Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017 Ran by jayhooks (administrator) on DESKTOP-2UR7JKP (28-10-2017 19:47:21) Running from C:\Users\jayhooks\Desktop Loaded Profiles: jayhooks (Available Profiles: jayhooks & Angie) Platform: Windows 10 Home Version 1607 14393.1066 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () C:\Windows\Microsoft\svchost.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Windows\Microsoft\svchost.exe.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\jayhooks\AppData\Local\Temp\3223.tmp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\jayhooks\AppData\Local\wmipr\wmipr.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-27] (Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM-x32\...\Run: [cpx] => "C:\Program Files\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => "C:\Program Files\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [AnonymizerGadget] => "C:\Users\jayhooks\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1721 /subsource: <==== ATTENTION HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [Chromium] => "c:\users\jayhooks\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-17] (Valve Corporation) HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [Akamai NetSession Interface] => C:\Users\jayhooks\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd) HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd) HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-12] (SUPERAntiSpyware) HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [uTorrent] => "C:\Users\jayhooks\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [MCUNKANWNS.exe] => C:\Program Files\L07MIH5D7L\GRNJBWVNFI\MCUNKANWNS.exe [653312 2017-10-22] () HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [g4link] => rundll32.exe "C:\Users\jayhooks\AppData\Local\g4link.dll",g4link <==== ATTENTION HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [TBHYQOQJGY.exe] => C:\Users\jayhooks\AppData\Roaming\9cecf9e697aa49f788db4ea21a209ae1\TBHYQOQJGY.exe HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [IGKZBMXNHK.exe] => C:\Users\jayhooks\AppData\Roaming\528c97a8d4f5494fb1187f6bf90329d8\IGKZBMXNHK.exe HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\Run: [cvyalsreso] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=9CE792A7557E2098807C4F67D646CD91&utm_d=20171023" <==== ATTENTION HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\...\MountPoints2: {50a4f506-0a48-11e7-a792-645a046dbe90} - "E:\cdp-sptfbw.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2017-04-29] ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Users\jayhooks\Desktop\ps3\ScpTrayApp.exe (Scarlet.Crush Productions) GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 Tcpip\..\Interfaces\{0cd17330-b82e-432d-b695-7a5d1f6c4f01}: [DhcpNameServer] 172.16.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131517099110392300&GUID=C308C012-001A-4993-A033-C554E2E85594 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131517099110398766&GUID=C308C012-001A-4993-A033-C554E2E85594 HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013 SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0B0AyB0FyC0E0CyCtB0BtN0D0Tzu0StBtDyDtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDzytC0DtCtBzztBtGyDyEyCyEtGtAzzyD0CtGtB0F0D0BtG0CtAyE0DyE0AyC0FtDzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1OtDtDtC1TtAyDtGtCtAyEzztGyEtCzzyCtG1Szy1RyBtGyDzzzyzz1R1Q1Szz1PyC1S1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyBzyyBtN1Q2Z1B1P1RzutCyDtDtByCtAyEzytBzz%26cr%3D1027367271%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_15_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0B0AyB0FyC0E0CyCtB0BtN0D0Tzu0StCzytAtBtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtA0EyB0Bzz0CtCtGyCyDtB0FtGyB0CzyyCtGyC0E0FzztGyD0DyB0DtC0BtDtAtD0DyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0B0FyEyD0B0CtGtCtB0EzytGyEzyzyyEtG0A0Bzy0FtGyDtBtCzyyD0B0CyBtC0ByCyB2QtN0A0LzuyE%26cr%3D526840001%26a%3Dwbf_ir_17_15_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-4042677840-2483703146-3127757777-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B783F0A1D-100E-435F-9C37-1701E5D66859%7D&gp=811014 SearchScopes: HKU\S-1-5-21-4042677840-2483703146-3127757777-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4042677840-2483703146-3127757777-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0B0AyB0FyC0E0CyCtB0BtN0D0Tzu0StBtDyDtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDzytC0DtCtBzztBtGyDyEyCyEtGtAzzyD0CtGtB0F0D0BtG0CtAyE0DyE0AyC0FtDzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1OtDtDtC1TtAyDtGtCtAyEzztGyEtCzzyCtG1Szy1RyBtGyDzzzyzz1R1Q1Szz1PyC1S1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyBzyyBtN1Q2Z1B1P1RzutCyDtDtByCtAyEzytBzz%26cr%3D1027367271%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-4042677840-2483703146-3127757777-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKU\S-1-5-21-4042677840-2483703146-3127757777-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B783F0A1D-100E-435F-9C37-1701E5D66859%7D&gp=811014 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-21] (Microsoft Corporation) BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\ZfJRwqLPhIE\tPllhnPh.dll [2017-10-22] () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-13] (Oracle Corporation) BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\jayhooks\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2017-10-22] (Mail.Ru) BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\ZfJRwqLPhIE\krtu1nr.dll [2017-10-22] () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-13] (Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-21] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-21] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-21] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-21] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-13] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR HomePage: Default -> msn.com CHR Profile: C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\Default [2017-10-28] CHR Extension: (Google Docs Offline) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-29] CHR Extension: (AdBlock) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-19] CHR Extension: (Adblocker for Youtube™) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-10-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Chrome Media Router) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-15] CHR Profile: C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-06] CHR Extension: (No Name) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-10-23] CHR Extension: (Adblocker for Youtube™) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-10-22] CHR Extension: (ae) - C:\Users\jayhooks\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2017-10-22] CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4042677840-2483703146-3127757777-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "drmkpro64" => service could not be unlocked. <==== ATTENTION S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) [File not signed] R2 AdsService; C:\Users\jayhooks\AppData\Local\AdService\AdService.dll [781312 2017-10-22] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923888 2017-10-12] (Microsoft Corporation) S2 Dataup; C:\Users\jayhooks\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd) S2 Ds3Service; C:\Users\jayhooks\Desktop\ps3\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed] R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed] R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8602992 2017-09-11] (Reimage®) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [306944 2015-07-27] (Realtek Semiconductor) R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH) S3 updater; C:\Users\jayhooks\Desktop\ps3\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed] S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635672 2014-05-21] (Wacom Technology, Corp.) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) S2 windowsmanagementservice; C:\Users\jayhooks\AppData\Local\fuuzbem\bvtdcd\ct.exe [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 4a94989c673654521c40ccb6ab2aeb6b; C:\WINDOWS\system32\drivers\4a94989c673654521c40ccb6ab2aeb6b.sys [115336 2017-10-20] (CU37R1) <==== ATTENTION R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-18] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-18] (Disc Soft Ltd) S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation) S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation) R3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2017-04-29] (hxxp://libusb-win32.sourceforge.net) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [412400 2015-08-05] (Realsil Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-07-15] (Wellbia.com Co., Ltd.) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-25] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-25] (Zemana Ltd.) S1 amxahclk; \??\C:\WINDOWS\system32\drivers\amxahclk.sys [X] S5 drmkpro64; <==== ATTENTION: Locked Service <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-28 19:47 - 2017-10-28 19:48 - 000028686 _____ C:\Users\jayhooks\Desktop\FRST.txt 2017-10-28 19:47 - 2017-10-28 18:40 - 002403328 _____ (Farbar) C:\Users\jayhooks\Desktop\FRST64.exe 2017-10-28 19:45 - 2017-10-28 19:45 - 002403328 _____ (Farbar) C:\Users\jayhooks\Downloads\FRST64 (1).exe 2017-10-28 18:41 - 2017-10-28 19:47 - 000000000 ____D C:\FRST 2017-10-28 18:40 - 2017-10-28 18:40 - 002403328 _____ (Farbar) C:\Users\jayhooks\Downloads\FRST64.exe 2017-10-28 18:29 - 2017-10-28 18:30 - 071535032 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (5).exe 2017-10-28 18:07 - 2017-10-28 18:06 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Desktop\Loakj.exe 2017-10-28 18:06 - 2017-10-28 19:44 - 000002314 _____ C:\Users\jayhooks\Desktop\Rkill.txt 2017-10-28 18:06 - 2017-10-28 18:06 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill-unsigned (5).exe 2017-10-28 18:04 - 2017-10-28 18:04 - 013290179 _____ C:\Users\jayhooks\Downloads\mbar-1.10.1.1002-nr.exe 2017-10-28 18:04 - 2017-10-28 18:04 - 000000000 ____D C:\Users\jayhooks\Desktop\mbar 2017-10-28 18:02 - 2017-10-28 18:02 - 010424456 _____ (Piriform Ltd) C:\Users\jayhooks\Downloads\ccsetup536pro (1).exe 2017-10-28 18:01 - 2017-10-28 18:01 - 010424456 _____ (Piriform Ltd) C:\Users\jayhooks\Downloads\ccsetup536pro.exe 2017-10-28 17:31 - 2017-10-28 17:31 - 000969160 _____ (MalwareBytes) C:\Users\jayhooks\Desktop\mbam-chameleon.pif 2017-10-28 17:27 - 2017-10-28 17:27 - 006705178 _____ C:\Users\jayhooks\Downloads\mbam-chameleon-3.1.33.0 (1).zip 2017-10-28 16:20 - 2017-10-28 16:20 - 000566128 _____ (Malwarebytes) C:\Users\jayhooks\Downloads\mbam-clean-2.3.0.1001.exe 2017-10-28 16:19 - 2017-10-28 16:19 - 008250832 _____ (Malwarebytes) C:\Users\jayhooks\Downloads\AdwCleaner.exe 2017-10-28 16:16 - 2017-10-28 16:16 - 009932672 _____ C:\Users\jayhooks\Downloads\bitdefender_online.exe 2017-10-28 16:08 - 2017-10-28 16:08 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\jayhooks\Downloads\SpyHunter-Installer.exe 2017-10-28 16:00 - 2017-10-28 16:00 - 000004358 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater 2017-10-28 16:00 - 2017-10-28 16:00 - 000001946 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk 2017-10-28 16:00 - 2017-10-28 16:00 - 000000000 ____D C:\ProgramData\Reimage Protector 2017-10-28 16:00 - 2017-10-28 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2017-10-28 16:00 - 2017-10-28 16:00 - 000000000 ____D C:\Program Files\Reimage 2017-10-28 15:59 - 2017-10-28 16:03 - 000000000 ____D C:\rei 2017-10-28 15:59 - 2017-10-28 16:01 - 000000140 _____ C:\WINDOWS\Reimage.ini 2017-10-28 15:59 - 2017-10-28 15:59 - 000604928 _____ (Reimage) C:\Users\jayhooks\Downloads\ReimageRepair.exe 2017-10-28 15:54 - 2017-10-28 15:54 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-10-28 15:54 - 2017-10-28 15:54 - 000001106 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-10-28 15:52 - 2017-10-28 15:53 - 015756368 _____ (TeamViewer GmbH) C:\Users\jayhooks\Downloads\TeamViewer_Setup.exe 2017-10-28 14:42 - 2017-10-28 14:42 - 022851472 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe 2017-10-28 14:40 - 2017-10-28 14:40 - 068408664 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mb3-setup-consumer-3.2.2.2029.exe 2017-10-28 14:39 - 2017-10-28 14:40 - 071535032 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (4).exe 2017-10-28 14:37 - 2017-10-28 14:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\uSeRiNiT.exe 2017-10-28 14:37 - 2017-10-28 14:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill.com 2017-10-28 14:35 - 2017-10-28 14:35 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill.scr 2017-10-28 14:35 - 2017-10-28 14:35 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\eXplorer.exe 2017-10-28 14:29 - 2017-10-28 14:29 - 006705178 _____ C:\Users\jayhooks\Downloads\mbam-chameleon-3.1.33.0.zip 2017-10-28 14:27 - 2017-10-28 14:28 - 071535032 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (3).exe 2017-10-25 20:17 - 2017-10-25 20:17 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\iExplore (5).exe 2017-10-25 20:15 - 2017-10-25 20:16 - 071535032 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (2).exe 2017-10-25 20:09 - 2017-10-25 20:09 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill-unsigned (4).exe 2017-10-25 20:07 - 2017-10-25 20:08 - 071535032 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (1).exe 2017-10-25 01:17 - 2017-10-25 01:17 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill-unsigned (3).exe 2017-10-25 01:16 - 2017-10-25 01:16 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Desktop\rkill.exe 2017-10-25 01:15 - 2017-10-25 01:15 - 000841241 _____ C:\Users\jayhooks\Downloads\rkill.zip 2017-10-25 01:14 - 2017-10-25 01:14 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill-unsigned (2).exe 2017-10-25 01:06 - 2017-10-25 01:06 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill-unsigned (1).exe 2017-10-25 00:57 - 2017-10-25 00:57 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill-unsigned.exe 2017-10-25 00:56 - 2017-10-25 00:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\iExplore (4).exe 2017-10-25 00:24 - 2017-10-25 00:27 - 071535032 _____ (Malwarebytes ) C:\Users\jayhooks\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe 2017-10-25 00:22 - 2017-10-25 00:22 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill (2).exe 2017-10-23 22:37 - 2017-10-23 22:37 - 000346112 _____ C:\Users\jayhooks\Downloads\Unlocker x64 1.9.2.msi 2017-10-23 22:37 - 2017-10-23 22:37 - 000001876 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker.lnk 2017-10-23 22:37 - 2017-10-23 22:37 - 000000000 ____D C:\Program Files\Unlocker 2017-10-22 22:58 - 2017-10-22 22:59 - 001546409 _____ ( ) C:\Users\jayhooks\Downloads\HDSetup_3467930300.exe 2017-10-22 22:34 - 2017-10-22 22:34 - 009809688 _____ (Piriform Ltd) C:\Users\jayhooks\Downloads\ccsetup535 (2).exe 2017-10-22 22:27 - 2017-10-22 22:28 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\iExplore (3).exe 2017-10-22 22:23 - 2017-10-22 22:24 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\iExplore (1).exe 2017-10-22 22:22 - 2017-10-28 16:52 - 000000000 ____D C:\Users\jayhooks\AppData\LocalLow\CelGrfgXIrZdI 2017-10-22 22:21 - 2017-10-22 22:21 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill (1).exe 2017-10-22 22:19 - 2017-10-22 22:19 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\rkill.exe 2017-10-22 22:16 - 2017-10-22 22:16 - 009809688 _____ (Piriform Ltd) C:\Users\jayhooks\Downloads\ccsetup535 (1).exe 2017-10-22 22:15 - 2017-10-22 22:15 - 009809688 _____ (Piriform Ltd) C:\Users\jayhooks\Downloads\ccsetup535.exe 2017-10-22 22:09 - 2017-10-22 22:09 - 000016802 _____ C:\WINDOWS\System32\Tasks\Simple Giga 2017-10-22 22:09 - 2017-10-22 22:09 - 000000000 ____D C:\Users\jayhooks\AppData\Local\AdService 2017-10-22 22:08 - 2017-10-22 22:11 - 000000326 _____ C:\WINDOWS\Tasks\PjDfytumxbayONn.job 2017-10-22 22:08 - 2017-10-22 22:08 - 000003214 _____ C:\WINDOWS\System32\Tasks\zjwPaeaadZaNwF 2017-10-22 22:08 - 2017-10-22 22:08 - 000002864 _____ C:\WINDOWS\System32\Tasks\PjDfytumxbayONn2 2017-10-22 22:08 - 2017-10-22 22:08 - 000002646 _____ C:\WINDOWS\System32\Tasks\PjDfytumxbayONn 2017-10-22 22:08 - 2017-10-22 22:08 - 000000000 ____D C:\Users\jayhooks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget 2017-10-22 22:08 - 2017-10-22 22:08 - 000000000 ____D C:\Program Files (x86)\zTWnHlzwjSUn 2017-10-22 22:08 - 2017-10-22 22:08 - 000000000 ____D C:\Program Files (x86)\ZfJRwqLPhIE 2017-10-22 22:08 - 2017-10-22 22:08 - 000000000 ____D C:\Program Files (x86)\kqEuPYMaU 2017-10-22 22:08 - 2017-10-22 22:08 - 000000000 ____D C:\Program Files (x86)\JIdcnntTvnKU2 2017-10-22 22:07 - 2017-10-22 22:07 - 000000000 ____D C:\Program Files\5a9962f363dba27d02cde4821a036ff5 2017-10-22 22:06 - 2017-10-22 22:06 - 000014848 _____ C:\Users\jayhooks\AppData\Local\g4link.dll 2017-10-22 22:06 - 2017-10-22 22:06 - 000003072 _____ C:\Users\jayhooks\AppData\Local\uninstallce.exe 2017-10-22 22:06 - 2017-10-22 22:06 - 000000000 ____D C:\Users\jayhooks\AppData\Local\wupdate 2017-10-22 22:05 - 2017-10-27 21:43 - 000000000 ____D C:\Users\jayhooks\AppData\Local\wmipr 2017-10-22 22:05 - 2017-10-24 00:00 - 000000000 ____D C:\Users\jayhooks\AppData\Local\935b845965f14e518271229e50212345 2017-10-22 22:05 - 2017-10-22 22:05 - 000004116 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_DO 2017-10-22 22:05 - 2017-10-22 22:05 - 000004104 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_NP 2017-10-22 22:05 - 2017-10-22 22:05 - 000004104 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HM 2017-10-22 22:05 - 2017-10-22 22:05 - 000004104 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AB 2017-10-22 22:05 - 2017-10-22 22:05 - 000004096 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_KP 2017-10-22 22:05 - 2017-10-22 22:05 - 000003508 _____ C:\WINDOWS\System32\Tasks\wmipr 2017-10-22 22:04 - 2017-10-22 22:33 - 000000000 ____D C:\Program Files (x86)\Mail.Ru 2017-10-22 22:04 - 2017-10-22 22:07 - 000000000 ____D C:\Program Files (x86)\pccleanplus 2017-10-22 22:04 - 2017-10-22 22:04 - 000000000 ____D C:\Users\jayhooks\AppData\Local\Поиcк в Интeрнете 2017-10-22 22:02 - 2017-10-22 22:33 - 000000000 ____D C:\Users\jayhooks\AppData\Local\Mail.Ru 2017-10-22 22:01 - 2017-10-22 22:33 - 000000000 ____D C:\ProgramData\Mail.Ru 2017-10-22 22:01 - 2017-10-22 22:01 - 000003426 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck 2017-10-22 22:01 - 2017-10-22 22:01 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-10-22 21:54 - 2017-10-22 21:54 - 000000554 _____ C:\Users\jayhooks\Downloads\patch_crack_south_park_the_fractured_but_whole_3ba-b2a (1).torrent 2017-10-22 21:53 - 2017-10-22 21:55 - 001676296 _____ C:\Users\jayhooks\Downloads\patch_crack_south_park_the_fractured_but_whole_3ba-b2a___.exe 2017-10-22 21:53 - 2017-10-22 21:53 - 000000554 _____ C:\Users\jayhooks\Downloads\patch_crack_south_park_the_fractured_but_whole_3ba-b2a.torrent 2017-10-21 22:14 - 2017-10-21 22:14 - 000000000 ____D C:\Users\Public\Documents\uPlay 2017-10-21 21:56 - 2017-10-22 22:01 - 000001212 _____ C:\Users\jayhooks\Desktop\South Park The Fractured But Whole.lnk 2017-10-21 21:56 - 2017-10-22 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\South Park The Fractured But Whole 2017-10-21 21:05 - 2017-10-22 21:05 - 000000000 ____D C:\Program Files\South Park The Fractured But Whole 2017-10-21 21:02 - 2017-10-22 21:55 - 538620472 _____ C:\Users\jayhooks\Downloads\[RePack] Full version Game - by FGrL [4,8 GB Compressed].zip 2017-10-21 21:00 - 2017-10-22 21:53 - 000000000 ____D C:\Users\jayhooks\AppData\LocalLow\uTorrent 2017-10-21 21:00 - 2017-10-21 21:00 - 000034855 _____ C:\Users\jayhooks\Downloads\South-Park-The-Fractured-But-Whole.torrent 2017-10-21 18:15 - 2017-10-21 18:16 - 524562624 _____ C:\Users\jayhooks\Downloads\SOUTHPRKTHEFRACTUREDWH.part4.rar 2017-10-21 16:59 - 2017-10-21 17:08 - 966787072 _____ C:\Users\jayhooks\Downloads\SOUTHPRKTHEFRACTUREDWH.part3.rar 2017-10-21 13:11 - 2017-10-21 13:19 - 966787072 _____ C:\Users\jayhooks\Downloads\SOUTHPRKTHEFRACTUREDWH.part2.rar 2017-10-20 08:51 - 2017-10-20 08:51 - 000499712 _____ C:\WINDOWS\44306fcf450789ddefc0b0e23a2174fb.exe 2017-10-20 08:51 - 2017-10-20 08:51 - 000115336 _____ (CU37R1) C:\WINDOWS\system32\Drivers\4a94989c673654521c40ccb6ab2aeb6b.sys 2017-10-20 08:51 - 2017-10-20 08:51 - 000051614 _____ C:\WINDOWS\uninstaller.dat 2017-10-20 01:31 - 2017-10-21 13:41 - 000000000 ____D C:\Users\jayhooks\Desktop\SOUTH.PARK.THE.FRACTURED.BUT.WHOLE-CODEPUNKS 2017-10-20 01:24 - 2017-10-20 01:30 - 966787072 _____ C:\Users\jayhooks\Downloads\SOUTHPRKTHEFRACTUREDWH.part1.rar 2017-10-19 20:50 - 2017-10-19 20:50 - 000000000 ____D C:\Users\jayhooks\Downloads\cdp-sptfbw 2017-10-10 14:26 - 2017-10-10 14:26 - 000001647 _____ C:\Users\Public\Desktop\Cuphead.lnk 2017-10-10 14:26 - 2017-10-10 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cuphead [GOG.com] 2017-10-10 14:14 - 2017-09-29 17:19 - 000000000 ____D C:\Users\jayhooks\Desktop\cupheadgog 2017-10-10 14:11 - 2017-10-10 14:13 - 2139018484 _____ C:\Users\jayhooks\Downloads\cupheadgog.rar 2017-10-05 16:45 - 2017-10-05 16:45 - 000001293 _____ C:\Users\jayhooks\Desktop\Google Chrome.lnk 2017-10-05 16:05 - 2017-04-21 17:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2017-10-05 16:05 - 2017-04-21 17:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2017-10-05 16:04 - 2017-04-21 17:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll 2017-10-05 16:04 - 2017-04-21 17:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2017-10-05 16:04 - 2017-04-11 14:27 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2017-10-05 16:04 - 2017-03-15 14:15 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2017-10-05 16:03 - 2017-04-11 14:27 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2017-10-05 16:03 - 2017-03-15 14:15 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2017-10-05 15:58 - 2017-10-05 15:58 - 000000000 ___HD C:\$WINDOWS.~BT 2017-10-05 01:19 - 2017-08-04 01:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-10-05 01:19 - 2017-08-04 01:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-10-05 01:19 - 2017-08-04 01:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-10-05 01:19 - 2017-08-04 00:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-10-03 02:59 - 2017-10-03 03:00 - 000000000 ____D C:\Program Files\ntuserlitelist 2017-09-29 03:29 - 2017-09-29 03:29 - 000000039 _____ C:\Users\jayhooks\AppData\Local\kritadisplayrc ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-28 19:48 - 2017-07-25 01:55 - 000067747 _____ C:\WINDOWS\ZAM.krnl.trace 2017-10-28 19:48 - 2017-07-25 01:55 - 000036805 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-10-28 19:35 - 2017-05-07 05:46 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-10-28 19:35 - 2016-01-04 06:50 - 000000000 __SHD C:\Users\jayhooks\IntelGraphicsProfiles 2017-10-28 19:30 - 2016-11-20 14:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-10-28 19:29 - 2016-07-16 02:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2017-10-28 18:57 - 2016-11-20 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-10-28 18:42 - 2016-01-10 01:35 - 000000000 ____D C:\Users\jayhooks\AppData\Local\ElevatedDiagnostics 2017-10-28 17:32 - 2016-06-15 00:33 - 000000000 ____D C:\Program Files (x86)\Steam 2017-10-28 16:58 - 2016-05-10 21:02 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-10-28 16:29 - 2016-01-07 19:58 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-10-28 16:22 - 2016-11-20 14:37 - 000341768 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-10-28 16:21 - 2017-04-26 16:27 - 000000000 ____D C:\Users\jayhooks 2017-10-28 16:21 - 2016-01-04 03:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-10-28 16:20 - 2017-07-25 02:01 - 000000000 ____D C:\Users\jayhooks\AppData\Roaming\Skype 2017-10-26 15:18 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-10-25 00:28 - 2017-07-24 17:38 - 000002059 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-23 22:25 - 2017-07-24 23:37 - 000000000 ____D C:\Users\jayhooks\Desktop\New folder 2017-10-22 22:29 - 2017-07-24 04:09 - 002030536 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\iExplore.exe 2017-10-22 22:28 - 2017-07-24 04:49 - 002030536 _____ (Bleeping Computer, LLC) C:\Users\jayhooks\Downloads\iExplore (2).exe 2017-10-22 22:11 - 2017-07-24 00:08 - 000000258 __RSH C:\Users\jayhooks\ntuser.pol 2017-10-22 22:11 - 2016-03-03 02:57 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-10-22 22:04 - 2017-04-26 16:21 - 000000000 ____D C:\Program Files\Synaptics 2017-10-22 22:03 - 2017-07-24 03:57 - 000000000 ____D C:\Program Files\L07MIH5D7L 2017-10-21 19:36 - 2016-09-02 18:03 - 000000000 ____D C:\Users\jayhooks\Documents\My Games 2017-10-21 15:40 - 2016-07-16 07:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-10-21 15:36 - 2017-08-30 00:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-10-21 15:07 - 2017-04-29 18:19 - 000000000 ____D C:\Users\jayhooks\Desktop\ps3 2017-10-21 15:07 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF 2017-10-10 22:24 - 2017-04-29 17:18 - 000000000 ____D C:\WINDOWS\Minidump 2017-10-10 22:24 - 2016-01-04 06:36 - 000415359 ____N C:\WINDOWS\Minidump\101017-31140-01.dmp 2017-10-10 16:56 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-10-10 14:17 - 2016-07-26 20:26 - 000000000 ____D C:\GOG Games 2017-10-10 00:54 - 2016-02-22 20:40 - 000000000 __SHD C:\Users\Angie\IntelGraphicsProfiles 2017-10-08 08:59 - 2016-01-04 06:36 - 000297207 ____N C:\WINDOWS\Minidump\100817-31187-01.dmp 2017-10-06 23:32 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache 2017-10-05 23:53 - 2017-07-24 22:07 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2017-10-05 23:48 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-10-05 16:39 - 2016-01-07 19:57 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-10-05 16:01 - 2017-04-26 20:17 - 000000000 ___DC C:\WINDOWS\Panther 2017-10-03 16:58 - 2017-09-16 23:24 - 000000000 ____D C:\Program Files\rempl 2017-10-03 16:21 - 2016-01-04 06:36 - 000299703 ____N C:\WINDOWS\Minidump\100317-39437-01.dmp 2017-10-03 02:52 - 2016-01-04 06:36 - 000299255 ____N C:\WINDOWS\Minidump\100317-32875-01.dmp 2017-09-29 10:46 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-09-29 03:29 - 2017-07-01 09:18 - 000019047 _____ C:\Users\jayhooks\AppData\Local\kritarc ==================== Files in the root of some directories ======= 2016-05-06 23:16 - 2016-05-06 23:16 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\aatxtname.txt 2017-07-01 09:19 - 2017-07-01 09:19 - 000000063 _____ () C:\Users\jayhooks\AppData\Local\emaildefaults 2017-10-22 22:06 - 2017-10-22 22:06 - 000014848 _____ () C:\Users\jayhooks\AppData\Local\g4link.dll 2017-07-01 09:21 - 2017-07-01 09:21 - 000000420 _____ () C:\Users\jayhooks\AppData\Local\karboncalligraphyrc 2017-09-29 03:29 - 2017-09-29 03:29 - 000000039 _____ () C:\Users\jayhooks\AppData\Local\kritadisplayrc 2017-07-01 09:18 - 2017-09-29 03:29 - 000019047 _____ () C:\Users\jayhooks\AppData\Local\kritarc 2016-03-18 01:00 - 2016-03-18 01:00 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\ok223.txt 2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\jayhooks\AppData\Local\report 2016-05-06 23:17 - 2016-05-06 23:17 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\run.txt 2016-05-06 23:19 - 2016-05-06 23:19 - 000000001 _____ () C:\Users\jayhooks\AppData\Local\setupsuccessful.txt 2016-05-06 23:17 - 2016-05-06 23:19 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\stxtname.txt 2016-05-06 23:17 - 2016-05-06 23:17 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\tr5b.txt 2017-10-22 22:06 - 2017-10-22 22:06 - 000003072 _____ () C:\Users\jayhooks\AppData\Local\uninstallce.exe 2017-04-26 16:22 - 2017-04-26 16:22 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2016-03-04 22:58 - 2016-03-04 22:58 - 001134080 _____ () C:\ProgramData\TrezaaSetupx30039.msi Some files in TEMP: ==================== 2017-10-23 21:58 - 2017-10-22 22:05 - 000783312 _____ (ResqApp SOFT Inc) C:\Users\jayhooks\AppData\Local\Temp\152.tmp.exe 2017-10-28 13:25 - 2017-10-27 21:41 - 000799728 _____ () C:\Users\jayhooks\AppData\Local\Temp\23E1.tmp.exe 2017-10-22 21:59 - 2017-10-22 22:01 - 002609336 _____ () C:\Users\jayhooks\AppData\Local\Temp\30dzciPfRPRw.exe 2017-10-25 00:53 - 2017-10-23 22:14 - 000771072 _____ (ResqApp SOFT Inc) C:\Users\jayhooks\AppData\Local\Temp\810.tmp.exe 2017-10-22 22:09 - 2017-10-22 22:09 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\Temp\a20c68BFmSga.exe 2017-10-22 22:08 - 2017-10-22 22:09 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\Temp\A7tDzy89c54W.exe 2017-10-28 16:55 - 2017-10-27 21:41 - 000799728 _____ () C:\Users\jayhooks\AppData\Local\Temp\B5A2.tmp.exe 2017-10-28 13:49 - 2017-10-27 21:41 - 000799728 _____ () C:\Users\jayhooks\AppData\Local\Temp\DA80.tmp.exe 2017-10-28 19:48 - 2017-10-27 21:41 - 000799728 _____ () C:\Users\jayhooks\AppData\Local\Temp\EA33.tmp.exe 2017-10-22 22:01 - 2017-10-22 22:01 - 000387035 _____ ( ) C:\Users\jayhooks\AppData\Local\Temp\ezMhRsuB37Wp.exe 2017-10-22 22:07 - 2017-10-22 22:09 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\Temp\FtqGNS09b5El.exe 2017-10-22 22:08 - 2017-10-22 22:09 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\Temp\HxQoqCU9PaBP.exe 2017-10-22 22:09 - 2017-10-22 22:10 - 001056768 _____ (OneSystemCare ) C:\Users\jayhooks\AppData\Local\Temp\kCJOvVcL4quz.exe 2017-10-22 22:04 - 2017-10-22 22:10 - 010108928 _____ () C:\Users\jayhooks\AppData\Local\Temp\l4EU61HQvZlG.exe 2017-10-22 22:06 - 2017-10-22 22:10 - 004931584 _____ () C:\Users\jayhooks\AppData\Local\Temp\lQL3FydQ8FFj.exe 2017-10-22 22:09 - 2017-10-22 22:09 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\Temp\mNl9mweB1EQv.exe 2017-10-22 22:09 - 2017-10-22 22:09 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\Temp\NcgL3ZzpuWWy.exe 2017-10-22 22:09 - 2017-10-22 22:09 - 000000000 _____ () C:\Users\jayhooks\AppData\Local\Temp\PFh0nOR9hwQa.exe 2017-10-28 15:59 - 2017-10-28 15:59 - 013489912 _____ (Reimage) C:\Users\jayhooks\AppData\Local\Temp\ReimagePackage.exe 2017-10-22 22:03 - 2017-10-22 22:03 - 001676296 _____ () C:\Users\jayhooks\AppData\Local\Temp\rlEFls6jsznX.exe 2017-10-22 22:00 - 2017-10-22 22:01 - 000920448 _____ () C:\Users\jayhooks\AppData\Local\Temp\wUoRAAajntNM.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION LastRegBack: 2017-10-28 13:37 ==================== End of FRST.txt ============================