Jump to content

WMC Agent folder (Trojan Yelloader) will not disapppear


Recommended Posts

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact an Administrator to let them know.

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.

    auto-reply-scan-types2.jpg.86e24e955a95d
     
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.

    auto-reply-scan-types1.jpg.f4eee0e0c9375
     
  4. Click Start Scan
     

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.

    _frst_scan.jpg.d79beccbb6e66628e557f6c28
     
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please attach or copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.
     

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:   notify me.jpeg
 

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

 

 

Link to post
Share on other sites

Hi Ginsyberg :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

I'll be waiting for your logs.

Link to post
Share on other sites

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Link to post
Share on other sites

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive

Boot in the Recovery Environment

  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive in the computer

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

Link to post
Share on other sites

Good :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply
Link to post
Share on other sites

Alright now let's do a sweep with AdwCleaner and RogueKiller.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

Link to post
Share on other sites

RougeKiller Log

RogueKiller V12.12.21.0 (x64) [Jun 11 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Eric's Gaming PC [Administrator]
Started from : C:\Users\Eric's Gaming PC\Downloads\RogueKiller_portable64.exe
Mode : Delete -- Date : 06/15/2018 13:21:10 (Duration : 00:47:38)

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] democratize.exe(10632) -- C:\Program Files (x86)\Cyclists\democratize.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 7 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3928081856-823122749-4048558740-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell15.msn.com/?pc=DCTE  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3928081856-823122749-4048558740-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell15.msn.com/?pc=DCTE  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3928081856-823122749-4048558740-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell15.msn.com/?pc=DCTE  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3928081856-823122749-4048558740-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell15.msn.com/?pc=DCTE  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d970b658-6589-4a46-89be-b3fa15debdc9} | DhcpNameServer : 172.20.10.1 ([])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{da20e825-b4f5-4a89-8678-d26fb2d4d0ec} | DhcpNameServer : 10.13.109.99 ([])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1SB102 +++++
--- User ---
[MBR] f134cb00595d0cb90535b679b75f1e5f
[BSP] b8e45f054339396ae197b95f475a4ee9 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1288192 | Size: 940550 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1927534592 | Size: 450 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1928456192 | Size: 12240 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] d9516da678a1d00f5c698e0e09f8a881
[BSP] a95ec4515f12d48cb7774c1f55ad32af : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 128 | Size: 1989 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

AdwCleaner[S02].txt

Link to post
Share on other sites

Once the threats are moved in quarantine, they become harmless, so you could leave them t here. You can remove them if you want to save space on your system (recover space on your drive).

Alright, now run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Eric's Gaming PC (administrator) on DESKTOP-KPHM1QA (18-06-2018 22:18:46)
Running from C:\Users\Eric's Gaming PC\Downloads
Loaded Profiles: Eric's Gaming PC & PCPitstopSVC & OVRLibraryService (Available Profiles: Eric's Gaming PC & PCPitstopSVC & OVRLibraryService)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123014.inf_amd64_8fcab72aa9e3875f\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123014.inf_amd64_8fcab72aa9e3875f\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(PC Pitstop) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe
() C:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123014.inf_amd64_8fcab72aa9e3875f\IntelCpHeciSvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
() C:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\wallpaper32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123014.inf_amd64_8fcab72aa9e3875f\igfxEM.exe
() C:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\bin\webwallpaper32.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\bin\webwallpaper32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\bin\webwallpaper32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Cyclists\democratize.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(PC Pitstop) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files (x86)\Cyclists\democratize.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Oculus VR, LLC) C:\Program Files\Oculus\Support\oculus-librarian\OVRLibrarian.exe
(Oculus VR, LLC) C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe
(Farbar) C:\Users\Eric's Gaming PC\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8498392 2015-07-13] (Realtek Semiconductor)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35576 2015-09-15] (Alienware)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [PC Matic] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2116352 2018-04-22] (PC Pitstop)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3928081856-823122749-4048558740-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27822536 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3928081856-823122749-4048558740-1001\...\Run: [Chameleon System Monitor] => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [8105088 2017-09-09] (NeoSoft Tools)
HKU\S-1-5-21-3928081856-823122749-4048558740-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd)
HKU\S-1-5-21-3928081856-823122749-4048558740-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{64aa054e-f721-4e02-b1bc-a9ad84101bd5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3928081856-823122749-4048558740-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-3928081856-823122749-4048558740-1001 -> DefaultScope {7569A81D-8E91-4B4F-B6EA-B9C7F00102A6} URL = 
SearchScopes: HKU\S-1-5-21-3928081856-823122749-4048558740-1001 -> {7569A81D-8E91-4B4F-B6EA-B9C7F00102A6} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-06-02] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-02] (Oracle Corporation)
BHO-x32: PCMatic AdBlocker -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\PCMaticAdBlocker.dll [2017-06-29] (PC Matic, LLC)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxps://files.pcpitstop.com/cab/pcmatic.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-09] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [noreply@pcpitstop.com] - C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\pc_matic-1.01-sm+fx+an-windows
FF Extension: (PC Matic) - C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\pc_matic-1.01-sm+fx+an-windows [2017-08-03] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-02] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
CHR Extension: (Slides) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
CHR Extension: (Search and Replace) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo [2017-12-20]
CHR Extension: (YouTube) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
CHR Extension: (Sheets) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (WhatFont) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2017-11-20]
CHR Extension: (Grammarly for Chrome) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (PC Matic) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmhneofinpilciglijihehjpaegledb [2018-04-08]
CHR Extension: (Gmail) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Eric's Gaming PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-04]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [36088 2015-09-15] (Alienware)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
S3 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [36112 2015-07-02] (Alienware)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 IRMTService; c:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [181544 2015-04-30] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MSIClock_CC; C:\Program Files\Alienware\OC Controls\ClockGen\MSIClockService.exe [4012496 2015-06-30] (MSI)
S3 MSICOMM_CC; C:\Program Files\Alienware\OC Controls\MSICommService.exe [2122704 2015-06-30] (MSI)
S3 MSICPU_CC; C:\Program Files\Alienware\OC Controls\CPU\MSICPUService.exe [4173264 2015-06-30] (MSI)
S3 MSICTL_CC; C:\Program Files\Alienware\OC Controls\MSIControlService.exe [2008016 2015-06-01] (MSI)
S3 MSISaveLoad_CC; C:\Program Files\Alienware\OC Controls\MSISaveLoadService.exe [3964368 2015-02-09] (MSI)
S3 MSISMB_CC; C:\Program Files\Alienware\OC Controls\SMBus\MSISMBService.exe [2066384 2015-06-30] (MSI)
S3 MSIWMI_CC; C:\Program Files\Alienware\OC Controls\MSIWMIService.exe [188880 2015-08-24] (MSI)
S3 MSI_ODD_Service; c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe [84432 2014-12-23] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2201920 2018-06-12] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3072328 2018-06-12] (Electronic Arts)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [142264 2018-06-15] (Oculus VR, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [480696 2018-06-15] (Oculus VR)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [812800 2018-04-22] (PC Pitstop)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [198392 2017-06-29] (PC Pitstop LLC)
S3 Product Registration; C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 ThermalsWindowsService; C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe [36088 2015-09-15] (Alienware)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [346600 2017-12-23] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R3 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3221B622; C:\WINDOWS\system32\drivers\3221B622.sys [255928 2018-06-12] (Malwarebytes)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
S4 flecrm; C:\WINDOWS\System32\drivers\igwad.sys [79064 2018-06-03] (Malwarebytes)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [24776 2014-01-23] (Intel Corporation)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1059792 2017-07-12] (e2eSoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-15] (Malwarebytes)
S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 NTIOLib_MSICEN; C:\Program Files\Alienware\Command Center\NTIOLib_Thermals_X64.sys [13808 2015-02-04] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files\Alienware\OC Controls\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSICPU_CC; C:\Program Files\Alienware\OC Controls\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files\Alienware\OC Controls\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files\Alienware\OC Controls\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files\Alienware\OC Controls\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_ODD_Monitor; C:\Program Files (x86)\MSI\ODD Monitor\NTIOLib_X64.sys [13776 2014-12-23] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_6fa5fcef104c0c27\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation)
S3 OCULUSVRHEADSET; C:\WINDOWS\system32\DRIVERS\OCULUS119B.sys [1887232 2016-08-27] (OCULUS)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2017-11-04] (Facebook Inc.)
R3 OCUSBVID; C:\WINDOWS\System32\drivers\ocusbvid111.sys [69176 2016-08-26] (Oculus VR, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-03-28] (The OpenVPN Project) [File not signed]
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-13] (Zemana Ltd.)
S4 kvzuwnma; System32\drivers\wingvoct.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 22:18 - 2018-06-18 22:18 - 002413056 _____ (Farbar) C:\Users\Eric's Gaming PC\Downloads\FRST64 (2).exe
2018-06-15 13:21 - 2018-06-15 13:21 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-06-15 13:20 - 2018-06-18 22:18 - 000000000 ____D C:\ProgramData\RogueKiller
2018-06-15 13:20 - 2018-06-15 13:20 - 027075656 _____ (Adlice Software) C:\Users\Eric's Gaming PC\Downloads\RogueKiller_portable64.exe
2018-06-15 13:19 - 2018-06-15 13:19 - 000001425 _____ C:\Users\Eric's Gaming PC\Desktop\AdwCleaner[S02].txt
2018-06-15 13:09 - 2018-06-15 13:09 - 007271632 _____ (Malwarebytes) C:\Users\Eric's Gaming PC\Downloads\AdwCleaner.exe
2018-06-15 12:59 - 2018-06-15 12:59 - 000010567 _____ C:\Users\Eric's Gaming PC\Desktop\threat scan 76.txt
2018-06-14 19:40 - 2018-06-14 19:40 - 020300990 _____ C:\Users\Eric's Gaming PC\Downloads\Electra 1.0.4 (1).ipa
2018-06-14 19:18 - 2018-06-14 19:18 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\iterate_GmbH
2018-06-14 19:18 - 2018-06-14 19:18 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\Cyberduck
2018-06-14 19:17 - 2018-06-14 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2018-06-14 19:17 - 2018-06-14 19:17 - 000000000 ____D C:\Program Files (x86)\Cyberduck
2018-06-14 19:16 - 2018-06-14 19:16 - 048437304 _____ (iterate GmbH) C:\Users\Eric's Gaming PC\Downloads\Cyberduck-Installer-6.6.1.28146.exe
2018-06-14 19:16 - 2018-06-14 19:16 - 000005316 _____ C:\Users\Eric's Gaming PC\Downloads\delectra-master.zip
2018-06-13 22:49 - 2018-06-13 22:49 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\dsmxvzw
2018-06-13 22:26 - 2018-06-13 22:26 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\wiehudx
2018-06-13 22:23 - 2018-06-13 22:23 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\auicpmn
2018-06-13 20:09 - 2018-06-13 20:09 - 000000882 _____ C:\Users\Eric's Gaming PC\Downloads\Fixlog.txt
2018-06-13 20:00 - 2018-06-13 20:00 - 000001375 _____ C:\Users\Eric's Gaming PC\Downloads\1482674470_ThreatScan.txt
2018-06-13 19:57 - 2018-06-13 19:58 - 000065013 _____ C:\Users\Eric's Gaming PC\Downloads\Addition.txt
2018-06-13 19:54 - 2018-06-13 19:54 - 000001375 _____ C:\Users\Eric's Gaming PC\Desktop\Threat Scan.txt
2018-06-13 19:29 - 2018-06-18 22:22 - 000026125 _____ C:\Users\Eric's Gaming PC\Downloads\FRST.txt
2018-06-13 19:29 - 2018-06-18 22:18 - 000000000 ____D C:\FRST
2018-06-13 19:29 - 2018-06-13 19:29 - 002413056 _____ (Farbar) C:\Users\Eric's Gaming PC\Downloads\FRST64 (1).exe
2018-06-13 16:27 - 2018-06-13 18:17 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-13 16:27 - 2018-06-13 16:27 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-06-13 16:26 - 2018-06-13 16:27 - 011609024 _____ (SurfRight B.V.) C:\Users\Eric's Gaming PC\Downloads\HitmanPro_x64.exe
2018-06-13 16:25 - 2018-06-13 16:25 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\atemdzg
2018-06-13 16:15 - 2018-06-13 16:17 - 000000000 ____D C:\AdwCleaner
2018-06-13 16:15 - 2018-06-13 16:15 - 007372496 _____ (Malwarebytes) C:\Users\Eric's Gaming PC\Downloads\adwcleaner_7.2.0.exe
2018-06-13 15:41 - 2018-06-18 22:22 - 033291574 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-13 15:41 - 2018-06-18 22:21 - 004392193 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-13 15:41 - 2018-06-13 15:41 - 006625600 _____ (Zemana Ltd. ) C:\Users\Eric's Gaming PC\Downloads\Zemana.AntiMalware.Setup.exe
2018-06-13 15:41 - 2018-06-13 15:41 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-13 15:41 - 2018-06-13 15:41 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-13 15:41 - 2018-06-13 15:41 - 000001179 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-06-13 15:41 - 2018-06-13 15:41 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\Zemana
2018-06-13 15:41 - 2018-06-13 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-06-13 15:41 - 2018-06-13 15:41 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-06-13 15:39 - 2018-06-13 15:40 - 000002724 _____ C:\Users\Eric's Gaming PC\Desktop\Rkill.txt
2018-06-13 15:38 - 2018-06-13 15:38 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Eric's Gaming PC\Downloads\rkill.exe
2018-06-13 15:38 - 2018-06-13 15:38 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Eric's Gaming PC\Downloads\iExplore.exe
2018-06-13 07:23 - 2018-06-13 07:23 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\updnisz
2018-06-12 23:33 - 2018-06-12 23:33 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\pwahetc
2018-06-12 22:32 - 2018-06-12 22:32 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3221B622.sys
2018-06-12 22:27 - 2018-06-12 22:27 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\spnuzgo
2018-06-12 22:07 - 2018-06-15 12:40 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-12 22:04 - 2018-06-12 22:04 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\zaewcbk
2018-06-12 21:31 - 2018-06-12 21:31 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\sniaktl
2018-06-12 20:14 - 2018-06-12 20:14 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5912658B.sys
2018-06-12 20:12 - 2018-06-12 23:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-12 20:12 - 2018-06-12 23:23 - 000000000 ____D C:\Users\Eric's Gaming PC\Desktop\mbar
2018-06-12 19:51 - 2018-06-12 19:51 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Eric's Gaming PC\Downloads\mbar-1.10.3.1001.exe
2018-06-12 19:46 - 2018-06-12 19:46 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\sbmgeit
2018-06-12 19:23 - 2018-06-12 19:23 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-12 19:23 - 2018-06-12 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-12 19:23 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-12 19:22 - 2018-06-12 19:22 - 077609632 _____ (Malwarebytes ) C:\Users\Eric's Gaming PC\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5448.exe
2018-06-12 19:17 - 2018-06-12 19:17 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eric's Gaming PC\Downloads\avg_antivirus_free_setup.exe
2018-06-12 19:13 - 2018-06-12 19:13 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\vsdlwao
2018-06-12 17:39 - 2018-06-12 17:39 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\remacix
2018-06-12 17:33 - 2018-06-12 17:33 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\csmilhn
2018-06-12 17:30 - 2018-06-12 17:30 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\nvcerus
2018-06-12 17:25 - 2018-06-12 17:25 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\codlube
2018-06-12 17:20 - 2018-06-12 17:20 - 002413056 _____ (Farbar) C:\Users\Eric's Gaming PC\Downloads\FRST64.exe
2018-06-12 17:16 - 2018-06-12 17:16 - 009986176 _____ C:\Users\Eric's Gaming PC\Downloads\bitdefender_online (1).exe
2018-06-12 17:05 - 2018-06-12 17:05 - 009986176 _____ C:\Users\Eric's Gaming PC\Downloads\bitdefender_online.exe
2018-06-12 16:58 - 2018-06-12 19:57 - 000000000 ____D C:\Program Files\CCleaner
2018-06-12 16:58 - 2018-06-12 16:58 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-06-12 16:58 - 2018-06-12 16:58 - 000002892 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-06-12 16:58 - 2018-06-12 16:58 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-12 16:58 - 2018-06-12 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-12 16:55 - 2018-06-12 16:56 - 015835744 _____ (Piriform Ltd) C:\Users\Eric's Gaming PC\Downloads\ccsetup543pro.exe
2018-06-12 16:54 - 2018-06-12 16:56 - 172661090 _____ (alch ) C:\Users\Eric's Gaming PC\Downloads\clamwin-0.99.4-setup.exe
2018-06-12 16:42 - 2018-06-12 16:42 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\snbutwp
2018-06-12 16:16 - 2018-06-12 16:16 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\lmisxrt
2018-06-12 15:52 - 2018-06-12 15:52 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\ramhenb
2018-06-11 07:23 - 2015-01-01 04:20 - 004603904 _____ C:\Users\Eric's Gaming PC\Desktop\MOVI0001.avi
2018-06-11 07:21 - 2015-01-01 04:19 - 775028736 _____ C:\Users\Eric's Gaming PC\Desktop\MOVI0000.avi
2018-06-10 13:24 - 2018-06-10 13:24 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\usizkae
2018-06-09 11:10 - 2018-06-09 11:10 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\ninkvuz
2018-06-09 10:26 - 2018-06-09 10:26 - 003948280 _____ C:\Users\Eric's Gaming PC\Desktop\scan-1.pdn
2018-06-09 10:12 - 2018-06-09 10:12 - 001780800 _____ C:\Users\Eric's Gaming PC\Downloads\scan.zip
2018-06-09 10:08 - 2018-06-09 09:39 - 002304538 _____ C:\Users\Eric's Gaming PC\Desktop\scan.pdf
2018-06-08 20:16 - 2018-06-08 20:16 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\pssawer
2018-06-08 06:48 - 2018-06-14 22:39 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\containersvc
2018-06-06 18:11 - 2018-06-06 18:11 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-06 18:11 - 2018-06-06 18:11 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-06-06 07:25 - 2018-06-06 07:25 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\lsnxwpm
2018-06-04 07:06 - 2018-06-04 07:06 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\nvnghow
2018-06-03 23:11 - 2018-06-03 23:11 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-03 16:45 - 2018-06-09 10:03 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\iMazing
2018-06-03 16:45 - 2018-06-03 16:45 - 000001863 _____ C:\Users\Public\Desktop\iMazing.lnk
2018-06-03 16:45 - 2018-06-03 16:45 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\DigiDNA
2018-06-03 16:45 - 2018-06-03 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2018-06-03 16:45 - 2018-06-03 16:45 - 000000000 ____D C:\ProgramData\DigiDNA
2018-06-03 16:45 - 2018-06-03 16:45 - 000000000 ____D C:\Program Files\DigiDNA
2018-06-03 16:44 - 2018-06-03 16:44 - 091793744 _____ (DigiDNA ) C:\Users\Eric's Gaming PC\Downloads\iMazing2forWindows.exe
2018-06-03 16:41 - 2018-06-03 16:41 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\igwad.sys
2018-06-03 10:33 - 2018-06-03 10:33 - 025569920 _____ C:\Users\Eric's Gaming PC\Downloads\GiffingTool-4.1-Buy-Later.zip
2018-06-03 10:31 - 2018-06-03 10:31 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\PlaceholderTileLogoFolder
2018-06-03 09:33 - 2018-06-03 10:36 - 000000000 ____D C:\Users\Eric's Gaming PC\Desktop\DCIM
2018-06-03 09:15 - 2018-06-03 09:15 - 001782805 _____ C:\Users\Eric's Gaming PC\Desktop\White Water Park.sv6
2018-06-03 09:15 - 2018-06-03 09:15 - 001664587 _____ C:\Users\Eric's Gaming PC\Desktop\Bumbly Beach.sv6
2018-06-03 09:15 - 2018-06-03 09:15 - 001597022 _____ C:\Users\Eric's Gaming PC\Desktop\Dynamite Dunes.sv6
2018-06-03 09:15 - 2018-06-03 09:15 - 001576196 _____ C:\Users\Eric's Gaming PC\Desktop\Leafy Lake.sv6
2018-06-03 09:15 - 2018-06-03 09:15 - 001515152 _____ C:\Users\Eric's Gaming PC\Desktop\Forest Frontiers.sv6
2018-06-03 09:15 - 2018-06-03 09:15 - 001295828 _____ C:\Users\Eric's Gaming PC\Desktop\Trinity Islands.sv6
2018-06-03 09:01 - 2018-06-03 09:01 - 000000000 ____D C:\Users\Eric's Gaming PC\Desktop\minecraftWorlds
2018-06-03 08:41 - 2018-06-12 21:02 - 000002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-03 08:41 - 2018-06-12 21:02 - 000002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-03 07:49 - 2018-06-03 07:49 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\werxszd
2018-06-02 22:29 - 2018-06-15 12:59 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\wmcagent
2018-06-02 22:26 - 2018-06-14 22:39 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\svcpnak
2018-06-02 22:26 - 2018-06-02 22:26 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\spdzlrn
2018-06-02 22:24 - 2018-06-13 22:45 - 002888704 _____ C:\WINDOWS\system32\avcrzmwsvc.exe
2018-06-02 22:24 - 2018-06-02 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\csdphxo
2018-06-02 22:24 - 2018-06-02 22:24 - 000000000 ____D C:\WINDOWS\system32\csdphxo
2018-06-02 22:24 - 2018-06-02 22:24 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\et
2018-06-02 22:22 - 2018-06-05 17:25 - 000000000 ____D C:\Program Files (x86)\watering
2018-06-02 22:22 - 2018-06-05 17:25 - 000000000 ____D C:\Program Files (x86)\Quotation
2018-06-02 22:22 - 2018-06-04 06:59 - 000000000 ___HD C:\Program Files (x86)\Kung
2018-06-02 22:22 - 2018-06-04 06:55 - 000000000 ___HD C:\Program Files (x86)\elke
2018-06-02 22:22 - 2018-06-03 16:41 - 000000000 ____D C:\Program Files (x86)\woofer
2018-06-02 22:22 - 2018-06-02 22:22 - 000003836 _____ C:\WINDOWS\System32\Tasks\bonfield
2018-06-02 22:22 - 2018-06-02 22:22 - 000003832 _____ C:\WINDOWS\System32\Tasks\intercultural
2018-06-02 22:22 - 2018-06-02 22:22 - 000003730 _____ C:\WINDOWS\System32\Tasks\interculturalintercultural
2018-06-02 22:22 - 2018-06-02 22:22 - 000003724 _____ C:\WINDOWS\System32\Tasks\bonfieldbonfield
2018-06-02 22:22 - 2018-06-02 22:22 - 000000012 _____ C:\WINDOWS\b60062418
2018-06-02 22:22 - 2018-06-02 22:22 - 000000000 ____D C:\Program Files (x86)\Cyclists
2018-06-02 22:21 - 2018-06-03 07:53 - 000000000 ____D C:\Users\Eric's Gaming PC\Documents\Chameleon files
2018-06-02 22:21 - 2018-06-02 22:21 - 000003434 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-startup-Eric's Gaming PC
2018-06-02 22:21 - 2018-06-02 22:21 - 000003038 _____ C:\WINDOWS\System32\Tasks\Chameleon Task Manager-Eric's Gaming PC
2018-06-02 22:21 - 2018-06-02 22:21 - 000003034 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-Eric's Gaming PC
2018-06-02 22:21 - 2018-06-02 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chameleon Task Manager
2018-06-02 22:21 - 2018-06-02 22:21 - 000000000 ____D C:\Program Files (x86)\Chameleon Task Manager
2018-06-02 22:20 - 2018-06-02 22:20 - 000554039 _____ C:\Users\Eric's Gaming PC\Downloads\PhoneRescue 370 Crack Plus License Code Free.zip
2018-06-02 22:07 - 2018-06-02 22:07 - 001038232 _____ (iMobie Inc.) C:\Users\Eric's Gaming PC\Downloads\phonerescue-ios-setup.exe
2018-06-02 22:07 - 2018-06-02 22:07 - 000001193 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2018-06-02 22:07 - 2018-06-02 22:07 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\iMobie
2018-06-02 22:07 - 2018-06-02 22:07 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\iMobie_Inc
2018-06-02 22:07 - 2018-06-02 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2018-06-02 22:07 - 2018-06-02 22:07 - 000000000 ____D C:\Program Files (x86)\iMobie
2018-06-02 22:05 - 2018-06-02 22:05 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\imyfoneSet
2018-06-02 22:04 - 2018-06-02 22:04 - 000001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMyFone D-Port Pro.lnk
2018-06-02 22:04 - 2018-06-02 22:04 - 000001239 _____ C:\Users\Public\Desktop\iMyFone D-Port Pro.lnk
2018-06-02 22:04 - 2018-06-02 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMyFone
2018-06-02 22:04 - 2018-06-02 22:04 - 000000000 ____D C:\Program Files (x86)\iMyFone
2018-06-02 22:01 - 2018-06-02 22:04 - 036314573 _____ C:\Users\Eric's Gaming PC\Downloads\iMyFone D-Port Pro 3.0.0.29 Full Version - HaxOff.Net.rar
2018-06-02 21:52 - 2018-06-02 21:52 - 000001357 _____ C:\Users\Eric's Gaming PC\Desktop\iPhone Backup Extractor.lnk
2018-06-02 21:52 - 2018-06-02 21:52 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\Reincubate
2018-06-02 21:52 - 2018-06-02 21:52 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2018-06-02 21:51 - 2018-06-02 21:51 - 023133416 _____ (Reincubate Ltd) C:\Users\Eric's Gaming PC\Downloads\iphonebackupextractor-latest (1).exe
2018-06-02 21:16 - 2018-06-02 21:16 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\Reincubate Temporary Files
2018-06-02 21:11 - 2018-06-02 21:11 - 022392040 _____ (Reincubate Ltd) C:\Users\Eric's Gaming PC\Downloads\iphonebackupextractor-latest.exe
2018-06-02 12:25 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-06-02 12:16 - 2018-06-02 12:16 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-06-02 12:16 - 2018-06-02 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-02 12:16 - 2018-06-02 12:16 - 000000000 ____D C:\Program Files\iPod
2018-06-02 12:15 - 2018-06-02 12:16 - 000000000 ____D C:\Program Files\iTunes
2018-06-02 12:00 - 2018-06-02 12:01 - 272259912 _____ (Apple Inc.) C:\Users\Eric's Gaming PC\Downloads\iTunes64Setup.exe
2018-06-02 11:58 - 2018-06-02 12:01 - 000000000 ____D C:\Users\Eric's Gaming PC\Desktop\iTunes
2018-06-01 19:52 - 2018-06-01 20:04 - 000000000 ____D C:\Users\Eric's Gaming PC\Desktop\x backup 11.1
2018-06-01 16:45 - 2018-06-01 16:52 - 2975229435 _____ C:\Users\Eric's Gaming PC\Downloads\iPhone10,3,iPhone10,6_11.3.1_15E302_Restore.ipsw
2018-05-31 20:20 - 2018-05-31 20:20 - 000027169 _____ C:\Users\Eric's Gaming PC\Downloads\3999615355580334_iPhone10,3_d22ap_11.4-15F79_63ed7f4745eb337a30a994a246815c2d901f68ef4e4b97db6f1cfa0bc396213c.shsh2
2018-05-29 20:08 - 2018-05-29 20:08 - 015271600 _____ C:\Users\Eric's Gaming PC\Downloads\lockpluspro.deb
2018-05-24 13:38 - 2018-05-25 05:05 - 002478236 _____ C:\Users\Eric's Gaming PC\Desktop\IMG_8720.MOV
2018-05-24 13:27 - 2018-05-25 05:05 - 002760824 _____ C:\Users\Eric's Gaming PC\Desktop\IMG_8721.MOV
2018-05-23 21:28 - 2018-05-23 21:28 - 000160060 _____ C:\Users\Eric's Gaming PC\Downloads\2018_All_ATHLETIC_incl_DMVOutdoor_Adv_Specialists_letter (2).pdf
2018-05-23 21:27 - 2018-05-23 21:27 - 000160060 _____ C:\Users\Eric's Gaming PC\Downloads\2018_All_ATHLETIC_incl_DMVOutdoor_Adv_Specialists_letter (1).pdf
2018-05-23 21:12 - 2018-05-23 21:12 - 000160060 _____ C:\Users\Eric's Gaming PC\Downloads\2018_All_ATHLETIC_incl_DMVOutdoor_Adv_Specialists_letter.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 22:21 - 2017-08-03 21:14 - 000000000 ____D C:\ProgramData\PCPitstopDat
2018-06-18 22:21 - 2016-05-03 20:00 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\Oculus
2018-06-18 22:18 - 2018-01-31 17:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-18 22:18 - 2016-05-03 20:07 - 000000000 ____D C:\Program Files\Oculus
2018-06-18 18:20 - 2018-01-31 18:09 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9A2CEBC-0AF0-4D22-AFCF-27F4D819A010}
2018-06-18 17:18 - 2017-09-22 10:20 - 000000000 ____D C:\Program Files (x86)\Origin
2018-06-18 12:25 - 2017-07-12 23:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-18 00:03 - 2017-08-03 20:41 - 000000000 ____D C:\ProgramData\PCPitstop
2018-06-17 12:18 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-17 12:15 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-17 12:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-17 12:14 - 2016-03-31 08:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-15 15:28 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-15 15:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-15 14:08 - 2015-10-30 03:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-06-14 19:39 - 2018-01-22 19:59 - 000000600 _____ C:\Users\Eric's Gaming PC\AppData\Roaming\winscp.rnd
2018-06-14 19:17 - 2016-03-31 08:27 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-14 19:14 - 2016-03-31 08:37 - 000000000 ____D C:\MSI
2018-06-14 19:13 - 2016-05-03 21:48 - 000000000 __SHD C:\Users\Eric's Gaming PC\IntelGraphicsProfiles
2018-06-14 19:12 - 2018-01-31 18:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-14 18:35 - 2017-09-29 04:45 - 027262976 _____ C:\WINDOWS\system32\config\HARDWARE
2018-06-14 18:35 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-14 16:21 - 2018-03-08 18:35 - 019304283 _____ C:\Users\Eric's Gaming PC\Downloads\Impactor_0.9.44.zip
2018-06-14 16:21 - 2016-05-04 16:19 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\CrashDumps
2018-06-12 20:14 - 2016-05-14 22:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-12 20:07 - 2017-01-28 18:13 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\uTorrent
2018-06-12 20:07 - 2016-03-31 08:38 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-12 20:05 - 2018-01-22 14:59 - 000000000 ___DC C:\WINDOWS\Panther
2018-06-12 20:05 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-12 18:15 - 2016-05-04 16:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-12 18:11 - 2017-10-11 09:33 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-12 18:11 - 2016-05-04 16:05 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-10 13:08 - 2018-01-31 18:04 - 001246378 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-07 14:24 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-06 18:11 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-06 18:11 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-05 19:24 - 2018-04-13 17:36 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:24 - 2018-04-13 17:36 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-03 23:11 - 2016-05-14 22:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-06-03 16:41 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-06-03 10:31 - 2018-01-31 17:53 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Local\Packages
2018-06-03 08:41 - 2018-01-31 18:09 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-03 08:41 - 2018-01-31 18:09 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-03 08:41 - 2016-05-04 16:16 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-03 00:57 - 2018-01-31 18:08 - 000032388 _____ C:\WINDOWS\diagwrn.xml
2018-06-03 00:57 - 2018-01-31 18:08 - 000032388 _____ C:\WINDOWS\diagerr.xml
2018-06-02 23:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Registration
2018-06-02 23:47 - 2018-04-12 06:19 - 000000000 ___HD C:\$WINDOWS.~BT
2018-06-02 13:13 - 2017-10-17 21:46 - 000000000 ____D C:\Program Files\Java
2018-06-02 13:13 - 2016-05-04 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-06-02 13:12 - 2017-10-17 21:47 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-05-23 18:57 - 2017-09-22 10:20 - 000000000 ____D C:\Users\Eric's Gaming PC\AppData\Roaming\Origin

==================== Files in the root of some directories =======

2016-06-02 15:44 - 2016-10-23 13:04 - 000000030 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\alsoft.ini
2018-03-25 16:02 - 2018-04-28 19:03 - 000000129 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\Camdata.ini
2018-03-25 16:02 - 2018-04-28 19:03 - 000000408 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\CamLayout.ini
2018-03-25 16:02 - 2018-04-28 19:03 - 000000408 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\CamShapes.ini
2018-03-25 16:02 - 2018-04-28 19:03 - 000004583 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\CamStudio.cfg
2017-01-11 17:00 - 2017-02-19 00:03 - 005520256 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\MyTest.gcode
2017-02-17 17:05 - 2017-02-19 00:04 - 000006380 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\MyTest.json
2017-01-14 08:39 - 2017-02-17 17:11 - 000000044 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\temp.ree
2018-03-25 15:59 - 2018-04-28 19:02 - 000000096 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\version2.xml
2018-01-22 19:59 - 2018-06-14 19:39 - 000000600 _____ () C:\Users\Eric's Gaming PC\AppData\Roaming\winscp.rnd
2018-01-22 19:01 - 2018-01-22 19:01 - 000000600 _____ () C:\Users\Eric's Gaming PC\AppData\Local\PUTTY.RND
2018-01-07 00:12 - 2018-02-04 15:10 - 000007601 _____ () C:\Users\Eric's Gaming PC\AppData\Local\Resmon.ResmonCfg
2017-04-06 17:43 - 2017-04-06 17:43 - 000000552 _____ () C:\Users\Eric's Gaming PC\AppData\Local\TroubleshooterConfig.json

Some files in TEMP:
====================
2018-06-15 13:20 - 2018-03-13 03:02 - 001954048 ____N (Microsoft Corporation) C:\Users\Eric's Gaming PC\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-13 11:18

==================== End of FRST.txt ============================

Link to post
Share on other sites

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

Hey, aura! Just did the fix, and the popup says:

""

Fix completed. "Fixlog.txt" is saved in the same directory FRST is located

 

The computer needs a restart. Please close all open windows. You will not get a notification from the tool after restart. Click OK to restart.

""

 

Do I restart the PC or no??

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.