Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2017 Ran by JohnDoe (administrator) on ANDROID-MC3IPDQ (11-11-2017 13:21:17) Running from C:\Users\JohnDoe\Desktop Loaded Profiles: JohnDoe & DefaultAppPool (Available Profiles: JohnDoe & Visitor & DefaultAppPool) Platform: Windows 10 Pro 10240.17354 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe () C:\Program Files\pia_manager\pia_manager.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (f.lux Software LLC) C:\Users\JohnDoe\AppData\Local\FluxSoftware\Flux\flux.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (hxxp://www.ruby-lang.org/) C:\Users\JohnDoe\AppData\Local\Temp\ocr3701.tmp\bin\rubyw.exe () C:\Program Files\pia_manager\pia_manager.exe (hxxp://www.ruby-lang.org/) C:\Users\JohnDoe\AppData\Local\Temp\ocrCF88.tmp\bin\rubyw.exe (The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe (The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe (The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1604.21020.0_x64__8wekyb3d8bbwe\Calculator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-12] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2118853541-1488753588-3094647493-1000\...\Run: [f.lux] => C:\Users\JohnDoe\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC) HKU\S-1-5-21-2118853541-1488753588-3094647493-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-2118853541-1488753588-3094647493-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.) HKU\S-1-5-21-2118853541-1488753588-3094647493-1000\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [1280000 2017-07-09] (Adobe Systems Incorporated) HKU\S-1-5-21-2118853541-1488753588-3094647493-1000\...\Policies\Explorer: [] HKU\S-1-5-21-2118853541-1488753588-3094647493-1000\...\MountPoints2: D - "D:\setup\autorun.exe" HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{09c7a648-8223-45eb-bd0d-35af2ede0422}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{4f1c6091-4e81-436c-b5c8-a0d8e1805d09}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{591e90c2-32c8-420e-94d4-28b956bcd8d5}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{c37a50aa-f7ab-4830-b36f-6aef28eb3c0a}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2118853541-1488753588-3094647493-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?ocid=iehp SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-01-15] (LastPass) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-01-15] (LastPass) BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-01-15] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-01-15] (LastPass) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\JohnDoe\AppData\Roaming\Mozilla\Firefox\Profiles\88xq2klu.default [2017-11-09] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\88xq2klu.default -> Google FF Homepage: Mozilla\Firefox\Profiles\88xq2klu.default -> hxxps://www.malwarebytes.org/restorebrowser/_ir_16_02¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0B0C0C0F0D0EtAyCyBtCtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyBtByCzyyDyD0CyBtGtD0AzyzztG0AtAzztDtGyB0C0AyCtGtCyEyDtByE0CyDtCtAtCzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyDyE0AzyzyyBtGyE0DyEzztGyE0EtDtBtG0BzytBzztGyCtDyDyB0EyCzytCyE0DyCyE2QtN0A0LzutB%26cr%3D595026009%26a%3Dwncy_ir_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> backup.ftp", "118.97.30.165" FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> backup.ftp_port", 80 FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> backup.socks", "118.97.30.165" FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> backup.socks_port", 80 FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> backup.ssl", "118.97.30.165" FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> backup.ssl_port", 80 FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> ftp", "140.0.237.238 " FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> ftp_port", 8080 FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> http", "140.0.237.238 " FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> http_port", 8080 FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> share_proxy_settings", true FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> socks", "140.0.237.238 " FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> socks_port", 8080 FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> ssl", "140.0.237.238 " FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> ssl_port", 8080 FF NetworkProxy: Mozilla\Firefox\Profiles\88xq2klu.default -> type", 0 FF Extension: (Mozilla WebVR Plus) - C:\Users\JohnDoe\AppData\Roaming\Mozilla\Firefox\Profiles\88xq2klu.default\Extensions\@mozillawebvrenabler.xpi [2016-09-12] FF Extension: (LastPass) - C:\Users\JohnDoe\AppData\Roaming\Mozilla\Firefox\Profiles\88xq2klu.default\Extensions\support@lastpass.com [2017-06-07] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-01-15] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-01-15] (LastPass) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-2118853541-1488753588-3094647493-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\JohnDoe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-15] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2118853541-1488753588-3094647493-1000: SkypePlugin -> C:\Users\JohnDoe\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-2118853541-1488753588-3094647493-1000: SkypePlugin64 -> C:\Users\JohnDoe\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR DefaultSearchKeyword: Profile 1 -> lp CHR Profile: C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default [2017-11-09] CHR Extension: (Duolingo on the Web) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-06-26] CHR Extension: (Adblock for Youtube™) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-10-16] CHR Extension: (Google Calendar) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-05-20] CHR Extension: (Facebook™ Chat Privacy) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2017-01-02] CHR Extension: (LastPass: Free Password Manager) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-05-20] CHR Extension: (Facebook - Delete All Messages) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2017-01-02] CHR Extension: (Google Maps) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-01-15] CHR Extension: (Click&Clean App) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-05-20] CHR Extension: (Chrome Media Router) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-20] CHR Extension: (Privacy Badger) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-05-20] CHR Profile: C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-09] CHR Profile: C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-11] CHR Extension: (Google Drive) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15] CHR Extension: (YouTube) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-15] CHR Extension: (Chrome IG Story) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-10-09] CHR Extension: (Adblock Plus) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27] CHR Extension: (Google Search) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-15] CHR Extension: (Video Downloader professional) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-03] CHR Extension: (WebM Options (Premium)) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhgjcfedjhkachipnckecjckmdllpgjh [2016-02-08] CHR Extension: (WebM Inline Player) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnaeemmlglafkapofhhgfhnhddaboeig [2016-01-27] CHR Extension: (Web Page to PDF Converter) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdlncamcmchghcemgocofijkhkklijbj [2016-08-11] CHR Extension: (LastPass: Free Password Manager) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-10-21] CHR Extension: (Facebook - Delete All Messages) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2017-10-29] CHR Extension: (Kill News Feed) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjobfcedfgohjkaieocljfcppjbkglfd [2016-02-16] CHR Extension: (Google Keep - notes and lists) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-06] CHR Extension: (Social Fixer for Facebook) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-10-03] CHR Extension: (InstaG Downloader) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2017-10-28] CHR Extension: (Signup Block) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\joiaigcocfbhjbgeajdmmgchlbepelco [2016-11-11] CHR Extension: (Reddit Enhancement Suite) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-09-22] CHR Extension: (Ghostery) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-10-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Unseen) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oclokcfejikeggpnhgakanfbdnlafaon [2017-08-08] CHR Extension: (Gmail) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-15] CHR Extension: (Chrome Media Router) - C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-07] CHR Profile: C:\Users\JohnDoe\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-09] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed] S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-05-12] () S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-01-08] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [528424 2017-10-23] (EasyAntiCheat Ltd) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC) R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2100200 2017-11-06] (Plex, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [101888 2016-03-10] (Veeam Software AG) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation) S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2017-01-08] (C-MEDIA) S3 DFX12; C:\WINDOWS\System32\drivers\dfx12x64.sys [28344 2015-10-12] (Windows (R) Win 7 DDK provider) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-05-27] (Samsung Electronics Co., Ltd.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2017-07-30] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2017-07-30] (Windows (R) Win 7 DDK provider) R3 DRTWlanE; C:\WINDOWS\System32\drivers\Drtwlane.sys [4619520 2015-07-21] (Realtek Semiconductor Corporation ) R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd) S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-02-02] (LogMeIn Inc.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-21] () S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 LGSUsbFilt; C:\WINDOWS\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.) S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2017-08-04] (Microsoft Corporation) S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.) S3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.) R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-12-20] (CACE Technologies, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-05-27] (Samsung Electronics Co., Ltd.) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] () R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] () R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2014-12-04] (Acronis International GmbH) S0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [183224 2014-12-04] (Acronis) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] () S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-01-02] (Windows (R) Win 7 DDK provider) R2 VeeamFSR; C:\Program Files\Veeam\Endpoint Backup\VeeamFSR.sys [114120 2016-03-10] (Veeam Software AG) R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [117024 2014-12-04] (Acronis International GmbH) S3 VirtualDK; C:\Program Files\Veeam\Endpoint Backup\vdk.sys [36808 2016-03-10] (Ken Kato) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 XSplit_Dummy; C:\WINDOWS\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited) U3 idsvc; no ImagePath S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 13:19 - 2017-11-11 13:19 - 000016148 _____ C:\WINDOWS\system32\ANDROID-MC3IPDQ_JohnDoe_HistoryPrediction.bin 2017-11-11 12:28 - 2017-11-11 13:21 - 000000405 _____ C:\Users\JohnDoe\Desktop\fixlist.txt 2017-11-11 12:02 - 2017-11-11 12:02 - 000377032 _____ C:\Users\JohnDoe\Desktop\51342cf034f875ab8122afe96d7640d7cb2b4289_s_h_shlesm028zasuk_esme_compact_shelf_ash_lb03.webp 2017-11-11 11:53 - 2017-11-11 11:54 - 000315765 _____ C:\Users\JohnDoe\Desktop\response.txt 2017-11-11 11:49 - 2017-11-11 11:49 - 000012732 _____ C:\Users\JohnDoe\Desktop\Hardware Interrupts and DPCs.txt 2017-11-11 11:48 - 2017-11-11 11:48 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\JohnDoe\Downloads\procexp.exe 2017-11-11 11:46 - 2017-11-11 11:46 - 000000000 ____D C:\Users\JohnDoe\Desktop\FRST-OlderVersion 2017-11-11 11:42 - 2017-11-11 11:45 - 000019220 _____ C:\VEW.txt 2017-11-11 11:41 - 2017-11-11 11:41 - 000063050 _____ C:\Users\Public\Documents\SIGVERIF.TXT 2017-11-11 11:41 - 2017-11-11 11:41 - 000061440 _____ ( ) C:\Users\JohnDoe\Downloads\VEW.exe 2017-11-11 11:38 - 2017-11-11 11:50 - 000010694 _____ C:\junk.txt 2017-11-11 11:31 - 2017-11-11 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server 2017-11-11 09:18 - 2017-11-11 09:19 - 000001194 _____ C:\Users\JohnDoe\Desktop\malware.txt 2017-11-11 08:28 - 2017-11-11 08:28 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\Deployment 2017-11-11 08:27 - 2017-11-11 08:27 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\DropIt 2017-11-11 08:17 - 2017-11-11 08:17 - 000000309 _____ C:\Users\JohnDoe\Desktop\Search.txt 2017-11-11 08:16 - 2017-11-11 08:16 - 000000085 _____ C:\WINDOWS\wininit.ini 2017-11-11 08:14 - 2017-11-11 08:15 - 000000153 _____ C:\Users\JohnDoe\BullseyeCoverageError.txt 2017-11-11 08:13 - 2017-11-11 11:50 - 000148936 _____ C:\Users\JohnDoe\Desktop\Addition.txt 2017-11-11 08:13 - 2017-11-11 08:13 - 000000000 _____ C:\WINDOWS\SysWOW64\REN4189.tmp 2017-11-11 08:09 - 2017-11-11 13:21 - 000028723 _____ C:\Users\JohnDoe\Desktop\FRST.txt 2017-11-11 08:08 - 2017-11-11 11:46 - 002392576 _____ (Farbar) C:\Users\JohnDoe\Desktop\FRST64.exe 2017-11-10 23:07 - 2017-11-10 23:08 - 000000000 ____D C:\Users\JohnDoe\Downloads\Pimsleur - All Languages 2017-11-10 23:07 - 2017-11-10 23:07 - 000139599 _____ C:\Users\JohnDoe\Downloads\Pimsleur - All Languages-[rarbg.to].torrent 2017-11-10 22:55 - 2017-11-10 22:55 - 000043046 _____ C:\Users\JohnDoe\Desktop\TB1X3AAb46I8KJjy0FgXXXXzVXa-1125-350.jpg_960x960Q75s50.jpg_.webp 2017-11-10 19:45 - 2017-11-10 19:45 - 000000000 ____D C:\Users\JohnDoe\Downloads\gil1557 2017-11-10 17:54 - 2017-11-10 18:55 - 148868562 _____ C:\Users\JohnDoe\Downloads\gil1557.part2.rar 2017-11-10 16:30 - 2017-11-10 17:32 - 099333685 _____ C:\Users\JohnDoe\Downloads\Unconfirmed 905287.crdownload 2017-11-09 23:07 - 2017-11-09 23:09 - 000000000 ____D C:\Users\JohnDoe\Downloads\SDI_R1793 2017-11-09 23:07 - 2017-11-09 23:07 - 004229389 _____ C:\Users\JohnDoe\Downloads\SDI_R1793.zip 2017-11-09 23:07 - 2017-11-09 23:07 - 000173692 _____ C:\Users\JohnDoe\Downloads\SDI_Update.torrent 2017-11-09 23:00 - 2017-11-09 23:00 - 036404789 _____ C:\Users\JohnDoe\Downloads\Unconfirmed 848068.crdownload 2017-11-07 20:42 - 2017-11-07 20:42 - 000000717 _____ C:\Users\JohnDoe\AppData\Local\recently-used.xbel 2017-11-07 17:16 - 2017-11-11 11:33 - 000000000 ____D C:\Users\JohnDoe\Downloads\Stranger Things Season 2 Mp4 1080p 2017-11-06 21:21 - 2017-11-06 23:15 - 209715200 _____ C:\Users\JohnDoe\Downloads\gil1557.part1.rar 2017-11-05 15:21 - 2017-11-05 15:21 - 000000000 ____D C:\ProgramData\Emsisoft 2017-11-05 15:20 - 2017-11-05 15:45 - 000000000 ____D C:\EEK 2017-11-05 15:16 - 2017-11-05 15:19 - 340674888 _____ C:\Users\JohnDoe\Downloads\EmsisoftEmergencyKit.exe 2017-11-05 15:11 - 2017-11-05 15:11 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\30251D42.sys 2017-11-05 15:07 - 2017-11-05 15:07 - 008261584 _____ (Malwarebytes) C:\Users\JohnDoe\Downloads\adwcleaner_7.0.4.0.exe 2017-11-05 15:03 - 2017-11-05 15:03 - 001790024 _____ (Malwarebytes) C:\Users\JohnDoe\Downloads\JRT.exe 2017-11-05 15:03 - 2017-11-05 15:03 - 000048425 _____ C:\Users\JohnDoe\Downloads\Addition.txt 2017-11-05 15:01 - 2017-11-05 15:03 - 000042389 _____ C:\Users\JohnDoe\Downloads\FRST.txt 2017-11-05 14:06 - 2017-11-07 19:12 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-11-03 19:37 - 2017-11-03 19:37 - 002047428 _____ C:\Users\JohnDoe\Downloads\Bail 6592 Jeanne-Mance (1).pdf 2017-11-03 19:20 - 2017-11-03 19:20 - 002118430 _____ C:\Users\JohnDoe\Downloads\Photos (1).zip 2017-11-03 19:20 - 2017-11-03 19:20 - 001435730 _____ C:\Users\JohnDoe\Downloads\Photos.zip 2017-11-03 19:17 - 2017-11-03 19:17 - 004088898 _____ C:\Users\JohnDoe\Downloads\WEB_LRT01_AW-PW-PWAIR.dwg 2017-10-28 22:41 - 2017-10-28 22:42 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\Trine1 2017-10-28 20:04 - 2017-10-28 20:04 - 000000000 ____D C:\Users\JohnDoe\Documents\Penumbra 2017-10-28 18:08 - 2017-10-28 18:08 - 000000000 ____D C:\Users\JohnDoe\Downloads\The Tragically Hip - 1992 - Fully Completely (2CD Deluxe Edition) [mp3] 2017-10-28 17:55 - 2017-10-28 17:58 - 000000000 ____D C:\Users\JohnDoe\Downloads\Nathan.For.You.S04E04.WEB.x264-TBS[ettv] 2017-10-28 17:53 - 2017-10-28 17:54 - 000000000 ____D C:\Users\JohnDoe\Downloads\NxWorries (Anderson .Paak & Knxwledge) - Yes Lawd! (2016) [MP3~320Kbps] 2017-10-28 17:52 - 2017-10-28 17:52 - 000003626 _____ C:\Users\JohnDoe\Downloads\Nathan.For.You.S04E04.WEB.x264-TBS[ettv][https---worldwidetorrents.me].torrent 2017-10-28 09:01 - 2017-10-28 09:01 - 000021994 _____ C:\Users\JohnDoe\Downloads\Thundercat - Drunk (2017) [Mp3-320kbps][https---worldwidetorrents.me].torrent 2017-10-28 09:01 - 2017-10-28 09:01 - 000000000 ____D C:\Users\JohnDoe\Downloads\Thundercat - Drunk (2017) [Mp3~320kbps] 2017-10-26 19:26 - 2017-10-26 19:27 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\discordsdk 2017-10-26 19:26 - 2017-10-26 19:26 - 000000000 ____D C:\Users\JohnDoe\Documents\SavedGames 2017-10-26 19:26 - 2007-04-04 17:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll 2017-10-26 18:14 - 2017-10-26 18:14 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\ParadoxInteractive 2017-10-25 21:16 - 2017-11-11 11:36 - 000000000 ____D C:\Users\JohnDoe\Streaming Media 2017-10-25 21:13 - 2017-11-11 11:28 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\Plex Media Server 2017-10-25 21:11 - 2017-10-25 21:11 - 000000000 ____D C:\Program Files (x86)\Plex 2017-10-25 21:09 - 2017-10-25 21:10 - 075658992 _____ (Plex, Inc.) C:\Users\JohnDoe\Downloads\Plex-Media-Server-1.9.4.4325-1bf240a65.exe 2017-10-25 17:31 - 2017-10-25 17:31 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\EasyAntiCheat 2017-10-25 17:31 - 2017-10-25 17:31 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat 2017-10-24 20:11 - 2017-10-24 20:11 - 000000021 _____ C:\Users\JohnDoe\Documents\rbc_account.txt 2017-10-21 07:34 - 2017-10-21 07:59 - 000000000 ____D C:\Users\JohnDoe\Documents\Overwatch 2017-10-21 00:10 - 2017-10-21 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch 2017-10-20 22:30 - 2017-11-10 21:34 - 000000000 ____D C:\Program Files (x86)\Overwatch 2017-10-20 22:25 - 2017-10-20 22:25 - 003251696 _____ (Blizzard Entertainment) C:\Users\JohnDoe\Downloads\Overwatch-Setup.exe 2017-10-19 17:03 - 2017-10-19 17:03 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2017-10-18 18:46 - 2017-10-18 18:46 - 000028310 _____ C:\Users\JohnDoe\Downloads\The Tragically Hip - 1992 - Fully Completely (2CD Deluxe Edition) [mp3][https---worldwidetorrents.me].torrent 2017-10-18 18:28 - 2017-10-18 18:28 - 000002205 _____ C:\Users\JohnDoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2017-10-17 21:53 - 2017-10-17 22:08 - 048414273 _____ C:\Users\JohnDoe\Downloads\Unconfirmed 658321.crdownload 2017-10-14 09:39 - 2017-10-14 09:39 - 000062665 _____ C:\Users\JohnDoe\Downloads\02383462.pdf 2017-10-14 09:39 - 2017-10-14 09:39 - 000062137 _____ C:\Users\JohnDoe\Downloads\CR112377.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 13:21 - 2015-04-30 16:59 - 000000000 ____D C:\FRST 2017-11-11 12:55 - 2015-07-10 05:55 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-11-11 11:48 - 2017-07-01 09:59 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-11-11 11:40 - 2015-07-10 06:02 - 000000000 ____D C:\WINDOWS\INF 2017-11-11 11:31 - 2014-08-29 14:59 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-11 10:27 - 2016-10-01 09:16 - 000000000 ____D C:\Temp 2017-11-11 10:07 - 2015-07-10 07:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-11 10:06 - 2017-05-14 10:37 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-11-11 10:06 - 2015-07-10 07:20 - 005018672 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-11 10:05 - 2015-07-10 04:05 - 001048576 ___SH C:\WINDOWS\system32\config\BBI 2017-11-11 08:52 - 2013-09-09 17:33 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\vlc 2017-11-11 08:30 - 2015-12-12 18:39 - 000000556 _____ C:\WINDOWS\SysWOW64\nativelog.txt 2017-11-11 08:30 - 2015-04-17 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2017-11-11 08:30 - 2015-04-17 18:07 - 000000000 ____D C:\Program Files (x86)\Minecraft 2017-11-11 08:30 - 2014-09-14 18:59 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk 2017-11-11 08:30 - 2014-09-14 18:59 - 000000000 ____D C:\Program Files\Autodesk 2017-11-11 08:30 - 2014-03-07 16:31 - 000000000 ____D C:\Program Files\VCG 2017-11-11 08:29 - 2016-10-02 22:05 - 000000000 ____D C:\Program Files\GoPro 2017-11-11 08:29 - 2014-09-02 20:05 - 000000000 ____D C:\Program Files\GIMP 2 2017-11-11 08:28 - 2015-04-02 11:30 - 000000000 ____D C:\ProgramData\HappyCloud 2017-11-11 08:28 - 2014-09-15 08:09 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2017-11-11 08:28 - 2014-09-02 19:48 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\Nem's Tools 2017-11-11 08:28 - 2014-09-02 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools 2017-11-11 08:27 - 2016-10-28 22:36 - 000000000 ____D C:\Program Files (x86)\DebugMode 2017-11-11 08:27 - 2016-08-21 18:50 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\CrashPlan 2017-11-11 08:27 - 2016-05-12 18:32 - 000000000 ____D C:\Program Files (x86)\DZLauncher 2017-11-11 08:26 - 2016-12-10 09:12 - 000000000 ____D C:\Program Files (x86)\AviSynth 2017-11-11 08:26 - 2013-09-06 19:43 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\Canon 2017-11-11 08:26 - 2013-09-06 18:15 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-11 08:25 - 2016-01-11 16:35 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared 2017-11-11 08:24 - 2016-01-11 16:29 - 000000000 ____D C:\ProgramData\Autodesk 2017-11-11 08:24 - 2015-07-10 06:04 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2017-11-11 08:23 - 2014-09-14 19:00 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\Autodesk 2017-11-11 08:19 - 2014-01-27 23:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan 2017-11-11 08:16 - 2017-05-14 10:37 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-11-11 08:15 - 2017-05-15 17:53 - 000000000 ____D C:\Program Files\Malwarebytes 2017-11-11 08:15 - 2013-09-06 18:25 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-11-11 08:14 - 2017-01-08 18:25 - 000000000 ____D C:\Users\JohnDoe 2017-11-11 08:14 - 2013-09-06 18:15 - 000000000 ____D C:\Program Files\Java 2017-11-11 08:14 - 2013-09-06 18:14 - 000000000 ____D C:\Program Files (x86)\Java 2017-11-10 23:08 - 2017-01-08 10:15 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\deluge 2017-11-10 21:42 - 2016-06-19 11:42 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\Battle.net 2017-11-10 20:19 - 2016-06-19 11:43 - 000000000 ____D C:\Program Files (x86)\Hearthstone 2017-11-10 20:12 - 2016-06-19 11:41 - 000000000 ____D C:\Program Files (x86)\Battle.net 2017-11-09 22:56 - 2013-09-16 06:40 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\Media Player Classic 2017-11-07 17:32 - 2015-05-03 23:11 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-07 17:19 - 2017-07-27 16:40 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2118853541-1488753588-3094647493-1000 2017-11-07 17:19 - 2017-01-08 19:22 - 000002412 _____ C:\Users\JohnDoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-11-07 17:19 - 2014-02-20 21:10 - 000000000 ___RD C:\Users\JohnDoe\OneDrive 2017-11-06 17:57 - 2017-01-08 18:24 - 001005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-11-05 15:12 - 2015-07-10 06:04 - 000000000 __RSD C:\WINDOWS\Media 2017-11-05 15:11 - 2015-04-21 12:27 - 000000000 ____D C:\AdwCleaner 2017-11-05 14:28 - 2013-12-19 09:35 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\ElevatedDiagnostics 2017-11-05 14:12 - 2014-08-30 11:31 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-11-04 14:09 - 2013-09-06 18:35 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\Skype 2017-11-02 17:15 - 2015-07-10 06:04 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-02 17:15 - 2015-07-10 06:04 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-11-01 21:28 - 2017-03-11 16:41 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\foobar2000 2017-10-31 20:04 - 2017-10-02 05:59 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-10-31 20:02 - 2014-03-08 22:05 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\Packages 2017-10-26 23:01 - 2015-11-07 15:52 - 000000000 ____D C:\Program Files\pia_manager 2017-10-26 17:34 - 2015-02-05 20:34 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\Steam 2017-10-26 16:44 - 2017-03-25 21:08 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\ZenBound2 2017-10-26 16:26 - 2017-01-08 20:19 - 000000000 ____D C:\Users\JohnDoe\Documents\My Games 2017-10-24 21:11 - 2015-04-26 18:37 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll 2017-10-24 21:11 - 2013-12-19 17:09 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll 2017-10-24 21:11 - 2013-12-19 17:09 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll 2017-10-24 21:11 - 2013-12-19 17:09 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll 2017-10-21 12:43 - 2014-02-11 22:31 - 000000000 ____D C:\Users\JohnDoe\AppData\Roaming\OBS 2017-10-21 07:58 - 2016-06-19 11:42 - 000000000 ____D C:\Users\JohnDoe\AppData\Local\Blizzard Entertainment 2017-10-17 21:16 - 2015-07-10 06:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-10-17 21:14 - 2015-09-08 14:03 - 000000000 ____D C:\Program Files\Microsoft Office 15 2017-10-14 18:22 - 2016-08-28 08:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive ==================== Files in the root of some directories ======= 2016-01-15 15:47 - 2016-01-15 15:47 - 021403160 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2013-11-08 08:52 - 2015-06-26 12:23 - 000000132 _____ () C:\Users\JohnDoe\AppData\Roaming\Adobe AIFF Format CS6 Prefs 2015-01-21 19:44 - 2015-01-21 20:04 - 000000132 _____ () C:\Users\JohnDoe\AppData\Roaming\Adobe BMP Format CS6 Prefs 2014-12-22 13:11 - 2014-12-24 13:38 - 000000132 _____ () C:\Users\JohnDoe\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-12-08 10:53 - 2017-08-15 17:48 - 000000132 _____ () C:\Users\JohnDoe\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-09-02 20:48 - 2014-09-02 21:08 - 000000107 _____ () C:\Users\JohnDoe\AppData\Roaming\Camdata.ini 2014-09-02 20:48 - 2014-09-02 21:08 - 000000408 _____ () C:\Users\JohnDoe\AppData\Roaming\CamLayout.ini 2014-09-02 20:48 - 2014-09-02 21:08 - 000000408 _____ () C:\Users\JohnDoe\AppData\Roaming\CamShapes.ini 2014-09-02 20:48 - 2014-09-02 21:08 - 000004544 _____ () C:\Users\JohnDoe\AppData\Roaming\CamStudio.cfg 2015-08-24 23:54 - 2015-08-24 23:54 - 000000000 _____ () C:\Users\JohnDoe\AppData\Roaming\Exception Minidump (2015-08-25 04.54.01).mdmp 2014-12-24 15:03 - 2014-12-24 16:49 - 297506468 _____ () C:\Users\JohnDoe\AppData\Roaming\Install Quixel SUITE.exe 2014-09-22 13:47 - 2014-11-22 16:53 - 000000112 _____ () C:\Users\JohnDoe\AppData\Roaming\JP2K CS6 Prefs 2014-10-26 14:51 - 2014-10-26 14:56 - 000000125 _____ () C:\Users\JohnDoe\AppData\Roaming\licecap.ini 2014-01-03 23:00 - 2014-01-03 23:05 - 000001158 _____ () C:\Users\JohnDoe\AppData\Roaming\ShiftN.ini 2014-09-02 20:41 - 2014-09-02 21:04 - 000000096 _____ () C:\Users\JohnDoe\AppData\Roaming\version2.xml 2017-01-02 18:15 - 2017-04-14 15:42 - 000004031 _____ () C:\Users\JohnDoe\AppData\Roaming\VoiceMeeterDefault.xml 2014-08-30 10:55 - 2014-08-30 10:55 - 000000046 _____ () C:\Users\JohnDoe\AppData\Roaming\WB.CFG 2014-08-29 15:09 - 2014-08-29 15:11 - 174606558 _____ () C:\Users\JohnDoe\AppData\Local\ACCCx2_7_1_418.zip 2013-12-08 11:38 - 2017-07-23 20:38 - 000001456 _____ () C:\Users\JohnDoe\AppData\Local\Adobe Save for Web 13.0 Prefs 2015-11-22 21:41 - 2015-11-22 21:41 - 000968942 _____ () C:\Users\JohnDoe\AppData\Local\Auto-Shutdown_1140.rar 2013-09-22 15:20 - 2015-08-20 19:46 - 000007168 _____ () C:\Users\JohnDoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-05-18 20:05 - 2015-05-18 20:35 - 000027316 _____ () C:\Users\JohnDoe\AppData\Local\HDGraph.log 2017-11-07 20:42 - 2017-11-07 20:42 - 000000717 _____ () C:\Users\JohnDoe\AppData\Local\recently-used.xbel Some files in TEMP: ==================== 2017-11-11 08:24 - 2015-01-26 07:34 - 000015752 _____ (Autodesk, Inc.) C:\Users\JohnDoe\AppData\Local\Temp\AcDeltree.exe 2017-11-11 08:14 - 2017-11-11 08:14 - 000008720 _____ () C:\Users\JohnDoe\AppData\Local\Temp\BullseyeCoverage-2-x86.dll 2017-11-11 08:15 - 2017-11-11 08:15 - 000012080 _____ () C:\Users\JohnDoe\AppData\Local\Temp\BullseyeCoverage-x64-3.dll 2017-11-11 08:24 - 2017-11-11 08:24 - 001962752 _____ (Flexera Software LLC) C:\Users\JohnDoe\AppData\Local\Temp\FNP_ACT_InstallerCA.dll 2017-11-11 08:19 - 2017-11-11 08:19 - 000192512 _____ () C:\Users\JohnDoe\AppData\Local\Temp\sfamcc00001.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-11 10:18 ==================== End of FRST.txt ============================