Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 Ran by Nick (administrator) on VALGRIND (14-06-2017 22:51:11) Running from C:\Users\Nick\Desktop Loaded Profiles: Nick (Available Profiles: Nick) Platform: Windows 8 Enterprise (X64) Language: English (United Kingdom) Internet Explorer Version 10 (Default browser: Opera) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [291872 2009-06-30] (NVIDIA Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM-x32\...\Run: [cpx] => "C:\Users\Nick\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1432171336-2654085293-1989152676-1004\...\Run: [Wargaming.net Game Center] => C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe [1626360 2017-06-12] (Wargaming.net) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mbam.exe.lnk [2017-06-11] ShortcutTarget: mbam.exe.lnk -> C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-10-15] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-12-30] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) BootExecute: Partizan ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1DE818F7-78AE-47FD-A61A-86231BCEB8F1}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Tcpip\..\Interfaces\{36A55887-D51F-4454-B19F-9A05F2CF72AE}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{711FB8E6-1DCD-4FFF-9DFB-3B92E344491E}: [DhcpNameServer] 192.168.1.200 Tcpip\..\Interfaces\{D1E3B363-C5F6-40B6-80C9-CFA931F7C912}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = URLSearchHook: [S-1-5-21-1432171336-2654085293-1989152676-1004] ATTENTION => Default URLSearchHook is missing BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2016-12-08] (Perfect World Entertainment Inc) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft) Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-02-27] (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2012-06-02] (Microsoft Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2016-12-08] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default [2017-06-13] CHR Extension: (Docs) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-11] CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-11] CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-11] CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-11] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "drmkpro64" => service could not be unlocked. <===== ATTENTION S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2016-12-08] (Perfect World Entertainment Inc) S2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] () S2 Dataup; C:\Program Files\ntuserlitelist\dataup\dataup.exe [0 2017-06-11] () <==== ATTENTION (zero byte File/Folder) <==== ATTENTION S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-06-06] (Overwolf LTD) S2 SLSvc; C:\Windows\sppsvc.exe [10240 2012-08-25] (Microsoft Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation) S2 windowsmanagementservice; C:\Users\Administrator\AppData\Local\snqbji\myojh\ct.exe [0 2017-06-11] () <==== ATTENTION (zero byte File/Folder) <==== ATTENTION S2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AMPPAL; C:\Windows\System32\drivers\AMPPAL.sys [158720 2012-03-21] (Windows (R) Win 7 DDK provider) [File not signed] S3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3973120 2014-03-13] (Qualcomm Atheros Communications, Inc.) [File not signed] S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) S3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2013-01-04] (Cirrus Logic) S3 cpuz138; C:\Users\Administrator\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-12-25] (CPUID) <==== ATTENTION S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro) S2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [183576 2016-10-27] (BitDefender LLC) S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-12-22] (REALiX(tm)) S3 Impcd; C:\Windows\System32\drivers\Impcd.sys [158976 2010-02-27] (Intel Corporation) [File not signed] S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-18] (Intel(R) Corporation) [File not signed] R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-06-10] (Greatis Software) S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-12-22] (Realsil Semiconductor Corporation) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] () S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation) R5 drmkpro64; <===== ATTENTION: Locked Service S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_x64.sys [X] S3 netwlv64; \SystemRoot\system32\DRIVERS\netwlv64.sys [X] S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X] S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-14 22:51 - 2017-06-14 22:51 - 00013835 _____ C:\Users\Nick\Desktop\FRST.txt 2017-06-14 22:42 - 2017-06-14 22:42 - 00022197 _____ C:\Users\Nick\Downloads\Fixlog.txt 2017-06-14 22:11 - 2017-06-14 22:11 - 02438656 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe 2017-06-14 22:11 - 2017-06-14 22:11 - 00000000 ____D C:\Users\Nick\Desktop\FRST-OlderVersion 2017-06-14 14:17 - 2017-06-14 14:17 - 64232976 _____ (Malwarebytes ) C:\Users\Nick\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-14 14:17 - 2017-06-14 14:17 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Nick\Desktop\AVG_Protection_Free_1606.exe 2017-06-14 14:00 - 2017-06-14 14:04 - 00000000 ____D C:\FRST 2017-06-14 13:26 - 2017-06-14 13:26 - 00000000 ____D C:\Users\Nick\AppData\Roaming\WinRAR 2017-06-14 13:13 - 2017-06-14 13:13 - 00000000 ____D C:\Users\Nick\AppData\Local\ElevatedDiagnostics 2017-06-14 13:11 - 2017-06-14 13:13 - 00000000 ____D C:\MATS 2017-06-14 13:09 - 2017-06-14 13:09 - 00221662 _____ C:\Users\Nick\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2017-06-14 13:07 - 2017-06-14 13:07 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Battle.net 2017-06-14 10:55 - 2017-06-14 10:55 - 00000117 _____ C:\Windows\system32\netcfg-1245558.txt 2017-06-14 10:53 - 2017-06-14 10:53 - 00000117 _____ C:\Windows\system32\netcfg-1109728.txt 2017-06-14 10:37 - 2017-06-14 10:37 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Notepad++ 2017-06-13 22:25 - 2017-06-14 10:37 - 00000000 ____D C:\Users\Nick\AppData\Local\llssoft 2017-06-13 06:31 - 2017-06-13 06:31 - 00000117 _____ C:\Windows\system32\netcfg-134705849.txt 2017-06-13 06:31 - 2017-06-13 06:31 - 00000117 _____ C:\Windows\system32\netcfg-134705740.txt 2017-06-13 06:31 - 2017-06-13 06:31 - 00000117 _____ C:\Windows\system32\netcfg-134697222.txt 2017-06-13 06:31 - 2017-06-13 06:31 - 00000117 _____ C:\Windows\system32\netcfg-134696692.txt 2017-06-13 06:31 - 2017-06-13 06:31 - 00000117 _____ C:\Windows\system32\netcfg-134676661.txt 2017-06-13 06:30 - 2017-06-13 06:30 - 00000117 _____ C:\Windows\system32\netcfg-134673759.txt 2017-06-12 23:22 - 2017-06-12 23:22 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Wargaming.net 2017-06-11 21:14 - 2017-06-11 21:14 - 00000000 ____D C:\Users\Nick\AppData\Roaming\PowerISO 2017-06-11 19:56 - 2017-06-13 22:25 - 00000000 ____D C:\Users\Nick\AppData\Local\ntuserlitelist 2017-06-11 19:46 - 2017-06-11 19:46 - 00000000 ____D C:\Users\Nick\AppData\Roaming\NVIDIA 2017-06-11 19:43 - 2017-06-11 19:43 - 00000000 ____D C:\Windows\pss 2017-06-11 19:25 - 2017-06-11 19:25 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Opera Software 2017-06-11 19:25 - 2017-06-11 19:25 - 00000000 ____D C:\Users\Nick\AppData\Local\Opera Software 2017-06-11 19:11 - 2017-06-14 13:21 - 00000000 ____D C:\Users\Nick\AppData\Local\ClassicShell 2017-06-11 19:08 - 2017-06-11 22:58 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1432171336-2654085293-1989152676-1004 2017-06-11 19:07 - 2017-06-11 19:07 - 00000000 ____D C:\Users\Nick\AppData\Roaming\ClassicShell 2017-06-11 19:03 - 2017-06-11 19:22 - 00002259 _____ C:\Users\Nick\Desktop\Google Chrome.lnk 2017-06-11 19:03 - 2017-06-11 19:03 - 00000000 ____D C:\Users\Nick\AppData\Local\Google 2017-06-11 19:01 - 2017-06-11 19:01 - 00000000 ____D C:\Users\Nick\AppData\Local\VirtualStore 2017-06-11 19:00 - 2017-06-11 19:02 - 00000000 ____D C:\Users\Nick\AppData\Local\Packages 2017-06-11 18:33 - 2017-06-11 19:03 - 00000000 ____D C:\Users\Nick 2017-06-11 18:33 - 2017-06-11 18:33 - 00000020 ___SH C:\Users\Nick\ntuser.ini 2017-06-11 18:23 - 2017-06-11 18:25 - 00000000 _____ C:\Windows\system32\takeown 2017-06-11 17:38 - 2017-06-11 17:38 - 00000000 ____D C:\Users\Nick\AppData\Local\Steam 2017-06-11 17:38 - 2017-06-11 17:38 - 00000000 ____D C:\Users\Nick\AppData\Local\CEF 2017-06-11 12:59 - 2017-06-11 12:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes 2017-06-11 12:06 - 2017-06-11 12:06 - 00000000 ____D C:\ProgramData\Administrator 2017-06-11 10:56 - 2017-06-11 10:56 - 00001583 _____ C:\Users\Administrator\Desktop\ct.exe.lnk 2017-06-11 09:55 - 2017-06-11 09:55 - 00001295 _____ C:\Users\Administrator\Desktop\svcvmx.lnk 2017-06-11 00:35 - 2017-06-11 00:35 - 00001132 _____ C:\Users\Administrator\Desktop\FS 17.lnk 2017-06-10 22:56 - 2017-06-10 22:56 - 00000000 ____D C:\ProgramData\Steam 2017-06-10 22:09 - 2017-06-11 12:36 - 00000000 ____D C:\Program Files\ntuserlitelist 2017-06-10 22:03 - 2017-06-14 22:06 - 00000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT 2017-06-10 21:57 - 2017-06-11 12:21 - 00000000 ____D C:\@RestoreQuarantine 2017-06-10 21:55 - 2017-06-11 12:17 - 00000000 ____D C:\ProgramData\RegRun 2017-06-10 21:53 - 2017-06-10 21:53 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys 2017-06-10 21:52 - 2017-06-10 21:52 - 00000002 RSHOT C:\Windows\winstart.bat 2017-06-10 21:52 - 2017-06-10 21:52 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT 2017-06-10 21:52 - 2017-06-10 21:52 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2017-06-10 21:51 - 2017-06-11 18:12 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2017-06-10 21:51 - 2017-06-11 18:11 - 00000000 ____D C:\Users\Nick\Documents\RegRun2 2017-06-10 21:51 - 2017-06-10 22:08 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2017-06-10 21:51 - 2017-06-10 21:51 - 00003340 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler 2017-06-10 21:51 - 2017-06-10 21:51 - 00001007 _____ C:\Users\Administrator\Desktop\UnHackMe.lnk 2017-06-10 21:51 - 2017-06-10 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2017-06-10 21:51 - 2017-05-25 12:16 - 00014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys 2017-06-10 21:51 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe 2017-06-10 21:39 - 2017-06-10 21:39 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk 2017-06-10 21:39 - 2017-06-10 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2017-06-10 21:39 - 2017-06-10 21:39 - 00000000 ____D C:\Program Files\PowerISO 2017-06-10 21:39 - 2017-02-02 08:27 - 00137792 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys 2017-06-09 18:32 - 2017-06-09 18:32 - 00000117 _____ C:\Windows\system32\netcfg-310003283.txt 2017-06-09 18:31 - 2017-06-09 18:32 - 00000117 _____ C:\Windows\system32\netcfg-310000896.txt 2017-06-09 16:02 - 2017-06-10 20:40 - 00000000 ____D C:\Users\Nick\Desktop\FS 17 maps 2017-06-09 15:45 - 2017-06-09 15:46 - 461743900 _____ C:\Users\Administrator\Desktop\FDR_V4_MAP_PacificInlet_Mud.zip 2017-06-09 13:02 - 2017-06-09 13:03 - 00000000 ____D C:\Users\Nick\Desktop\FS17_ThorntonFarm_pc_ModLandNet 2017-06-09 13:00 - 2017-06-09 13:02 - 581089939 _____ C:\Users\Administrator\Desktop\FS17_ThorntonFarm_pc_ModLandNet.zip 2017-06-09 10:17 - 2017-06-09 10:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\GIANTS Editor 64bit 7.1.0 2017-06-09 10:16 - 2017-06-09 10:16 - 00001220 _____ C:\Users\Administrator\Desktop\GIANTS Editor.lnk 2017-06-08 22:54 - 2017-06-08 22:54 - 00193723 _____ C:\Users\Administrator\Desktop\grleConverter_7.0.1_win32.zip 2017-06-08 22:54 - 2017-06-08 22:54 - 00000000 ____D C:\Users\Nick\Desktop\grleConverter_7.0.1_win32 2017-06-08 22:34 - 2017-06-09 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software 2017-06-08 22:34 - 2017-06-09 10:16 - 00000000 ____D C:\Program Files\GIANTS Software 2017-06-08 22:34 - 2017-06-08 22:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\GIANTSPackageRegistry 2017-06-08 22:34 - 2017-06-08 22:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\GIANTS Editor 64bit 7.0.0 2017-06-08 21:04 - 2017-06-08 22:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++ 2017-06-08 21:04 - 2017-06-08 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-06-08 21:04 - 2017-06-08 21:04 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2017-06-06 15:46 - 2017-06-06 15:56 - 159114917 _____ C:\Users\Administrator\Farming.Simulator.17.v1.2.0.0.zip 2017-06-06 06:31 - 2017-06-06 06:31 - 00000117 _____ C:\Windows\system32\netcfg-7574191.txt 2017-06-06 06:31 - 2017-06-06 06:31 - 00000117 _____ C:\Windows\system32\netcfg-7574051.txt 2017-06-06 06:31 - 2017-06-06 06:31 - 00000117 _____ C:\Windows\system32\netcfg-7564488.txt 2017-06-06 06:31 - 2017-06-06 06:31 - 00000117 _____ C:\Windows\system32\netcfg-7563692.txt 2017-06-06 06:31 - 2017-06-06 06:31 - 00000117 _____ C:\Windows\system32\netcfg-7544083.txt 2017-06-06 06:30 - 2017-06-06 06:30 - 00000117 _____ C:\Windows\system32\netcfg-7540854.txt 2017-06-04 05:18 - 2017-06-11 21:14 - 00000000 ____D C:\Users\Nick\Downloads\FS 15 Mods 2017-06-03 16:12 - 2017-06-03 16:12 - 14195035 _____ C:\Users\Nick\Downloads\Baling_Pack_ModLandNet.zip 2017-06-03 12:44 - 2017-06-03 12:44 - 00001175 _____ C:\Users\Administrator\Desktop\Farming Simulator 15.lnk 2017-06-03 12:37 - 2017-06-03 12:44 - 00000000 ____D C:\Program Files (x86)\Farming Simulator 15 2017-06-03 10:06 - 2017-06-03 10:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Steam 2017-06-03 09:44 - 2017-06-03 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15 2017-06-03 08:52 - 2017-06-10 21:45 - 00000000 ____D C:\Program Files\NTUSERLITELIST.del 2017-06-03 08:51 - 2017-06-10 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent 2017-06-03 08:51 - 2017-06-10 21:32 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\uTorrent 2017-06-03 08:51 - 2017-06-03 08:51 - 00002631 _____ C:\Users\Administrator\Desktop\µTorrent.lnk 2017-06-03 08:47 - 2017-06-03 08:47 - 00410600 _____ C:\Windows\Minidump\060317-30045-01.dmp 2017-06-03 08:39 - 2017-06-03 08:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\c 2017-06-03 08:39 - 2017-06-03 08:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\snqbji 2017-06-03 08:39 - 2017-06-03 08:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\lxkvpcq 2017-06-02 18:31 - 2017-06-02 18:31 - 00000117 _____ C:\Windows\system32\netcfg-1039378267.txt 2017-06-02 18:31 - 2017-06-02 18:31 - 00000117 _____ C:\Windows\system32\netcfg-1039377456.txt 2017-05-31 11:39 - 2017-05-31 11:39 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1419949592 2017-05-31 11:39 - 2017-05-31 11:39 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2017-05-31 05:54 - 2017-05-31 07:06 - 00001643 _____ C:\Users\Administrator\Desktop\World of Warships NA.lnk 2017-05-31 05:54 - 2017-05-31 05:54 - 00001268 _____ C:\Users\Public\Desktop\Wargaming.net Game Center.lnk 2017-05-31 05:54 - 2017-05-31 05:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net 2017-05-31 05:54 - 2017-05-31 05:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wargaming.net 2017-05-31 05:54 - 2017-05-31 05:54 - 00000000 ____D C:\Games 2017-05-31 05:53 - 2017-05-31 05:53 - 00000000 ____D C:\ProgramData\Wargaming.net 2017-05-31 05:53 - 2017-05-31 05:53 - 00000000 ____D C:\Program Files (x86)\Wargaming.net 2017-05-30 21:33 - 2017-05-30 21:33 - 00291512 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2017-05-30 06:31 - 2017-05-30 06:31 - 00000117 _____ C:\Windows\system32\netcfg-736959112.txt 2017-05-30 06:31 - 2017-05-30 06:31 - 00000117 _____ C:\Windows\system32\netcfg-736958894.txt 2017-05-30 06:31 - 2017-05-30 06:31 - 00000117 _____ C:\Windows\system32\netcfg-736950392.txt 2017-05-30 06:31 - 2017-05-30 06:31 - 00000117 _____ C:\Windows\system32\netcfg-736949612.txt 2017-05-30 06:31 - 2017-05-30 06:31 - 00000117 _____ C:\Windows\system32\netcfg-736943372.txt 2017-05-30 06:31 - 2017-05-30 06:31 - 00000117 _____ C:\Windows\system32\netcfg-736942779.txt 2017-05-26 18:32 - 2017-05-26 18:32 - 00000117 _____ C:\Windows\system32\netcfg-434532064.txt 2017-05-26 18:32 - 2017-05-26 18:32 - 00000117 _____ C:\Windows\system32\netcfg-434531565.txt 2017-05-23 06:31 - 2017-05-23 06:31 - 00000117 _____ C:\Windows\system32\netcfg-132113112.txt 2017-05-23 06:31 - 2017-05-23 06:31 - 00000117 _____ C:\Windows\system32\netcfg-132112909.txt 2017-05-23 06:31 - 2017-05-23 06:31 - 00000117 _____ C:\Windows\system32\netcfg-132105421.txt 2017-05-23 06:31 - 2017-05-23 06:31 - 00000117 _____ C:\Windows\system32\netcfg-132104610.txt 2017-05-23 06:31 - 2017-05-23 06:31 - 00000117 _____ C:\Windows\system32\netcfg-132099228.txt 2017-05-23 06:31 - 2017-05-23 06:31 - 00000117 _____ C:\Windows\system32\netcfg-132098869.txt 2017-05-22 18:37 - 2017-05-31 03:07 - 00291512 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2017-05-22 18:37 - 2017-05-22 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\PunkBuster 2017-05-22 18:36 - 2017-06-06 16:47 - 00000000 ____D C:\Users\Nick\Documents\My Games 2017-05-22 18:34 - 2017-05-22 18:34 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-05-21 21:02 - 2017-05-21 21:02 - 00000222 _____ C:\Users\Administrator\Desktop\America's Army Proving Grounds.url 2017-05-21 17:51 - 2017-05-21 17:51 - 00410608 _____ C:\Windows\Minidump\052117-94989-01.dmp 2017-05-21 17:50 - 2017-06-03 08:46 - 443388712 _____ C:\Windows\MEMORY.DMP 2017-05-19 18:32 - 2017-05-19 18:32 - 00000117 _____ C:\Windows\system32\netcfg-2065880633.txt 2017-05-19 18:32 - 2017-05-19 18:32 - 00000117 _____ C:\Windows\system32\netcfg-2065879322.txt 2017-05-17 11:32 - 2017-05-17 11:32 - 00125952 _____ C:\Users\Administrator\AppData\Local\report 2017-05-16 20:27 - 2017-05-16 20:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Tera_Awesomium 2017-05-16 06:32 - 2017-05-16 06:32 - 00000117 _____ C:\Windows\system32\netcfg-1763395006.txt 2017-05-16 06:32 - 2017-05-16 06:32 - 00000117 _____ C:\Windows\system32\netcfg-1763394148.txt 2017-05-16 06:31 - 2017-05-16 06:31 - 00000117 _____ C:\Windows\system32\netcfg-1763376193.txt 2017-05-16 06:31 - 2017-05-16 06:31 - 00000117 _____ C:\Windows\system32\netcfg-1763375927.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-14 22:13 - 2012-07-26 02:28 - 00850046 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-14 22:13 - 2012-07-26 00:37 - 00000000 ____D C:\Windows\Inf 2017-06-14 14:04 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-06-14 13:13 - 2017-04-03 14:18 - 00000000 ____D C:\microdem 2017-06-14 13:07 - 2017-04-27 12:25 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2017-06-14 12:08 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-14 08:24 - 2016-12-27 21:31 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-06-14 02:29 - 2015-09-16 23:48 - 00004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-06-14 02:29 - 2015-09-16 23:48 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-06-14 02:29 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-06-14 02:29 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\Macromed 2017-06-13 10:21 - 2014-12-30 10:14 - 00000000 ____D C:\Program Files\7-Zip 2017-06-13 10:15 - 2017-01-10 19:11 - 00000000 ____D C:\Program Files (x86)\Steam 2017-06-11 20:12 - 2014-12-11 11:07 - 00000000 ____D C:\Users\Administrator 2017-06-11 19:39 - 2012-07-26 00:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-06-11 18:55 - 2017-02-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\ClassicShell 2017-06-11 12:10 - 2016-09-29 13:30 - 00000000 ____D C:\Users\Administrator\AppData\Local\SquirrelTemp 2017-06-11 12:02 - 2016-11-26 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc 2017-06-11 10:56 - 2016-11-26 15:59 - 00000000 ____D C:\Program Files\CONEXANT 2017-06-11 10:05 - 2017-01-30 06:00 - 00000000 ____D C:\Program Files (x86)\Overwolf 2017-06-11 08:37 - 2014-12-30 09:26 - 00000000 ____D C:\Program Files (x86)\Opera 2017-06-10 22:53 - 2015-09-16 07:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2017-06-06 15:53 - 2017-03-04 14:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Glyph 2017-06-06 15:53 - 2017-03-04 14:00 - 00000000 ____D C:\ProgramData\Glyph 2017-06-06 15:53 - 2017-03-04 14:00 - 00000000 ____D C:\Program Files (x86)\Glyph 2017-06-03 10:18 - 2017-03-13 01:30 - 00000000 ____D C:\Users\Nick\Documents\D&D 2017-06-03 08:47 - 2016-12-24 21:32 - 00000000 ____D C:\Windows\Minidump 2017-06-03 03:46 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\en-GB 2017-05-31 05:54 - 2016-09-06 19:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Wargaming.net 2017-05-31 03:04 - 2017-01-30 05:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TS3Client 2017-05-30 23:07 - 2017-02-01 02:44 - 00000000 ____D C:\Users\Administrator\.pyfa 2017-05-30 04:57 - 2017-02-01 02:45 - 00000000 ____D C:\Users\Administrator\.matplotlib 2017-05-29 20:14 - 2014-12-30 10:13 - 00000000 ____D C:\The KMPlayer 2017-05-22 18:34 - 2016-09-18 15:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-05-22 14:10 - 2016-12-21 21:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Warframe 2017-05-21 21:02 - 2017-04-13 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-05-21 20:06 - 2016-09-29 13:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\discord 2017-05-21 19:38 - 2014-12-30 10:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1432171336-2654085293-1989152676-500 2017-05-21 13:47 - 2017-01-30 05:58 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2017-05-16 13:08 - 2015-01-08 23:04 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-16 11:25 - 2016-09-05 01:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Forge ==================== Files in the root of some directories ======= 2016-11-24 00:26 - 2016-11-24 00:26 - 0000634 _____ () C:\Program Files (x86)\Blacklight Retribution_enUpdaterLog.txt Some files in TEMP: ==================== 2017-06-03 08:40 - 2017-06-03 08:40 - 29131136 _____ (AppTrailers) C:\Users\Administrator\AppData\Local\Temp\AppTrailers.9.1.10amt.exe 2017-06-03 08:39 - 2017-06-03 08:39 - 4417064 _____ () C:\Users\Administrator\AppData\Local\Temp\OneSystemCare.exe 2017-06-03 08:40 - 2017-06-03 08:40 - 2211803 _____ (Megamediads Inc. ) C:\Users\Administrator\AppData\Local\Temp\player.exe 2017-06-03 08:39 - 2017-06-03 08:39 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\Setup (1).exe 2017-06-03 08:39 - 2017-06-03 08:39 - 0624640 _____ () C:\Users\Administrator\AppData\Local\Temp\setup.exe 2017-02-24 03:08 - 2017-02-24 03:09 - 44048864 _____ (Skype Technologies S.A.) C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe 2017-02-22 22:01 - 2012-02-13 15:41 - 0314784 _____ () C:\Users\Administrator\AppData\Local\Temp\Uninstaller-2148.exe 2017-02-22 22:05 - 2012-02-13 15:41 - 0314784 _____ () C:\Users\Administrator\AppData\Local\Temp\Uninstaller-2216.exe 2017-01-24 20:36 - 2012-02-13 15:41 - 0314784 _____ () C:\Users\Administrator\AppData\Local\Temp\Uninstaller-3864.exe 2017-01-24 20:35 - 2012-02-13 15:41 - 0314784 _____ () C:\Users\Administrator\AppData\Local\Temp\Uninstaller-4720.exe 2017-01-24 20:36 - 2012-02-13 15:41 - 0314784 _____ () C:\Users\Administrator\AppData\Local\Temp\Uninstaller-4728.exe 2017-01-24 20:34 - 2012-02-13 15:41 - 0314784 _____ () C:\Users\Administrator\AppData\Local\Temp\Uninstaller-5056.exe 2017-01-30 05:59 - 2017-01-30 05:59 - 0065280 _____ () C:\Users\Administrator\AppData\Local\Temp\utils.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-11 03:03 ==================== End of FRST.txt ============================