Emsisoft Ltd.)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
f.lux (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Flux) (Version:  - )
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HackingToolkit3DS version 5.3 (HKLM-x32\...\{E76AC66E-D0AA-4274-BF9B-7704C777C3C3}_is1) (Version: 5.3 - Asia81)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Kholat (HKLM-x32\...\Kholat_is1) (Version:  - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenToonz version 1.0 (HKLM\...\{D9A9B1A3-9370-4BE9-9C8F-7B52EEECB973}_is1) (Version: 1.0 - DWANGO Co., Ltd.)
PackBit Codec version 1.0.0.1Beta (HKLM-x32\...\{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1) (Version: 1.0.0.1Beta - Dxtory Software)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Roblox Player for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
RogueKiller version 12.11.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.27.0 - Adlice Software)
RX 6 Audio Editor Advanced (HKLM-x32\...\RX 6 Audio Editor Advanced) (Version: 6.00 - iZotope, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps)
Sonic Adventure 2 (c) SEGA version 1 (HKLM-x32\...\Sonic Adventure 2 (c) SEGA_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Task Killer (remove only) (HKLM-x32\...\Task Killer) (Version:  - )
TEKKEN 7 (HKLM-x32\...\TEKKEN 7_is1) (Version:  - )
teVirtualMIDI64 (HKLM\...\{300D1BB9-FA9E-40EA-ADD8-934D5066F6D5}) (Version: 1.2.11.41 - Tobias Erichsen)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi)
UxStyle (HKLM\...\{86D24646-DAF6-4F5E-BCAD-CF7EF8E362E1}) (Version: 0.2.3.0 - The Within Network, LLC) Hidden
UxStyle (HKLM-x32\...\{05560347-3a9b-4644-a8ed-8b64cc947189}) (Version: 0.2.3.0 - The Within Network, LLC)
Vegas Pro 12.0 (64-bit) (HKLM-x32\...\Vegas Pro 12.0 (64-bit)) (Version: 12.0 (64-bit) - Exµs ™)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vJoy Device Driver 0.2.0.5 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 - Shaul Eizikovich)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham)
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (12/03/2012 1.2.0000.00000) (HKLM\...\32F8755FAEB4107085D8EB430DFE56CD6E5ADDB7) (Version: 12/03/2012 1.2.0000.00000 - Amazon.com)
Windows Driver Package - non-standard.com(tsg-mfg) (NSTDUSB3) USB  (04/18/2014 3.4.7.001) (HKLM\...\AF14DC8D7C324C76B112C941194F10991F58B808) (Version: 04/18/2014 3.4.7.001 - non-standard.com(tsg-mfg))
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM\...\{BEA06A39-583D-486E-A3EB-2A434ED45940}) (Version: 1.9.10 - Yamaha Corporation) Hidden
Yamaha Steinberg USB Driver (HKLM-x32\...\yUninstall_{2938B185-2D57-47B0-9FC8-C90A67BA9277}) (Version: 1.9.10 - Yamaha Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2499287152-2841305583-4123039165-1002_Classes\CLSID\2A89C3F9-59CC-4F4B-9252-C5E7A6F4B248\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-07-10] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers6-x32: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers6-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {12A7EE85-4764-4F4B-A8EC-163381E72F1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {188C6A92-31C8-40C7-817C-19A0AF262025} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {369EF934-BC6B-4BB7-B098-93FF2370196E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16} - System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => C:\WINDOWS\system32\pcalua.exe -a "C:\Games\The Train\Uninstall.exe"
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5869806D-20DF-4241-AFDC-43EC9C287D18} - System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Mask\Desktop\Kindle Fire ADB Drivers.exe" -d C:\Users\Mask\Desktop
Task: {5984D908-6534-4927-85EE-1B0072A6D7E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.)
Task: {6673E07D-DAB4-4208-9C45-06DAEDB5BDA9} - no filepath
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {90B053F8-4D91-4BFC-9B53-899FEB89E970} - System32\Tasks\Logon Synchronization => C:\Users\Mask\AppData\Local\Temp\ndfapi.exe <==== ATTENTION
Task: {9D9EFBBC-836E-4F91-A600-C2869FB70322} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0} - System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{05560347-3a9b-4644-a8ed-8b64cc947189}\UxStyle_Bundle.exe" -c  /uninstall
Task: {B4B8431F-A304-45BE-8E53-847E7A5ED0F0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {B8552DF7-7B77-4042-844B-1640801F911B} - System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\UN091222.EXE -c /UNINST
Task: {BAD6B62E-C38E-4375-B8EF-740230A2E6D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {C44AD2EA-8417-4285-AB8E-D3F1B41A562D} - System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe"
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E7B7AFE5-AEF9-4E6F-88CD-A4B7DB363AFC} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E859EFB6-A8AE-465A-9F30-10238A8DA1E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.)
Task: {EDB39FA2-06FF-4B11-BADB-8222A72ED960} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-19] (Microsoft Corporation)
Task: {FDD11B9A-CD73-4264-832E-45489CF8E8C5} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-12] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-01-28 01:08 - 2016-07-10 15:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 000212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 15:03 - 2012-03-05 15:03 - 000677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 13:53 - 2012-02-16 13:53 - 003642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2010-07-14 20:44 - 2010-07-14 20:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2017-12-05 01:17 - 2017-12-05 01:17 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe
2017-09-26 18:04 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-11-15 13:28 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 13:28 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-07-05 14:44 - 2017-07-05 14:44 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2016-11-28 21:13 - 2016-11-28 21:13 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C581A570 [122]
AlternateDataStreams: C:\ProgramData\TEMP:CCA964A4 [126]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01679346.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2016-10-27 16:27 - 000001196 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                   www.techsmith.com
127.0.0.1                   activation.cloud.techsmith.com
127.0.0.1                   oscount.techsmith.com
127.0.0.1                   updater.techsmith.com
127.0.0.1                   camtasiatudi.techsmith.com
127.0.0.3                   tsccloud.cloudapp.net
127.0.0.2                   assets.cloud.techsmith.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mask\Desktop\pacman_maze_harassment_search_22082_1920x1080.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85D609B1-9B9A-4E32-83D5-933545E75204}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30D30666-D7C7-419F-B490-690EE8A3136C}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F63CD267-436B-4458-A091-987AB229AD50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{725C65EA-C79D-4BDD-94CF-9B6257FE6A44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4EC40540-9DE5-42B4-B5A3-A6D07F6732B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{70B726BE-AB78-4D3C-9BDD-D498418C6157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA409F4F-B315-4AA4-99A5-2931333A17DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5EBDEF40-1DF9-48FF-B58F-DA97FA21C8EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4E59D1EB-AEE1-4403-89BB-31EA1CE2622D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D55C04CC-416D-4B83-B12B-8B568E0FAE6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B1D5FB6-0DD1-4D8D-BA40-002AA8E855F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C9FAC8BC-57FA-4276-9051-ACE4CE9C8B87}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD5F3C78-00B5-4DC0-A8A7-617E60752790}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92704457-23A0-41B2-ACE0-770E92156CBB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7CC227D0-CFBB-4FB2-B921-6FD67AECAB47}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [UDP Query User{A5AEB0D4-84D6-42E9-9544-A8A6AD2508D1}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [TCP Query User{363B4324-8EE0-4D0E-9352-1E695FD0FA8E}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [UDP Query User{868E5372-9337-4DB5-823A-995CBEC3BB08}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [TCP Query User{72C30C3E-ECFB-4644-A601-0D15797CC03A}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [UDP Query User{A43F93B8-923C-4FDB-8A6D-2AD455AC97F7}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [TCP Query User{27941305-0BDE-4267-9424-728F83977ACA}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [UDP Query User{E9EA21FF-91E2-4E38-8A19-A17EE7874871}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [TCP Query User{739BCC6F-181E-4170-8252-4E9C0E5588EA}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{D52887C8-A902-40B3-B287-8F190F6B6FAC}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{29E2F539-CBCD-4348-A2AA-5059E69CD01F}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [UDP Query User{18A74D76-83AD-409A-9548-B4458B6AA7CC}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [{1094284D-104E-424E-BFB9-02D0C3537D2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{71204660-BCA1-453C-B403-C10083A80819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4741B901-D5C8-471D-B94E-C5D54C20C7B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6E04AA46-8713-4E99-AF96-E19316F37866}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C39C8FDB-C23E-4912-A169-F3BE1A67A10C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{659025CC-4B70-4E5E-A0D7-1AE197966DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe
FirewallRules: [{493208C6-757C-4044-8D18-329CB54078EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe
FirewallRules: [{4EDD233B-0FEF-4E8D-BE47-18E79CEDC26D}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CD0CCAB-2CDB-4DDC-9923-17A0EF7B1608}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{592B65F9-E897-48BC-8B53-5F4E61D729CA}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7BD09E46-9A73-4168-ABF6-884658B180C9}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7343664-36A7-4020-96D7-A2766CC73FEB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59ACB803-966D-42C6-9C8A-C18C4E5E4834}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5FF79ABB-8AA2-425F-8DC8-0F149E7CA33A}] => (Allow) LPort=8317
FirewallRules: [{9D7C13EC-1258-4189-9B13-3650B31028AF}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{0BFCAF9C-C19E-4F51-ADE3-B0B75B78B09C}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{B26549F3-0285-4BE5-A813-73C76B8FC52D}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{22793626-828F-457F-90AE-CAAF03073F36}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6E9C4DCD-A237-4846-9287-F0A0F23CF054}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: vJoy Device
Description: vJoy Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Shaul Eizikovich
Service: vjoy
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2017 09:24:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dd4

Start Time: 01d36eb6e71ce51b

Termination Time: 4294967295

Application Path: C:\Users\Mask\Desktop\FRST64.exe

Report Id: 3fbdd3f7-daaa-11e7-8032-d017c29739b7

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/06/2017 09:23:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eb8

Start Time: 01d36eb57afa36fd

Termination Time: 0

Application Path: C:\Users\Mask\Desktop\FRST64.exe

Report Id: 21d7338b-daaa-11e7-8032-d017c29739b7

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/06/2017 09:05:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/06/2017 01:13:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0
Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x57605fbb
Exception code: 0xc0000005
Fault offset: 0x00000000000d45a0
Faulting process id: 0x890
Faulting application start time: 0x01d36e1714d99501
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
Faulting module path: NvMdnsPlugin.dll
Report Id: c1f42691-da65-11e7-8031-d017c29739b7
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/06/2017 01:13:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x000000000003683b
Faulting process id: 0x7ec
Faulting application start time: 0x01d36e1700079767
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: c0be796c-da65-11e7-8031-d017c29739b7
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/05/2017 05:07:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 158c

Start Time: 01d36e29f4657b70

Termination Time: 4294967295

Application Path: C:\Users\Mask\Desktop\FRST64.exe

Report Id: c124ec77-da21-11e7-8031-d017c29739b7

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/05/2017 04:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19b0

Start Time: 01d36e1d13232a51

Termination Time: 74

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: e6cab8cc-da19-11e7-8031-d017c29739b7

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/05/2017 03:15:25 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/05/2017 03:15:25 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/05/2017 03:15:21 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
  Date: 2017-12-06 09:23:15.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-06 09:12:07.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-06 09:11:36.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-12-06 08:30:03.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-12-05 14:59:25.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-05 14:27:12.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-12-05 14:20:20.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-05 14:02:24.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-05 13:42:50.013
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-05 13:29:20.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8350 Eight-Core Processor 
Percentage of memory in use: 11%
Total physical RAM: 32666.98 MB
Available physical RAM: 28946.79 MB
Total Virtual: 65434.98 MB
Available Virtual: 61592.15 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1857.69 GB) (Free:286.63 GB) NTFS
Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive e: (USB DRIVE) (Removable) (Total:3.74 GB) (Free:1.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A977CDC0)
Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1857.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Your USB will do the trick :) Now, open FRST and copy/paste the following inside the text box. Once done, click on the Fix button. A file called fixlog.txt should be created on your desktop afterwards. Attach it here.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
End::

 

Link to post
Share on other sites

Never mind

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by Mask (06-12-2017 11:45:29) Run:1
Running from C:\Users\Mask\AppData\Local\Temp
Loaded Profiles: Mask (Available Profiles: Mask)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo              D:                                         45000     FileInfo                  0     00000003  
FileInfo                                                         45000     FileInfo                  0     00000003  
FileInfo              C:                                         45000     FileInfo                  0     00000003  
FileInfo              E:                                         45000     FileInfo                  0     00000003  
FileInfo              \Device\Mup                                45000     FileInfo                  0     00000003  
ZAM                   D:                                         80681     ZAMDefaultFilter          0     00000000  
ZAM                                                              80681     ZAMDefaultFilter          0     00000000  
ZAM                   C:                                         80681     ZAMDefaultFilter          0     00000000  
ZAM                   E:                                         80681     ZAMDefaultFilter          0     00000000  
ZAM                   \Device\Mup                                80681     ZAMDefaultFilter          0     00000000  
avgMonFlt             D:                                        320730     avgMonFlt Instance        0     00000000  
avgMonFlt                                                       320730     avgMonFlt Instance        0     00000000  
avgMonFlt             C:                                        320730     avgMonFlt Instance        0     00000000  
avgMonFlt             E:                                        320730     avgMonFlt Instance        0     00000000  
avgMonFlt             \Device\Mup                               320730     avgMonFlt Instance        0     00000000  
avgSP                 D:                                        388431     avgSP Instance            0     00000000  
avgSP                                                           388431     avgSP Instance            0     00000000  
avgSP                 C:                                        388431     avgSP Instance            0     00000000  
avgSP                 E:                                        388431     avgSP Instance            0     00000000  
avgSnx                D:                                        137630     avgSnx Instance           0     00000000  
avgSnx                                                          137630     avgSnx Instance           0     00000000  
avgSnx                C:                                        137630     avgSnx Instance           0     00000000  
avgSnx                E:                                        137630     avgSnx Instance           0     00000000  
avgSnx                \Device\Mup                               137630     avgSnx Instance           0     00000000  
epp                   D:                                        328900     epp Instance              0     00000000  
epp                                                             328900     epp Instance              0     00000000  
epp                   C:                                        328900     epp Instance              0     00000000  
epp                   E:                                        328900     epp Instance              0     00000000  
epp                   \Device\Mup                               328900     epp Instance              0     00000000  
lgbrzop               C:                                         45666     lgbrzop Instance          0     00000000  
lgbrzop               \Device\Mup                                45666     lgbrzop Instance          0     00000000  
luafv                 C:                                        135000     luafv                     0     00000003  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
udiskMgr              D:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              C:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              E:                                         45888     udiskMgr Instance         0     00000000  

========= End of CMD: =========


========= dir C:\Windows\system32\drivers =========

 Volume in drive C is Windows
 Volume Serial Number is 1431-BAB0

 Directory of C:\Windows\system32\drivers

12/06/2017  11:37 AM    <DIR>          .
12/06/2017  11:37 AM    <DIR>          ..
08/22/2013  03:38 AM           231,424 1394ohci.sys
12/05/2017  07:44 PM           255,928 332141CA.sys
08/22/2013  04:43 AM           108,896 3ware.sys
12/04/2017  09:12 PM           255,928 775AE746.sys
12/05/2017  12:51 PM           208,216 82601126.sys
11/20/2014  09:14 PM           533,824 acpi.sys
08/22/2013  04:49 AM            79,712 acpiex.sys
08/22/2013  03:38 AM            10,240 acpipagr.sys
08/22/2013  03:38 AM            12,288 acpipmi.sys
08/22/2013  03:38 AM            10,752 acpitime.sys
08/22/2013  04:43 AM           782,176 adp80xx.sys
10/13/2015  09:10 AM           559,616 afd.sys
07/07/2016  02:32 PM            95,744 agilevpn.sys
08/22/2013  04:43 AM            62,304 AGP440.sys
03/19/2015  05:56 PM            80,384 ahcache.sys
08/22/2013  12:46 AM            95,744 amdk8.sys
08/22/2013  12:46 AM            98,816 amdppm.sys
08/22/2013  04:43 AM            79,200 amdsata.sys
08/22/2013  04:43 AM           259,424 amdsbs.sys
08/22/2013  04:43 AM            25,952 amdxata.sys
07/23/2012  09:35 AM            79,528 amd_sata.sys
07/23/2012  09:35 AM            26,280 amd_xata.sys
11/28/2011  02:51 PM            33,872 anvsnddrv.sys
11/20/2014  09:15 PM            82,944 appid.sys
10/25/2012  08:01 AM            22,680 AppleCharger.sys
08/22/2013  04:43 AM           114,016 arcsas.sys
05/27/2017  10:44 AM                 0 asw5C24.tmp
05/27/2017  10:44 AM                 0 asw5C44.tmp
05/27/2017  10:44 AM                 0 asw5C64.tmp
05/27/2017  10:44 AM                 0 asw5CB3.tmp
05/27/2017  10:44 AM                 0 aswEDE8.tmp
05/09/2014  03:05 PM           447,888 aswndisflt.sys.1400169557895
05/09/2014  03:05 PM         1,039,096 aswsnx.sys.1400169557895
05/09/2014  03:05 PM           423,240 aswsp.sys.1400169557895
08/22/2013  03:38 AM            26,624 asyncmac.sys
08/22/2013  04:43 AM            26,464 atapi.sys
08/22/2013  04:43 AM           199,520 ataport.sys
07/15/2012  09:46 PM            17,064 AtiPcie64.sys
11/12/2017  10:38 AM           176,000 avgArPot.sys
11/12/2017  10:36 AM           166,624 avgbdiska.sys
11/12/2017  10:36 AM           314,640 avgbidsdrivera.sys
11/12/2017  10:36 AM           192,584 avgbidsha.sys
11/12/2017  10:36 AM           336,896 avgbloga.sys
11/12/2017  10:36 AM            51,336 avgbuniva.sys
11/12/2017  10:38 AM            39,424 avgHwid.sys
11/12/2017  10:38 AM           140,704 avgMonFlt.sys
07/25/2017  10:50 AM           139,112 avgmonflt.sys.150100864560901
11/12/2017  10:38 AM           102,792 avgRdr2.sys
11/12/2017  10:38 AM            76,832 avgRvrt.sys
11/12/2017  10:37 AM         1,018,648 avgSnx.sys
11/15/2017  10:39 AM           447,800 avgSP.sys
11/12/2017  10:38 AM           196,392 avgStm.sys
11/12/2017  10:38 AM           356,880 avgVmm.sys
07/05/2017  02:45 PM           353,232 avgvmm.sys.149929473165604
08/22/2013  03:39 AM            50,688 BasicDisplay.sys
03/12/2017  07:04 AM            33,792 BasicRender.sys
08/22/2013  04:49 AM            35,168 battc.sys
08/12/2013  03:25 PM            17,624 bcmfn2.sys
08/22/2013  03:40 AM             7,680 beep.sys
10/04/2016  12:39 PM           101,376 bowser.sys
11/20/2014  09:15 PM           115,712 bridge.sys
11/20/2014  08:52 PM            19,456 BtaMPM.sys
01/29/2015  07:01 PM           132,608 BthA2DP.sys
08/22/2013  03:38 AM            36,992 BthAvrcpTg.sys
06/09/2015  02:39 PM            53,248 bthenum.sys
03/08/2015  06:02 PM            57,856 bthhfenum.sys
08/22/2013  03:38 AM            30,720 BthhfHid.sys
11/20/2014  09:14 PM            64,000 bthmodem.sys
07/06/2017  12:52 AM           119,296 bthpan.sys
06/09/2015  02:38 PM         1,201,664 bthport.sys
06/09/2015  02:39 PM            81,920 BTHUSB.SYS
08/22/2013  04:43 AM           531,296 bxvbda.sys
12/05/2016  02:59 AM            11,332 CCEN.txt
08/22/2013  03:40 AM            88,576 cdfs.sys
08/22/2013  12:46 AM           164,352 cdrom.sys
08/22/2013  03:38 AM            44,032 circlass.sys
05/06/2016  01:59 PM           331,608 Classpnp.sys
07/08/2017  12:14 PM           376,672 clfs.sys
08/22/2013  03:39 AM            25,472 CmBatt.sys
10/10/2016  10:18 AM            22,360 cmimcext.sys
01/21/2017  01:37 PM           567,152 cng.sys
08/22/2013  03:38 AM            36,352 CompositeBus.sys
08/22/2013  05:25 AM            43,008 condrv.sys
08/22/2013  04:43 AM            68,960 crashdmp.sys
10/18/2011  11:03 AM            47,616 cyusb.sys
11/04/2014  11:33 AM            58,176 dam.sys
01/10/2017  02:37 PM           138,752 dfsc.sys
07/07/2017  07:14 PM           100,184 disk.sys
08/22/2013  04:43 AM            36,192 Diskdump.sys
08/22/2013  03:40 AM            13,312 Dmpusbstor.sys
08/22/2013  03:37 AM            29,696 dmvsc.sys
10/19/2012  03:52 AM           151,968 Dot4.sys
10/19/2012  03:52 AM            27,040 Dot4Prt.sys
10/19/2012  03:52 AM            49,056 Dot4usb.sys
11/20/2014  09:14 PM            89,088 drmk.sys
11/20/2014  09:14 PM            14,528 drmkaud.sys
03/08/2014  01:32 PM           283,064 dtsoftbus01.sys
08/22/2013  04:39 AM            33,632 Dumpata.sys
06/18/2016  12:06 PM            72,408 dumpfve.sys
03/12/2015  08:03 PM           154,432 dumpsd.sys
10/14/2017  05:04 AM         1,548,624 dxgkrnl.sys
04/09/2017  02:00 PM           388,448 dxgmms1.sys
08/22/2013  04:43 AM            82,784 EhStorClass.sys
08/22/2013  04:43 AM           114,016 EhStorTcgDrv.sys
07/12/2017  01:52 AM    <DIR>          en-US
08/22/2013  03:38 AM            10,240 errdev.sys
04/16/2016  12:22 AM    <DIR>          etc
08/06/2012  11:09 PM            88,832 EtronXHCI.sys
08/22/2013  04:43 AM         3,357,024 evbda.sys
08/22/2013  03:40 AM           200,704 exfat.sys
11/30/2017  09:49 AM           110,016 farflt.sys
08/22/2013  04:49 AM           217,952 fastfat.sys
08/22/2013  03:40 AM            30,720 fdc.sys
11/20/2014  08:52 PM            79,192 fileinfo.sys
08/22/2013  03:39 AM            34,816 filetrace.sys
12/05/2016  02:59 AM            11,488 FJCP.txt
08/22/2013  03:40 AM            25,088 flpydisk.sys
11/20/2014  09:14 PM           354,112 fltMgr.sys
11/20/2014  09:14 PM            61,248 fsdepends.sys
08/22/2013  05:25 AM            30,048 fs_rec.sys
06/18/2016  12:06 PM           590,688 fvevol.sys
06/06/2017  08:25 PM           428,888 FWPKCLNT.SYS
12/08/2015  12:43 PM            70,008 FW_ACC_00U.bin
08/22/2013  12:46 AM            27,136 fxppm.sys
08/22/2013  04:43 AM            65,888 GAGP30KX.SYS
06/18/2013  06:41 AM         3,440,660 gm.dls
06/18/2013  06:41 AM               646 gmreadme.txt
11/20/2014  09:14 PM            76,800 hdaudbus.sys
08/22/2013  03:38 AM           395,776 HdAudio.sys
08/22/2013  03:39 AM            26,624 hidbatt.sys
01/29/2015  07:01 PM            97,792 hidbth.sys
05/13/2016  03:08 PM           111,616 hidclass.sys
08/22/2013  03:37 AM            41,472 hidi2c.sys
08/22/2013  03:39 AM            45,568 hidir.sys
05/05/2015  07:40 AM            17,648 hidkmdf.sys
05/13/2016  03:08 PM            32,512 hidparse.sys
05/13/2016  03:08 PM            32,768 hidusb.sys
08/22/2013  04:43 AM            64,352 HpSAMD.sys
09/14/2017  03:52 PM           986,968 http.sys
08/22/2013  04:39 AM            24,416 hwpolicy.sys
08/22/2013  03:37 AM            13,824 hyperkbd.sys
08/22/2013  03:39 AM            22,016 HyperVideo.sys
11/03/2014  10:54 PM           108,544 i8042prt.sys
07/30/2013  10:47 AM            24,568 iaLPSSi_GPIO.sys
07/25/2013  11:05 AM            99,320 iaLPSSi_I2C.sys
08/09/2013  04:39 PM           651,248 iaStorAV.sys
08/22/2013  04:43 AM           412,000 iaStorV.sys
08/22/2013  04:43 AM            18,272 intelide.sys
10/16/2014  08:56 PM            39,744 intelpep.sys
08/22/2013  12:46 AM            98,816 intelppm.sys
08/22/2013  03:35 AM            84,992 ipfltdrv.sys
02/03/2016  07:14 AM            80,896 IPMIDrv.sys
11/20/2014  08:52 PM           142,848 ipnat.sys
08/22/2013  03:37 AM           118,784 irda.sys
08/22/2013  03:38 AM            17,920 irenum.sys
08/22/2013  04:43 AM            21,856 isapnp.sys
11/04/2014  11:25 AM            59,712 kbdclass.sys
11/03/2014  10:54 PM            32,256 kbdhid.sys
08/22/2013  03:38 AM            19,456 kdnic.sys
11/20/2014  09:15 PM           295,424 ks.sys
08/22/2016  08:06 AM           100,184 ksecdd.sys
05/18/2016  03:16 PM           178,016 ksecpkg.sys
08/22/2013  03:39 AM            21,248 ksthunk.sys
11/23/2014  04:20 PM            43,456 libusb0.sys
08/22/2013  03:36 AM            59,392 lltdio.sys
08/22/2013  04:43 AM           109,408 lsi_sas.sys
08/22/2013  04:43 AM            93,536 lsi_sas2.sys
08/22/2013  04:43 AM            81,760 lsi_sas3.sys
08/22/2013  04:43 AM            82,784 lsi_sss.sys
10/10/2017  08:36 AM           124,416 luafv.sys
11/01/2017  08:54 AM            77,432 mbae64.sys
11/30/2017  09:49 AM            46,008 mbam.sys
12/05/2017  07:43 PM           192,952 MbamChameleon.sys
08/22/2013  03:39 AM            22,016 mcd.sys
08/22/2013  04:43 AM            56,672 megasas.sys
08/22/2013  04:43 AM           575,840 megasr.sys
08/22/2013  03:40 AM            40,960 modem.sys
08/22/2013  03:36 AM            30,208 monitor.sys
11/04/2014  11:25 AM            51,008 mouclass.sys
11/03/2014  10:54 PM            30,208 mouhid.sys
05/10/2017  10:19 AM           101,720 mountmgr.sys
11/20/2014  09:15 PM            74,240 mpsdrv.sys
09/08/2016  06:00 AM           140,800 mrxdav.sys
06/14/2017  09:29 AM           401,408 mrxsmb.sys
09/07/2017  01:32 PM           285,184 mrxsmb10.sys
06/14/2017  09:29 AM           201,728 mrxsmb20.sys
08/22/2013  05:25 AM            30,208 msfs.sys
06/18/2013  06:52 AM                 3 MsftWdf_Kernel_01013_Inbox_Critical.Wdf
06/18/2013  07:20 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
11/20/2014  09:15 PM           146,752 msgpioclx.sys
08/22/2013  04:43 AM            41,824 msgpiowin32.sys
08/22/2013  03:39 AM             8,192 mshidkmdf.sys
08/22/2013  03:39 AM             9,728 mshidumdf.sys
08/22/2013  04:43 AM            17,248 msisadrv.sys
06/11/2017  04:14 PM           276,320 msiscsi.sys
08/22/2013  03:39 AM            10,624 mskssrv.sys
11/20/2014  09:15 PM            66,560 mslldp.sys
08/22/2013  03:39 AM             7,040 mspclock.sys
08/22/2013  03:39 AM             6,784 mspqm.sys
08/22/2013  05:25 AM           366,432 msrpc.sys
08/22/2013  04:49 AM            37,728 mssmbios.sys
08/22/2013  03:38 AM             7,936 mstee.sys
12/08/2015  01:53 PM           376,200 mt7612US.sys
08/22/2013  03:37 AM            13,312 MTConfig.sys
04/06/2016  01:21 PM           114,528 mup.sys
08/22/2013  04:43 AM            63,840 mvumis.sys
11/30/2017  09:49 AM            94,144 mwac.sys
01/18/2017  06:18 PM         1,113,944 ndis.sys
11/20/2014  09:15 PM            43,008 ndiscap.sys
11/20/2014  09:15 PM           126,464 NdisImPlatform.sys
11/07/2014  08:00 PM            24,576 ndistapi.sys
08/22/2013  03:37 AM            60,416 ndisuio.sys
08/22/2013  03:36 AM            16,384 NdisVirtualBus.sys
04/05/2016  02:37 PM           205,824 ndiswan.sys
01/05/2015  07:01 PM            72,192 ndproxy.sys
11/20/2014  09:15 PM           103,424 Ndu.sys
11/20/2014  09:15 PM            48,128 netbios.sys
08/10/2017  07:27 PM           281,600 netbt.sys
05/31/2017  01:20 PM           470,360 netio.sys
11/20/2014  09:14 PM            87,040 netvsc63.sys
12/06/2017  11:36 AM           140,112 nihfilos.sys
07/15/2010  04:45 PM            35,344 npf.sys
08/22/2013  05:25 AM            58,880 npfs.sys
08/22/2013  03:38 AM            23,040 npsvctrig.sys
08/13/2017  09:19 AM            40,960 nsiproxy.sys
10/16/2017  10:38 AM         2,013,016 ntfs.sys
08/22/2013  05:25 AM             5,632 null.sys
07/15/2016  10:15 AM           214,592 nvhda64v.sys
07/10/2016  06:13 PM        13,581,880 nvlddmkm.sys
08/22/2013  04:43 AM           150,368 nvraid.sys
08/22/2013  04:43 AM           168,288 nvstor.sys
04/13/2016  09:38 PM            56,384 nvvad64v.sys
08/22/2013  04:43 AM           124,768 NV_AGP.SYS
09/13/2017  05:32 AM           445,952 nwifi.sys
11/20/2014  09:15 PM           151,040 pacer.sys
05/24/2012  01:51 PM            71,544 paeusbaudiodsp_x64.sys
05/24/2012  01:51 PM            53,112 paeusbaudioks_x64.sys
05/24/2012  01:51 PM           252,280 paeusbaudio_x64.sys
08/11/2016  10:33 AM            96,256 parport.sys
11/20/2014  09:14 PM            88,896 partmgr.sys
11/20/2014  09:14 PM           280,384 pci.sys
08/22/2013  04:43 AM            14,688 pciide.sys
08/22/2013  04:43 AM            48,992 pciidex.sys
08/22/2013  04:49 AM           114,528 pcmcia.sys
08/22/2013  04:39 AM            50,016 pcw.sys
07/07/2017  07:16 PM            86,360 pdc.sys
11/20/2014  08:52 PM           663,040 PEAuth.sys
12/05/2016  02:59 AM            14,443 PHY_REG_PG.txt
11/20/2014  09:14 PM           272,384 portcls.sys
08/22/2013  12:46 AM            92,160 processr.sys
11/20/2014  09:15 PM            47,104 qwavedrv.sys
11/20/2014  09:15 PM            17,408 rasacd.sys
02/02/2016  10:16 AM           112,640 rasl2tp.sys
08/22/2013  03:36 AM            84,992 raspppoe.sys
08/22/2013  03:35 AM           107,520 raspptp.sys
11/20/2014  09:15 PM            93,696 rassstp.sys
04/06/2016  10:20 AM           402,432 rdbss.sys
08/22/2013  03:38 AM            22,528 rdpbus.sys
11/20/2014  08:20 PM           195,584 rdpdr.sys
11/20/2014  09:16 PM            27,456 rdpvideominiport.sys
11/20/2014  08:52 PM           249,688 rdyboost.sys
10/12/2016  01:11 PM           922,968 refs.sys
01/29/2015  07:00 PM           167,424 rfcomm.sys
05/14/2007  04:06 PM            27,520 RimUsb_AMD64.sys
11/05/2015  12:59 AM           145,408 rmcast.sys
08/22/2013  03:38 AM            32,256 RNDISMP.sys
11/20/2014  09:15 PM            11,776 rootmdm.sys
08/22/2013  03:36 AM            80,384 rspndr.sys
06/18/2013  06:46 AM           591,360 Rt630x64.sys
10/30/2012  12:43 AM           369,117 RTAIODAT.DAT
10/30/2012  01:59 AM         4,201,104 RTKVHD64.sys
06/18/2013  06:46 AM           694,856 RTL8192su.sys
12/05/2016  07:03 AM         5,632,528 rtwlanu.sys
08/22/2013  04:39 AM           107,872 sbp2port.sys
12/24/2016  05:21 PM            40,960 scfilter.sys
08/22/2013  04:43 AM           170,848 scsiport.sys
03/12/2015  08:03 PM           239,424 sdbus.sys
11/20/2014  08:52 PM            79,192 sdstor.sys
08/22/2013  07:35 AM            23,040 secdrv.sys
08/22/2013  04:43 AM            69,472 SerCx.sys
11/20/2014  08:52 PM           146,776 SerCx2.sys
08/11/2016  10:33 AM            23,040 serenum.sys
08/11/2016  10:33 AM            83,456 serial.sys
11/03/2014  10:55 PM            26,112 sermouse.sys
08/22/2013  03:40 AM            17,408 sfloppy.sys
08/22/2013  04:43 AM            44,896 sisraid2.sys
08/22/2013  04:43 AM            81,760 sisraid4.sys
08/22/2013  03:40 AM            19,968 smclib.sys
01/11/2017  09:28 AM           422,744 spaceport.sys
08/22/2013  04:43 AM            72,032 SpbCx.sys
09/07/2017  01:33 PM           415,744 srv.sys
09/07/2017  01:33 PM           686,592 srv2.sys
09/07/2017  01:32 PM           243,200 srvnet.sys
08/22/2013  04:43 AM            31,072 stexstor.sys
08/22/2013  04:43 AM           107,872 storahci.sys
05/15/2017  02:09 PM            57,688 stornvme.sys
10/04/2017  11:17 PM           380,248 storport.sys
08/22/2013  04:36 AM            45,888 storvsc.sys
08/22/2013  03:39 AM            67,584 stream.sys
11/20/2014  09:14 PM            14,144 swenum.sys
08/22/2013  03:39 AM            29,696 tape.sys
11/20/2014  09:14 PM            21,824 tbs.sys
06/07/2017  05:48 PM         2,457,936 tcpip.sys
11/20/2014  09:54 PM            49,152 tcpipreg.sys
08/22/2013  05:25 AM            30,208 tdi.sys
08/01/2017  07:17 PM           107,520 tdx.sys
11/20/2014  08:20 PM            37,216 terminpt.sys
08/31/2016  11:59 AM            41,016 teVirtualMIDI64.sys
05/15/2017  11:58 AM           121,184 tm.sys
09/29/2015  04:24 AM           155,480 tpm.sys
12/05/2017  07:12 PM            28,272 TrueSight.sys
08/22/2013  03:37 AM            56,320 TsUsbFlt.sys
11/20/2014  09:14 PM            29,696 TsUsbGD.sys
09/04/2015  11:24 AM           154,112 tunnel.sys
08/22/2013  04:43 AM            64,864 UAGP35.SYS
08/22/2013  04:43 AM            74,080 uaspstor.sys
11/20/2014  09:14 PM           189,248 UCX01000.SYS
03/12/2015  06:02 PM           316,416 udfs.sys
08/22/2013  04:39 AM            26,976 uefi.sys
08/22/2013  04:43 AM            65,888 ULIAGPKX.SYS
08/22/2013  03:38 AM            46,080 umbus.sys
03/19/2015  07:37 PM    <DIR>          UMDF
08/22/2013  03:38 AM            11,776 umpass.sys
08/16/2016  03:18 AM           159,936 usb2ser.sys
04/24/2015  06:25 PM            20,992 usb8023.sys
06/10/2015  10:08 PM            54,784 usbaapl64.sys
11/20/2014  08:52 PM           121,088 USBAUDIO.sys
08/22/2013  03:39 AM            32,512 USBCAMD2.sys
09/06/2017  03:07 PM           158,552 usbccgp.sys
11/20/2014  09:14 PM            98,304 usbcir.sys
10/10/2015  10:34 PM            27,992 usbd.sys
01/08/2016  05:38 PM            91,992 usbehci.sys
06/18/2012  02:07 PM            57,000 usbfilter.sys
09/06/2017  01:17 PM           461,144 usbhub.sys
10/10/2015  10:34 PM           468,824 USBHUB3.SYS
10/10/2015  10:41 AM            30,208 usbohci.sys
09/06/2017  01:17 PM           443,224 usbport.sys
08/22/2013  03:36 AM            26,112 usbprint.sys
08/22/2013  03:39 AM            30,720 usbrpm.sys
11/20/2014  09:14 PM            44,544 usbscan.sys
01/31/2016  11:16 AM           148,832 USBSTOR.SYS
10/10/2015  10:41 AM            37,376 usbuhci.sys
04/15/2015  10:17 PM           325,464 USBXHCI.SYS
09/23/2013  03:19 AM            31,440 uxstyle.sys
08/22/2013  04:37 AM            37,728 vdrvroot.sys
11/20/2014  08:52 PM           175,960 VerifierExt.sys
10/09/2016  02:59 PM           551,256 vhdmp.sys
08/22/2013  04:43 AM            19,808 viaide.sys
08/22/2013  03:39 AM            49,152 videoprt.sys
05/05/2015  07:40 AM            44,784 vjoy.sys
11/20/2014  09:14 PM            89,368 vmbkmcl.sys
11/20/2014  09:14 PM            97,048 vmbus.sys
08/22/2013  03:37 AM            21,760 VMBusHID.sys
08/22/2013  03:38 AM            11,264 vmgencounter.sys
08/22/2013  03:38 AM             7,168 vms3cap.sys
11/20/2014  09:14 PM            49,944 vmstorfl.sys
04/10/2016  10:21 PM            74,584 volmgr.sys
07/07/2017  07:46 PM           377,688 volmgrx.sys
03/14/2016  08:50 AM           316,760 volsnap.sys
01/26/2016  11:15 AM            72,024 vpci.sys
08/22/2013  04:43 AM           168,800 vsmraid.sys
08/22/2013  04:43 AM           305,504 VSTXRAID.SYS
08/12/2016  04:03 PM            24,576 vwifibus.sys
08/12/2016  04:02 PM            71,680 vwififlt.sys
08/12/2016  04:01 PM            38,912 vwifimp.sys
08/22/2013  03:39 AM            26,752 wacompen.sys
01/05/2015  06:59 PM            80,896 wanarp.sys
11/20/2014  08:52 PM            54,272 watchdog.sys
02/10/2017  06:37 AM            46,600 WdBoot.sys
08/22/2013  05:25 AM           839,488 Wdf01000.sys
12/08/2015  01:53 PM         1,804,696 WdfCoInstaller01011.dll
01/12/2017  08:51 AM           274,776 WdFilter.sys
08/22/2013  05:25 AM            60,224 WdfLdr.sys
01/12/2017  08:51 AM           117,592 WdNisDrv.sys
08/22/2013  04:39 AM            38,240 werkernel.sys
11/10/2014  10:06 AM           136,512 wfplwfs.sys
11/20/2014  09:14 PM            33,600 wimmount.sys
11/20/2014  09:14 PM            61,208 winhv.sys
10/10/2015  10:40 AM            78,848 winusb.sys
08/22/2013  03:40 AM            16,384 wmiacpi.sys
08/22/2013  05:25 AM            18,272 wmilib.sys
11/20/2014  09:16 PM           157,016 wof.sys
11/20/2014  09:16 PM            54,784 wpcfltr.sys
08/22/2013  04:36 AM            26,976 WpdUpFltr.sys
08/22/2013  05:25 AM            23,392 WppRecorder.sys
08/22/2013  03:40 AM            21,504 ws2ifsl.sys
11/20/2014  09:15 PM           113,664 WUDFPf.sys
11/20/2014  09:15 PM           226,304 WUDFRd.sys
02/22/2016  11:05 PM            42,760 xb1usb.sys
12/08/2015  01:53 PM           243,080 xboxgip.sys
12/08/2015  01:53 PM            39,312 xinputhid.sys
07/02/2014  07:49 PM            26,200 xspltspk.sys
03/07/2017  02:06 PM           136,432 ysusb_w8_1_64.sys
12/05/2017  01:17 AM           203,680 zam64.sys
12/05/2017  01:17 AM           203,680 zamguard64.sys
             392 File(s)     91,688,252 bytes
               5 Dir(s)  307,734,278,144 bytes free

========= End of CMD: =========


==== End of Fixlog 11:45:31 ====

Link to post
Share on other sites

Alright. For the next part, you'll need to download FRST.exe and the fixlist.txt on another computer and move them on the USB from there.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

fixlist.txt

Edited by Aura
Link to post
Share on other sites

I re downloaded the file on another laptop and this time it worked.

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2017
Ran by SYSTEM (07-12-2017 12:07:32) Run:2
Running from y:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\lgbrzop

R3 udiskMgr; system32\drivers\cfimps.sys [X]

C:\Users\Mask\AppData\Local\eai
C:\Users\Mask\AppData\Local\igfxmtc
C:\Users\Mask\AppData\Local\secohpr
C:\Users\Mask\AppData\Local\lsntize
C:\Users\Mask\AppData\Local\Temp\ndfapi.exe
C:\Users\Mask\AppData\Roaming\et
C:\WINDOWS\system32\wdbuzxi
C:\WINDOWS\System32\exenisrsvc.exe
C:\WINDOWS\system32\Drivers\nih*.sys
C:\WINDOWS\SysWOW64\wdbuzxi
*****************

"HKLM\SYSTEM\ControlSet001\Services\lgbrzop" => removed successfully
"HKLM\System\ControlSet001\Services\udiskMgr" => removed successfully
udiskMgr => service removed successfully
C:\Users\Mask\AppData\Local\eai => moved successfully
C:\Users\Mask\AppData\Local\igfxmtc => moved successfully
C:\Users\Mask\AppData\Local\secohpr => moved successfully
C:\Users\Mask\AppData\Local\lsntize => moved successfully
"C:\Users\Mask\AppData\Local\Temp\ndfapi.exe" => not found.
C:\Users\Mask\AppData\Roaming\et => moved successfully
C:\WINDOWS\system32\wdbuzxi => moved successfully
C:\WINDOWS\System32\exenisrsvc.exe => moved successfully

=========== "C:\WINDOWS\system32\Drivers\nih*.sys" ==========

C:\WINDOWS\system32\Drivers\nihlosvy.sys => moved successfully

========= End -> "C:\WINDOWS\system32\Drivers\nih*.sys" ========

C:\WINDOWS\SysWOW64\wdbuzxi => moved successfully

==== End of Fixlog 12:07:40 ====

 

Fixlog.txt

Edited by Masked
Link to post
Share on other sites

Awesome! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Link to post
Share on other sites

Oh my gosh it worked! No more igfxmtc, Isntize and other viruses, thank you, thank you, and thank you!

Here's the export summary :)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/7/17
Scan Time: 5:10 PM
Log File: a110ba4c-dbb4-11e7-8671-d017c29739b7.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3419
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tony\Mask

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295899
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 7 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

That's good news :) Now let's do a sweep with AdwCleaner and RogueKiller.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

Link to post
Share on other sites

AdwareClearner clean log

# AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 08 02:39:00 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-06-2017.1
# Running on Windows 8.1 Single Language (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4744 B] - [2017/12/2 20:43:45]
C:/AdwCleaner/AdwCleaner[C1].txt - [1419 B] - [2017/12/2 20:51:41]
C:/AdwCleaner/AdwCleaner[C2].txt - [1671 B] - [2017/12/5 22:13:33]
C:/AdwCleaner/AdwCleaner[S0].txt - [5164 B] - [2017/12/2 20:41:8]
C:/AdwCleaner/AdwCleaner[S1].txt - [1258 B] - [2017/12/2 20:51:25]
C:/AdwCleaner/AdwCleaner[S2].txt - [1228 B] - [2017/12/2 21:6:48]
C:/AdwCleaner/AdwCleaner[S3].txt - [1295 B] - [2017/12/3 0:16:47]
C:/AdwCleaner/AdwCleaner[S4].txt - [1362 B] - [2017/12/5 0:13:42]
C:/AdwCleaner/AdwCleaner[S5].txt - [1429 B] - [2017/12/5 10:39:7]
C:/AdwCleaner/AdwCleaner[S6].txt - [1515 B] - [2017/12/5 22:8:8]


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt ##########

Link to post
Share on other sites

RogueKiller clean log

RogueKiller V12.11.27.0 (x64) [Dec  4 2017] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Mask [Administrator]
Started from : C:\Users\Mask\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 12/07/2017 18:43:30 (Duration : 00:41:58)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] de1598a9d486893f1dab824479b3ec80
[BSP] 5273890d4c1fba6617cf65e3d8e1e970 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 923648 | Size: 1902277 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 3896786944 | Size: 5000 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017
Ran by Mask (administrator) on TONY (08-12-2017 09:07:11)
Running from C:\Users\Mask\Desktop
Loaded Profiles: Mask (Available Profiles: Mask)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\WINDOWS\runSW.exe
(Realtek) C:\WINDOWS\SwUSB.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Flux Software LLC) C:\Users\Mask\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [uTorrent] => C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-04] (BitTorrent Inc.)
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\MountPoints2: {0a3756e0-18ae-11e5-bef2-f065dd6449f8} - "D:\LaunchU3.exe" -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C31A6F0A-842F-4E34-9E92-04E018C7F29D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DB1B3F01-A4ED-475E-A9AF-E28E365A8A0D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-31] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\Mask\AppData\Roaming\Mozilla\Firefox\Profiles\64vbxj6y.default-1468980204841 [2017-12-05]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default [2017-12-08]
CHR Extension: (Slides) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04]
CHR Extension: (YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-04]
CHR Extension: (Tampermonkey) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14]
CHR Extension: (Dark Reader) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2017-09-20]
CHR Extension: (uBlock) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-04-04]
CHR Extension: (Sheets) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-12-07]
CHR Extension: (Gmail) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-22]
CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22]
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-22]
CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22]
CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-09-13] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-12] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 RunSwUSB; C:\WINDOWS\runSW.exe [44760 2014-12-12] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 01679346; C:\WINDOWS\System32\drivers\82601126.sys [208216 2017-12-05] (Kaspersky Lab, GERT)
S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-11-12] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-11-12] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-11-12] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-11-12] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-03-08] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-12-06] ()
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [43456 2014-11-23] (hxxp://libusb-win32.sourceforge.net)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-30] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-30] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-30] (Malwarebytes)
S3 mt7612US; C:\WINDOWS\system32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
S3 NSTDUSB3; C:\WINDOWS\System32\Drivers\cyusb.sys [47616 2011-10-18] (Cypress Semiconductor)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] ()
S3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] ()
S3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] ()
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [5632528 2016-12-05] (Realtek Semiconductor Corporation )
R3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [28272 2017-12-07] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [42760 2016-02-22] (Microsoft Corporation)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 ysusb_w8_1_64; C:\WINDOWS\system32\drivers\ysusb_w8_1_64.sys [136432 2017-03-07] (Yamaha Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-05] (Zemana Ltd.)
U0 aswVmm; no ImagePath
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-08 09:07 - 2017-12-08 09:08 - 000019980 _____ C:\Users\Mask\Desktop\FRST.txt
2017-12-07 18:42 - 2017-12-07 18:42 - 000001630 _____ C:\Users\Mask\Desktop\New Text Document.txt
2017-12-07 18:40 - 2017-12-07 18:41 - 026851912 _____ (Adlice Software) C:\Users\Mask\Desktop\RogueKiller_portable64.exe
2017-12-07 18:37 - 2017-12-07 18:37 - 008172032 _____ (Malwarebytes) C:\Users\Mask\Desktop\AdwCleaner.exe
2017-12-06 18:27 - 2017-12-06 18:36 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-06 11:28 - 2017-12-08 09:06 - 000000000 ____D C:\Users\Mask\Desktop\FRST-OlderVersion
2017-12-06 09:12 - 2017-12-08 09:06 - 002390528 _____ (Farbar) C:\Users\Mask\Desktop\FRST64.exe
2017-12-05 19:44 - 2017-12-05 19:44 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\332141CA.sys
2017-12-05 19:42 - 2017-12-05 22:05 - 000000000 ____D C:\Users\Mask\Desktop\mbar
2017-12-05 19:41 - 2017-12-05 19:41 - 014161479 _____ C:\Users\Mask\Desktop\mbar-1.10.3.1001-nr.exe
2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\ProgramData\IObit
2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\Program Files (x86)\IObit
2017-12-05 15:00 - 2017-12-05 15:13 - 000000000 ____D C:\EEK
2017-12-05 14:54 - 2017-12-05 14:54 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-12-05 13:43 - 2017-12-08 00:47 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-05 13:02 - 2017-12-05 13:02 - 000000000 ____D C:\WINDOWS\pss
2017-12-05 12:54 - 2017-12-05 12:55 - 000003690 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.54.22_log.txt
2017-12-05 12:51 - 2017-12-05 12:51 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\82601126.sys
2017-12-05 12:51 - 2017-12-05 12:51 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-12-05 12:50 - 2017-12-05 12:51 - 000160444 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.50.08_log.txt
2017-12-05 11:15 - 2017-12-05 11:15 - 000000576 _____ C:\Users\Mask\Documents\Quarantine_171205-111500.txt
2017-12-05 09:26 - 2017-12-07 17:50 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-12-05 01:22 - 2017-12-05 01:22 - 000003190 _____ C:\WINDOWS\System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9}
2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-12-04 21:12 - 2017-12-04 21:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\775AE746.sys
2017-12-04 21:10 - 2017-12-06 01:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-04 21:10 - 2017-12-05 19:43 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-04 20:47 - 2017-12-04 21:24 - 000000000 ____D C:\Program Files (x86)\Task Killer
2017-12-04 20:47 - 2017-12-04 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Killer
2017-12-04 19:57 - 2017-12-05 09:20 - 000000000 ____D C:\Users\Mask\AppData\LocalLow\uTorrent
2017-12-04 19:24 - 2017-12-05 14:54 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-04 19:14 - 2017-12-04 19:14 - 000106051 _____ C:\Users\Mask\Documents\bookmarks_12_4_17.html
2017-12-04 16:24 - 2017-12-08 09:07 - 000000000 ____D C:\FRST
2017-12-02 17:40 - 2017-12-07 18:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-02 17:39 - 2017-12-02 18:27 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-02 13:41 - 2017-12-02 13:41 - 000000000 ____D C:\ProgramData\dbg
2017-12-02 13:36 - 2017-12-08 09:08 - 000051828 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-02 13:36 - 2017-12-08 09:08 - 000022330 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-02 13:36 - 2017-12-08 00:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-02 13:36 - 2017-12-02 13:36 - 000000000 ____D C:\Users\Mask\AppData\Local\Zemana
2017-12-02 13:18 - 2017-12-07 18:00 - 000004130 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-02 12:37 - 2017-12-07 18:39 - 000000000 ____D C:\AdwCleaner
2017-12-01 13:54 - 2017-12-01 13:54 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-11-29 08:49 - 2017-11-30 09:49 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-29 08:49 - 2017-11-30 09:49 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-26 20:35 - 2017-11-26 20:35 - 000000000 ___HD C:\$AV_AVG
2017-11-23 11:52 - 2017-11-23 11:52 - 000099876 _____ C:\Users\Mask\Downloads\bookmarks_11_23_17.html
2017-11-22 17:16 - 2017-11-30 09:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-20 19:09 - 2017-12-08 01:12 - 000000000 ____D C:\Users\Mask\Desktop\Flip&Staw
2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-11-20 17:17 - 2016-12-05 07:03 - 005632528 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys
2017-11-20 17:17 - 2016-12-05 02:59 - 000014443 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt
2017-11-20 17:17 - 2016-12-05 02:59 - 000011488 _____ C:\WINDOWS\system32\Drivers\FJCP.txt
2017-11-20 17:17 - 2016-12-05 02:59 - 000011332 _____ C:\WINDOWS\system32\Drivers\CCEN.txt
2017-11-20 17:17 - 2016-06-30 16:21 - 000454360 _____ (Realtek) C:\WINDOWS\SwUSB.exe
2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe
2017-11-17 01:49 - 2017-11-17 01:49 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-15 16:27 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\AppData\Roaming\iZotope
2017-11-15 16:01 - 2017-11-15 16:01 - 000001637 _____ C:\Users\Public\Desktop\RX 6 Audio Editor (64-bit).lnk
2017-11-15 15:58 - 2017-11-15 16:07 - 000000000 ____D C:\Program Files (x86)\Vstplugins
2017-11-15 15:58 - 2017-11-15 16:00 - 000000000 ____D C:\Program Files\Vstplugins
2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\VST3
2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\Avid
2017-11-15 15:57 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\Documents\iZotope
2017-11-15 15:57 - 2017-11-15 15:57 - 000000000 ____D C:\Program Files (x86)\iZotope
2017-11-15 14:14 - 2017-11-15 15:51 - 000000000 ____D C:\Users\Mask\AppData\Local\ImpaqSpeed
2017-11-15 08:26 - 2017-10-17 11:11 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 08:26 - 2017-10-16 10:38 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 08:26 - 2017-10-14 05:04 - 001548624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 08:26 - 2017-10-14 00:38 - 025731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 08:26 - 2017-10-14 00:23 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-11-15 08:26 - 2017-10-14 00:13 - 002903552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-11-15 08:26 - 2017-10-14 00:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 08:26 - 2017-10-14 00:09 - 005979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 08:26 - 2017-10-14 00:01 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 08:26 - 2017-10-13 23:36 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-11-15 08:26 - 2017-10-13 23:31 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-11-15 08:26 - 2017-10-13 23:30 - 015266816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 08:26 - 2017-10-13 23:30 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 08:26 - 2017-10-13 23:30 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 08:26 - 2017-10-13 23:29 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 08:26 - 2017-10-13 23:27 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 08:26 - 2017-10-13 23:21 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 08:26 - 2017-10-13 23:14 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 08:26 - 2017-10-13 23:09 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-15 08:26 - 2017-10-13 23:05 - 015431680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 08:26 - 2017-10-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-11-15 08:26 - 2017-10-13 22:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 08:26 - 2017-10-13 22:50 - 002293760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-11-15 08:26 - 2017-10-13 22:45 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 08:26 - 2017-10-13 22:33 - 004542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 08:26 - 2017-10-13 22:28 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 08:26 - 2017-10-13 22:28 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-11-15 08:26 - 2017-10-13 22:25 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-11-15 08:26 - 2017-10-13 22:24 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 08:26 - 2017-10-13 22:24 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 08:26 - 2017-10-13 22:23 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 08:26 - 2017-10-13 22:14 - 013317632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 08:26 - 2017-10-13 22:10 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 08:26 - 2017-10-13 22:07 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-15 08:26 - 2017-10-13 22:04 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-11-15 08:26 - 2017-10-10 08:36 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 08:26 - 2017-10-10 07:38 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 08:26 - 2017-10-10 07:38 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-11-15 08:26 - 2017-10-10 07:11 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 08:26 - 2017-10-10 07:08 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-11-15 08:26 - 2017-10-04 23:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 08:26 - 2017-09-14 15:52 - 000986968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-11-15 08:26 - 2017-09-08 09:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-11-15 08:26 - 2017-09-08 08:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-11-15 08:26 - 2017-09-07 19:31 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-11-15 08:26 - 2017-09-07 19:28 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-11-15 08:26 - 2017-09-07 13:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-11-15 08:26 - 2017-09-07 11:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\system32\locale.nls
2017-11-15 08:26 - 2017-09-07 05:40 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-11-15 08:26 - 2017-09-07 05:40 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-11-15 08:26 - 2017-09-06 15:07 - 000158552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-11-15 08:26 - 2017-09-06 13:17 - 000461144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-11-15 08:26 - 2017-09-06 13:17 - 000443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-11-15 08:26 - 2017-09-06 06:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-11-15 08:26 - 2017-08-10 17:39 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-11-15 08:26 - 2017-08-10 17:30 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-11-15 08:18 - 2017-10-10 23:35 - 000143016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 08:18 - 2017-10-10 07:21 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 002023936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 08:18 - 2017-10-10 05:18 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 08:18 - 2017-10-10 05:18 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\ProgramData\Yamaha_Uninstaller
2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\Program Files (x86)\Yamaha
2017-11-12 10:39 - 2017-11-12 10:39 - 000001951 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-11-12 10:39 - 2017-11-12 10:38 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-11-12 10:39 - 2017-11-12 10:38 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-11-11 11:25 - 2017-11-11 11:25 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_xinputhid_01011.Wdf
2017-11-10 22:21 - 2017-11-10 22:21 - 000000000 ____D C:\Program Files\Tobias Erichsen

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-08 09:07 - 2013-10-22 21:29 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2499287152-2841305583-4123039165-1002
2017-12-08 09:04 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-08 09:03 - 2013-11-14 13:31 - 000000000 ____D C:\Users\Mask\AppData\Roaming\ClassicShell
2017-12-08 09:02 - 2015-01-28 01:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-08 09:02 - 2013-08-22 06:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-08 00:48 - 2014-04-26 00:55 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-07 23:50 - 2014-11-20 20:44 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-07 23:50 - 2013-08-22 05:36 - 000000000 ____D C:\WINDOWS\Inf
2017-12-07 18:20 - 2013-11-15 12:03 - 000000000 ____D C:\Users\Mask\AppData\Local\CrashDumps
2017-12-07 17:59 - 2017-05-27 10:44 - 000004178 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-07 17:49 - 2015-01-28 01:17 - 000000000 ____D C:\Users\Mask
2017-12-06 18:55 - 2013-08-22 05:25 - 016515072 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-06 15:47 - 2017-09-26 18:04 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-06 12:08 - 2016-09-25 20:24 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-05 16:50 - 2013-08-26 22:27 - 000000000 ____D C:\Users\Mask\Desktop\Youtube Files,turtle beach etc
2017-12-05 13:09 - 2013-10-27 19:55 - 000000000 ____D C:\Users\Mask\AppData\Local\ElevatedDiagnostics
2017-12-05 09:20 - 2016-10-23 13:09 - 000000000 ____D C:\Users\Mask\AppData\Roaming\uTorrent
2017-12-04 21:12 - 2015-08-01 01:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-03 02:57 - 2013-08-22 05:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-12-02 21:44 - 2015-01-31 04:56 - 005876224 ___SH C:\Users\Mask\Desktop\Thumbs.db
2017-12-02 16:52 - 2012-07-25 23:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-02 16:36 - 2013-10-22 21:23 - 000000000 ____D C:\Users\Mask\AppData\Local\Packages
2017-12-02 16:36 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-02 13:18 - 2013-10-23 22:52 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-02 13:18 - 2013-10-23 22:52 - 000000000 ____D C:\Program Files\CCleaner
2017-12-01 14:03 - 2013-08-22 07:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-30 21:59 - 2017-09-11 19:06 - 000001224 _____ C:\Users\Mask\Desktop\Roblox Studio.lnk
2017-11-30 21:59 - 2017-09-11 19:06 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-30 00:17 - 2017-06-05 14:14 - 000000000 ____D C:\Users\Mask\Desktop\NSMB2 Files
2017-11-29 16:53 - 2013-10-25 11:18 - 000000000 ____D C:\Users\Mask\AppData\Roaming\vlc
2017-11-27 23:37 - 2013-10-27 20:08 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Audacity
2017-11-25 22:39 - 2015-04-03 15:00 - 000000000 ____D C:\Users\Mask\Desktop\Dxtory
2017-11-24 12:10 - 2010-01-31 14:00 - 000000000 ____D C:\Users\Mask\Desktop\OpenHardwareMonitor
2017-11-23 18:15 - 2015-08-20 17:08 - 000000000 ____D C:\Users\Mask\Desktop\Pc Games
2017-11-20 17:17 - 2013-10-23 21:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-19 18:52 - 2013-10-24 09:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-19 18:48 - 2017-10-10 23:10 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-19 18:48 - 2016-04-13 12:44 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 01:49 - 2017-09-26 18:04 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-16 09:33 - 2013-08-22 06:44 - 000525280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-16 02:53 - 2015-04-16 14:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 13:28 - 2016-04-04 20:17 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 10:39 - 2017-05-27 10:44 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-11-14 16:18 - 2016-04-14 00:57 - 000001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-11-14 16:18 - 2016-04-14 00:57 - 000000990 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-11-14 16:18 - 2016-04-14 00:57 - 000000000 ____D C:\Program Files (x86)\Audacity
2017-11-14 09:28 - 2017-06-28 13:56 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 09:28 - 2017-06-28 13:55 - 000004464 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-13 13:31 - 2016-04-04 20:16 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 13:31 - 2016-04-04 20:16 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-12 10:38 - 2017-05-27 10:44 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-11-12 10:38 - 2017-05-27 10:44 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-11-12 10:37 - 2017-05-27 10:44 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-11-12 10:36 - 2017-05-27 10:44 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-11-12 10:11 - 2016-12-06 15:48 - 000000000 ____D C:\ProgramData\PreSonus
2017-11-11 01:10 - 2017-11-06 23:22 - 000000000 ____D C:\Users\Mask\AppData\Roaming\DarkAudacity

==================== Files in the root of some directories =======

2013-02-16 19:27 - 2013-02-16 19:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2017-03-16 16:47 - 2017-03-16 16:47 - 000000132 _____ () C:\Users\Mask\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-12-29 18:29 - 2013-12-29 18:47 - 000099384 _____ () C:\Users\Mask\AppData\Roaming\inst.exe
2013-12-29 18:29 - 2013-12-29 18:47 - 000007859 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.cat
2013-12-29 18:29 - 2013-12-29 18:47 - 000001167 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.inf
2013-12-29 18:29 - 2013-12-29 18:47 - 000000055 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.log
2013-12-29 18:29 - 2013-12-29 18:47 - 000082816 _____ (VSO Software) C:\Users\Mask\AppData\Roaming\pcouffin.sys
2014-01-02 01:31 - 2017-08-21 20:26 - 000001456 _____ () C:\Users\Mask\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-06 03:14 - 2016-08-15 01:35 - 000004608 _____ () C:\Users\Mask\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-07 10:20 - 2016-07-07 10:20 - 000000764 _____ () C:\Users\Mask\AppData\Local\recently-used.xbel
2014-05-14 10:40 - 2014-05-14 10:40 - 000007606 _____ () C:\Users\Mask\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-12-06 11:45 - 2017-12-06 11:45 - 002390528 _____ (Farbar) C:\Users\Mask\AppData\Local\Temp\4A26.tmp.exe
2017-12-06 11:41 - 2017-12-06 11:41 - 002390528 _____ (Farbar) C:\Users\Mask\AppData\Local\Temp\688F.tmp.exe
2017-12-05 12:51 - 2017-12-05 12:46 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Mask\AppData\Local\Temp\79104729-3343-4B5B-BA05-1861AD80E16C.exe
2017-12-02 17:39 - 2017-09-14 11:30 - 001737600 _____ (Microsoft Corporation) C:\Users\Mask\AppData\Local\Temp\dllnt_dump.dll
2017-12-08 00:47 - 2017-12-05 13:42 - 011584088 _____ (SurfRight B.V.) C:\Users\Mask\AppData\Local\Temp\HitmanPro.exe
2017-12-01 02:21 - 2017-12-01 02:21 - 000000000 _____ () C:\Users\Mask\AppData\Local\Temp\jl-9p9i7.dll
2017-10-31 14:29 - 2017-10-31 14:29 - 001856576 _____ (Oracle Corporation) C:\Users\Mask\AppData\Local\Temp\jre-8u151-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-24 22:25

==================== End of FRST.txt ============================

Link to post
Share on other sites

Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by Mask (08-12-2017 09:09:30)
Running from C:\Users\Mask\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-01-28 09:38:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2499287152-2841305583-4123039165-500 - Administrator - Disabled)
Guest (S-1-5-21-2499287152-2841305583-4123039165-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2499287152-2841305583-4123039165-1005 - Limited - Enabled)
Mask (S-1-5-21-2499287152-2841305583-4123039165-1002 - Administrator - Enabled) => C:\Users\Mask

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
1.0 (HKLM-x32\...\ALAN Wake_is1) (Version:  - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
AnyMedia Player 4.5.1 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 4.5.1 - cyan soft ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS USB-AC68 WLAN Card Driver (HKLM-x32\...\{56A6C59A-E783-41CB-A5F9-9240CA3C6B87}) (Version: 2.1.3.9 - ASUS)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dolphin 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Development Team)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
f.lux (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Flux) (Version:  - )
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HackingToolkit3DS version 5.3 (HKLM-x32\...\{E76AC66E-D0AA-4274-BF9B-7704C777C3C3}_is1) (Version: 5.3 - Asia81)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Kholat (HKLM-x32\...\Kholat_is1) (Version:  - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenToonz version 1.0 (HKLM\...\{D9A9B1A3-9370-4BE9-9C8F-7B52EEECB973}_is1) (Version: 1.0 - DWANGO Co., Ltd.)
PackBit Codec version 1.0.0.1Beta (HKLM-x32\...\{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1) (Version: 1.0.0.1Beta - Dxtory Software)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Roblox Player for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
RX 6 Audio Editor Advanced (HKLM-x32\...\RX 6 Audio Editor Advanced) (Version: 6.00 - iZotope, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps)
Sonic Adventure 2 (c) SEGA version 1 (HKLM-x32\...\Sonic Adventure 2 (c) SEGA_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Task Killer (remove only) (HKLM-x32\...\Task Killer) (Version:  - )
TEKKEN 7 (HKLM-x32\...\TEKKEN 7_is1) (Version:  - )
teVirtualMIDI64 (HKLM\...\{300D1BB9-FA9E-40EA-ADD8-934D5066F6D5}) (Version: 1.2.11.41 - Tobias Erichsen)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi)
Vegas Pro 12.0 (64-bit) (HKLM-x32\...\Vegas Pro 12.0 (64-bit)) (Version: 12.0 (64-bit) - Exµs ™)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vJoy Device Driver 0.2.0.5 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 - Shaul Eizikovich)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham)
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (12/03/2012 1.2.0000.00000) (HKLM\...\32F8755FAEB4107085D8EB430DFE56CD6E5ADDB7) (Version: 12/03/2012 1.2.0000.00000 - Amazon.com)
Windows Driver Package - non-standard.com(tsg-mfg) (NSTDUSB3) USB  (04/18/2014 3.4.7.001) (HKLM\...\AF14DC8D7C324C76B112C941194F10991F58B808) (Version: 04/18/2014 3.4.7.001 - non-standard.com(tsg-mfg))
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM\...\{BEA06A39-583D-486E-A3EB-2A434ED45940}) (Version: 1.9.10 - Yamaha Corporation) Hidden
Yamaha Steinberg USB Driver (HKLM-x32\...\yUninstall_{2938B185-2D57-47B0-9FC8-C90A67BA9277}) (Version: 1.9.10 - Yamaha Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2499287152-2841305583-4123039165-1002_Classes\CLSID\2A89C3F9-59CC-4F4B-9252-C5E7A6F4B248\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-07-10] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {12A7EE85-4764-4F4B-A8EC-163381E72F1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {188C6A92-31C8-40C7-817C-19A0AF262025} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {369EF934-BC6B-4BB7-B098-93FF2370196E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16} - System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => C:\WINDOWS\system32\pcalua.exe -a "C:\Games\The Train\Uninstall.exe"
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5869806D-20DF-4241-AFDC-43EC9C287D18} - System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Mask\Desktop\Kindle Fire ADB Drivers.exe" -d C:\Users\Mask\Desktop
Task: {5984D908-6534-4927-85EE-1B0072A6D7E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.)
Task: {6673E07D-DAB4-4208-9C45-06DAEDB5BDA9} - no filepath
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {90B053F8-4D91-4BFC-9B53-899FEB89E970} - System32\Tasks\Logon Synchronization => C:\Users\Mask\AppData\Local\Temp\ndfapi.exe <==== ATTENTION
Task: {9D9EFBBC-836E-4F91-A600-C2869FB70322} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0} - System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{05560347-3a9b-4644-a8ed-8b64cc947189}\UxStyle_Bundle.exe" -c  /uninstall
Task: {B4B8431F-A304-45BE-8E53-847E7A5ED0F0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {B8552DF7-7B77-4042-844B-1640801F911B} - System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\UN091222.EXE -c /UNINST
Task: {BAD6B62E-C38E-4375-B8EF-740230A2E6D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {C44AD2EA-8417-4285-AB8E-D3F1B41A562D} - System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe"
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E7B7AFE5-AEF9-4E6F-88CD-A4B7DB363AFC} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E859EFB6-A8AE-465A-9F30-10238A8DA1E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.)
Task: {EDB39FA2-06FF-4B11-BADB-8222A72ED960} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-19] (Microsoft Corporation)
Task: {FDD11B9A-CD73-4264-832E-45489CF8E8C5} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-12] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-01-28 01:08 - 2016-07-10 15:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-14 20:44 - 2010-07-14 20:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2017-12-05 01:17 - 2017-12-05 01:17 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 000212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 15:03 - 2012-03-05 15:03 - 000677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 13:53 - 2012-02-16 13:53 - 003642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe
2017-09-26 18:04 - 2017-12-06 15:47 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-11-15 13:28 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 13:28 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-06-25 11:28 - 2016-06-14 12:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-28 21:13 - 2016-11-28 21:13 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-07-05 14:44 - 2017-07-05 14:44 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-11-12 10:37 - 2017-11-12 10:37 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C581A570 [122]
AlternateDataStreams: C:\ProgramData\TEMP:CCA964A4 [126]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01679346.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2016-10-27 16:27 - 000001196 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                   www.techsmith.com
127.0.0.1                   activation.cloud.techsmith.com
127.0.0.1                   oscount.techsmith.com
127.0.0.1                   updater.techsmith.com
127.0.0.1                   camtasiatudi.techsmith.com
127.0.0.3                   tsccloud.cloudapp.net
127.0.0.2                   assets.cloud.techsmith.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mask\Desktop\pacman_maze_harassment_search_22082_1920x1080.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85D609B1-9B9A-4E32-83D5-933545E75204}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30D30666-D7C7-419F-B490-690EE8A3136C}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F63CD267-436B-4458-A091-987AB229AD50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{725C65EA-C79D-4BDD-94CF-9B6257FE6A44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4EC40540-9DE5-42B4-B5A3-A6D07F6732B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{70B726BE-AB78-4D3C-9BDD-D498418C6157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA409F4F-B315-4AA4-99A5-2931333A17DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5EBDEF40-1DF9-48FF-B58F-DA97FA21C8EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4E59D1EB-AEE1-4403-89BB-31EA1CE2622D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D55C04CC-416D-4B83-B12B-8B568E0FAE6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B1D5FB6-0DD1-4D8D-BA40-002AA8E855F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C9FAC8BC-57FA-4276-9051-ACE4CE9C8B87}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD5F3C78-00B5-4DC0-A8A7-617E60752790}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92704457-23A0-41B2-ACE0-770E92156CBB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7CC227D0-CFBB-4FB2-B921-6FD67AECAB47}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [UDP Query User{A5AEB0D4-84D6-42E9-9544-A8A6AD2508D1}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [TCP Query User{363B4324-8EE0-4D0E-9352-1E695FD0FA8E}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [UDP Query User{868E5372-9337-4DB5-823A-995CBEC3BB08}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [TCP Query User{72C30C3E-ECFB-4644-A601-0D15797CC03A}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [UDP Query User{A43F93B8-923C-4FDB-8A6D-2AD455AC97F7}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [TCP Query User{27941305-0BDE-4267-9424-728F83977ACA}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [UDP Query User{E9EA21FF-91E2-4E38-8A19-A17EE7874871}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [TCP Query User{739BCC6F-181E-4170-8252-4E9C0E5588EA}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{D52887C8-A902-40B3-B287-8F190F6B6FAC}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{29E2F539-CBCD-4348-A2AA-5059E69CD01F}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [UDP Query User{18A74D76-83AD-409A-9548-B4458B6AA7CC}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [{1094284D-104E-424E-BFB9-02D0C3537D2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{71204660-BCA1-453C-B403-C10083A80819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4741B901-D5C8-471D-B94E-C5D54C20C7B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6E04AA46-8713-4E99-AF96-E19316F37866}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C39C8FDB-C23E-4912-A169-F3BE1A67A10C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{659025CC-4B70-4E5E-A0D7-1AE197966DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe
FirewallRules: [{493208C6-757C-4044-8D18-329CB54078EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe
FirewallRules: [{4EDD233B-0FEF-4E8D-BE47-18E79CEDC26D}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CD0CCAB-2CDB-4DDC-9923-17A0EF7B1608}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{592B65F9-E897-48BC-8B53-5F4E61D729CA}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7BD09E46-9A73-4168-ABF6-884658B180C9}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7343664-36A7-4020-96D7-A2766CC73FEB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59ACB803-966D-42C6-9C8A-C18C4E5E4834}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5FF79ABB-8AA2-425F-8DC8-0F149E7CA33A}] => (Allow) LPort=8317
FirewallRules: [{9D7C13EC-1258-4189-9B13-3650B31028AF}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{0BFCAF9C-C19E-4F51-ADE3-B0B75B78B09C}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{B26549F3-0285-4BE5-A813-73C76B8FC52D}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{22793626-828F-457F-90AE-CAAF03073F36}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6E9C4DCD-A237-4846-9287-F0A0F23CF054}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-12-2017 00:47:18 UxStyle

==================== Faulty Device Manager Devices =============

Name: vJoy Device
Description: vJoy Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Shaul Eizikovich
Service: vjoy
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2017 01:14:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x000000000003683b
Faulting process id: 0x7ac
Faulting application start time: 0x01d36fc6fb908597
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 27e61e47-dbf8-11e7-803a-d017c29739b7
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/07/2017 07:25:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/07/2017 07:25:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/07/2017 07:25:22 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/07/2017 07:25:22 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/07/2017 06:20:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17489, time stamp: 0x5465bbd5
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0x40000015
Fault offset: 0x0000000000057609
Faulting process id: 0xfc0
Faulting application start time: 0x01d36fcafd93352c
Faulting application path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\system32\msvcrt.dll
Report Id: 6831e4f9-dbbe-11e7-803a-d017c29739b7
Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (12/07/2017 05:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x000000000003683b
Faulting process id: 0x7d0
Faulting application start time: 0x01d36fbffc470cd9
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: f61e5289-dbb9-11e7-8039-d017c29739b7
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/06/2017 06:55:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x000000000003683b
Faulting process id: 0x624
Faulting application start time: 0x01d36f069dc3ea5a
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 04175cc6-dafa-11e7-8037-d017c29739b7
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/06/2017 06:50:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x000000000003683b
Faulting process id: 0x558
Faulting application start time: 0x01d36f04bda8f0d6
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 67f562ad-daf9-11e7-8036-d017c29739b7
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/06/2017 06:36:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/08/2017 09:04:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (12/08/2017 09:03:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (12/08/2017 09:02:19 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (12/08/2017 09:02:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (12/08/2017 01:14:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/07/2017 06:04:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (12/07/2017 05:55:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (12/07/2017 05:54:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (12/07/2017 05:54:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (12/07/2017 05:54:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126


CodeIntegrity:
===================================
  Date: 2017-12-08 09:09:21.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:20.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:20.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:20.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:20.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:19.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:19.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:19.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:18.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-08 09:09:18.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8350 Eight-Core Processor 
Percentage of memory in use: 8%
Total physical RAM: 32666.98 MB
Available physical RAM: 29762.72 MB
Total Virtual: 65434.98 MB
Available Virtual: 62380.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1857.69 GB) (Free:285.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A977CDC0)
Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1857.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

How's your system behaving? Are there any other issues to address?

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by Mask (08-12-2017 22:18:50) Run:3
Running from C:\Users\Mask\Desktop
Loaded Profiles: Mask (Available Profiles: Mask)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16} - System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => C:\WINDOWS\system32\pcalua.exe -a "C:\Games\The Train\Uninstall.exe"
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5869806D-20DF-4241-AFDC-43EC9C287D18} - System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Mask\Desktop\Kindle Fire ADB Drivers.exe" -d C:\Users\Mask\Desktop
Task: {6673E07D-DAB4-4208-9C45-06DAEDB5BDA9} - no filepath
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {90B053F8-4D91-4BFC-9B53-899FEB89E970} - System32\Tasks\Logon Synchronization => C:\Users\Mask\AppData\Local\Temp\ndfapi.exe <==== ATTENTION
Task: {A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0} - System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{05560347-3a9b-4644-a8ed-8b64cc947189}\UxStyle_Bundle.exe" -c  /uninstall
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {B8552DF7-7B77-4042-844B-1640801F911B} - System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\UN091222.EXE -c /UNINST
Task: {C44AD2EA-8417-4285-AB8E-D3F1B41A562D} - System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe"
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:C581A570 [122]
AlternateDataStreams: C:\ProgramData\TEMP:CCA964A4 [126]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336]

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01679346.sys => ""="Driver"

C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile
C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1
C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt
C:\WINDOWS\system32\Drivers\FJCP.txt
C:\WINDOWS\system32\Drivers\CCEN.txt

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16}" => removed successfully
C:\WINDOWS\System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09500EB7-81A3-48AB-B815-37934C7B3D79}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5869806D-20DF-4241-AFDC-43EC9C287D18}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5869806D-20DF-4241-AFDC-43EC9C287D18}" => removed successfully
C:\WINDOWS\System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFF31973-1F41-45ED-9421-435C1B2341F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6673E07D-DAB4-4208-9C45-06DAEDB5BDA9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6673E07D-DAB4-4208-9C45-06DAEDB5BDA9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90B053F8-4D91-4BFC-9B53-899FEB89E970}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90B053F8-4D91-4BFC-9B53-899FEB89E970}" => removed successfully
C:\WINDOWS\System32\Tasks\Logon Synchronization => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Logon Synchronization" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0}" => removed successfully
C:\WINDOWS\System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{685BF87F-0E7C-472F-B1B5-3418335A58D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8552DF7-7B77-4042-844B-1640801F911B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8552DF7-7B77-4042-844B-1640801F911B}" => removed successfully
C:\WINDOWS\System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B50E3088-CB19-459C-92AB-BD9180B3E8B1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C44AD2EA-8417-4285-AB8E-D3F1B41A562D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C44AD2EA-8417-4285-AB8E-D3F1B41A562D}" => removed successfully
C:\WINDOWS\System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => removed successfully
C:\ProgramData\TEMP => ":C581A570" ADS removed successfully
C:\ProgramData\TEMP => ":CCA964A4" ADS removed successfully
C:\ProgramData\TEMP => ":D5FBE8F9" ADS removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\01679346.sys" => removed successfully
C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile => moved successfully
C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1 => moved successfully
C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt => moved successfully
C:\WINDOWS\system32\Drivers\FJCP.txt => moved successfully
C:\WINDOWS\system32\Drivers\CCEN.txt => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36569092 B
Java, Flash, Steam htmlcache => 74004955 B
Windows/system/drivers => 8553189 B
Edge => 0 B
Chrome => 389529107 B
Firefox => 8596685 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 156514 B
NetworkService => 20498618 B
Mask => 1067749771 B

RecycleBin => 4065300826 B
EmptyTemp: => 5.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:21:38 ====

Link to post
Share on other sites

Glad to see that we managed to clean your system Masked, and no problem, you're welcome :)

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

  • j1Bynr2.pngMalwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.