Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help [Closed]


  • This topic is locked This topic is locked

#1
Zac Hopkins

Zac Hopkins

    New Member

  • Member
  • Pip
  • 7 posts

I downloaded this program which this guy linked me called Applr_v2 or something but now all my friends are telling me that i most likely have RAT on my computer, is there anyway i can possibly check, plz help!!!


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi Zac Hopkins,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.

Let's get started....

First, if you still have the file you downloaded, then please send it to VirusTotal to check the file.

File Scanner
There is a file I need you to upload for checking



  • Please go to VirusTotal.com FREE on-line scan service
  • Click on the "Choose file" box in the middle of the page
  • Using the File Upload window that opens, navigate to the following file
    • Applr_v2
  • Click on the Upload button and then the Scan It! button on the main VirusTotal web page.
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, left click on the Address bar of your browser (this should select the entire address of the web page with the scan results), right click on the highlighted address and select Copy.
  • Paste the copied address in your next reply.

Thank you.

Second, you can have your system checked here by running the following scanner:

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Only one of these scanners will run on your system; that is the correct one to keep.  Delete the other please.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


  • 0

#3
Zac Hopkins

Zac Hopkins

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
 
Thankyou for helping me dbreeze.
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by xDiTex (administrator) on ZACS-PC (11-06-2016 23:03:34)
Running from C:\Users\xDiTex\Desktop
Loaded Profiles: xDiTex (Available Profiles: xDiTex)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11076\weather.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\xDiTex\AppData\Local\Google\Update\GoogleUpdate.exe
(Google, Inc) C:\Users\xDiTex\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\xDiTex\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hammer & Chisel, Inc.) C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\Discord.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hammer & Chisel, Inc.) C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\Discord.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\xDiTex\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-11-26] (MSI)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3458728 2015-07-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair K30] => C:\Program Files (x86)\Corsair\K30 Keyboard\K30Hid.exe [1785344 2013-08-06] (Corsair Components  Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-08-09] (Google Inc.)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-09] (Valve Corporation)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [BingSvc] => C:\Users\xDiTex\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [Google Update] => C:\Users\xDiTex\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [Google Photos Backup] => C:\Users\xDiTex\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-05-28] (Electronic Arts)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [Spotify Web Helper] => C:\Users\xDiTex\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [Spotify] => C:\Users\xDiTex\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-05-15] (Spotify Ltd)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [Discord] => C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\Discord.exe [57929912 2016-06-03] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [GoogleChromeAutoLaunch_53A46035466EA9E447ECACD134677BDE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-20] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\xDiTex\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\xDiTex\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\xDiTex\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\xDiTex\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\xDiTex\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\xDiTex\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-10]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\xDiTex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-18]
ShortcutTarget: MEGAsync.lnk -> C:\Users\xDiTex\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{173a7fe8-3fcb-485a-beb3-77057b7f1f93}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{43a07fb5-bc65-4433-a731-e002904355d9}: [DhcpNameServer] 10.211.254.254 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=en-gb
SearchScopes: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_uk_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_124694ed_1201_1401_20160421_GB_ie_ds_&tag=bds-p10-serp-uk-ie-21&query={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1104238849-1608365410-4249454038-1001: @tools.google.com/Google Update;version=3 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1104238849-1608365410-4249454038-1001: @tools.google.com/Google Update;version=9 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1104238849-1608365410-4249454038-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\xDiTex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-gb","hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=en-gb"
CHR DefaultSearchURL: Default -> hxxps://www.amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-04]
CHR Extension: (Steam inventory helper) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-06-11]
CHR Extension: (Slither.io Mods) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlenmmkifnhllnjfoangnjokeadhbbk [2016-05-21]
CHR Extension: (Block site) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-05-02]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-22]
CHR Extension: (LoungeDestroyer) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-04-27]
CHR Extension: (AdBlock) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-04]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-09]
CHR Extension: (Skype) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24]
CHR Extension: (Norton Safe) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (OPDeals - Find the best deals on OPSkins.com) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmifmjgoddkicidifnaenlagjcofomn [2016-05-04]
CHR HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [meagncggdmaklghgpmpljnedbdoepioa] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S4 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [124120 2015-11-20] (altPUG LLC)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [237328 2016-06-08] (EasyAntiCheat Ltd)
S4 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1730000 2014-10-24] (Micro-Star International)
S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162768 2014-11-26] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-05-28] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-05-28] ()
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69784 2016-05-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-04-19] ()
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherService.exe [152008 2015-11-25] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-26] (C-MEDIA)
S3 CORK30; C:\Windows\system32\drivers\CORK30.sys [25600 2013-06-07] ( )
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R1 ESEADriver2; C:\Users\xDiTex\AppData\Local\Temp\ESEADriver2.sys [315016 2016-06-04] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_MB; C:\Program Files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [13808 2014-03-13] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-08] (Razer Inc)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-03-10] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51024 2016-02-03] (SoftEther Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 bONdDSVB; \??\E:\bONdDSVB.sys [X]
S3 USSwnRCs6ZU; \??\E:\USSwnRCs6ZU.sys [X]
S3 WXiuu; \??\E:\WXiuu.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 23:03 - 2016-06-11 23:04 - 00030179 _____ C:\Users\xDiTex\Desktop\FRST.txt
2016-06-11 23:02 - 2016-06-11 23:03 - 00000000 ____D C:\FRST
2016-06-11 23:02 - 2016-06-11 23:02 - 02385408 _____ (Farbar) C:\Users\xDiTex\Downloads\FRST64.exe
2016-06-11 23:02 - 2016-06-11 23:02 - 02385408 _____ (Farbar) C:\Users\xDiTex\Desktop\FRST64.exe
2016-06-11 22:09 - 2016-06-11 22:09 - 00000000 ____D C:\ProgramData\Codemasters
2016-06-11 22:08 - 2016-06-11 22:08 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-06-11 22:08 - 2016-06-11 22:08 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-06-11 22:08 - 2016-06-11 22:08 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-06-11 22:08 - 2016-06-11 22:08 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-06-11 22:08 - 2016-06-11 22:08 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-06-11 19:33 - 2016-06-11 19:33 - 00000222 _____ C:\Users\xDiTex\Desktop\DiRT 3 Complete Edition.url
2016-06-11 09:16 - 2016-06-11 09:16 - 00000000 ___HD C:\OneDriveTemp
2016-06-10 18:31 - 2016-06-10 19:00 - 00014848 _____ C:\Users\xDiTex\Downloads\AppID_Patch.exe
2016-06-09 12:09 - 2016-06-09 12:09 - 00371554 _____ C:\Users\xDiTex\Downloads\Community-Base-addons-A3-version-2.4.1.160606.zip
2016-06-08 19:11 - 2016-06-08 19:11 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Victory
2016-06-08 19:11 - 2016-06-08 19:11 - 00000000 ____D C:\Users\xDiTex\AppData\Local\UnrealEngine
2016-06-08 18:45 - 2016-06-08 18:45 - 00000222 _____ C:\Users\xDiTex\Desktop\The Culling.url
2016-06-06 20:22 - 2016-06-06 20:22 - 00000000 _____ C:\WINDOWS\cd_127
2016-06-05 22:20 - 2016-06-05 22:21 - 00000000 ____D C:\Users\xDiTex\Desktop\MP3
2016-06-05 22:19 - 2016-06-05 22:19 - 00000000 ____D C:\Users\xDiTex\Desktop\TS3 New Music
2016-06-05 22:16 - 2016-06-05 22:17 - 00000000 ____D C:\Users\xDiTex\Desktop\Skrill
2016-06-05 22:16 - 2016-06-05 22:17 - 00000000 ____D C:\Users\xDiTex\Desktop\Paypal
2016-06-05 22:16 - 2016-06-05 22:17 - 00000000 ____D C:\Users\xDiTex\Desktop\BitCoin
2016-06-05 22:15 - 2016-06-05 22:17 - 00000000 ____D C:\Users\xDiTex\Desktop\G2A Account
2016-06-05 22:13 - 2016-06-11 18:09 - 00000000 ____D C:\Users\xDiTex\Desktop\IP
2016-06-05 22:11 - 2016-06-05 22:12 - 00000000 ____D C:\Users\xDiTex\Desktop\Crosshair & Viewmodel
2016-06-05 22:10 - 2016-06-08 19:44 - 00000000 ____D C:\Users\xDiTex\Desktop\Passwords
2016-06-05 22:09 - 2016-06-05 22:10 - 00000000 ____D C:\Users\xDiTex\Desktop\Random Smurfs
2016-06-05 22:08 - 2016-06-08 19:53 - 00000000 ____D C:\Users\xDiTex\Desktop\Legendary Eagle Master Smurfs
2016-06-05 22:07 - 2016-06-11 13:01 - 00000000 ____D C:\Users\xDiTex\Desktop\Global Smurfs
2016-06-05 22:07 - 2016-06-05 22:07 - 00000000 ____D C:\Users\xDiTex\Desktop\Supreme Smurfs
2016-06-05 22:07 - 2016-06-05 22:07 - 00000000 ____D C:\Users\xDiTex\Desktop\OneDrive Screenshots
2016-06-05 22:06 - 2016-06-05 22:06 - 00000000 ____D C:\Users\xDiTex\Desktop\VPN
2016-06-05 22:05 - 2016-06-05 22:05 - 00000000 ____D C:\Users\xDiTex\Desktop\Hour Boostr #3
2016-06-05 22:04 - 2016-06-06 00:39 - 00000000 ____D C:\Users\xDiTex\Desktop\Hour Boostr #2
2016-06-05 20:12 - 2016-06-06 00:39 - 00000000 ____D C:\Users\xDiTex\AppData\Local\HourBoostr
2016-06-05 20:09 - 2016-06-05 22:05 - 00000000 ____D C:\Users\xDiTex\Desktop\Hour Boostr
2016-06-05 20:09 - 2016-06-05 20:09 - 00897042 _____ C:\Users\xDiTex\Downloads\Release.rar
2016-06-05 13:46 - 2016-06-05 13:46 - 00000000 ____D C:\Users\xDiTex\AppData\Local\IdleMaster
2016-06-05 13:45 - 2016-06-05 13:46 - 01412032 _____ C:\Users\xDiTex\Downloads\idle_master.zip
2016-06-04 22:58 - 2016-06-04 22:58 - 23175520 _____ C:\Users\xDiTex\Downloads\ESEAClientInstall (1).exe
2016-06-04 22:58 - 2016-06-04 22:58 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA
2016-06-04 22:58 - 2016-06-04 22:58 - 00000000 ____D C:\Program Files\ESEA
2016-06-03 22:45 - 2016-06-03 22:48 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\.minecraft
2016-06-03 22:45 - 2016-06-03 22:45 - 00001030 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-06-03 22:45 - 2016-06-03 22:45 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\java
2016-06-03 22:45 - 2016-06-03 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-06-03 22:45 - 2016-06-03 22:45 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-06-03 22:44 - 2016-06-03 22:45 - 02314240 _____ C:\Users\xDiTex\Downloads\MinecraftInstaller.msi
2016-06-03 19:56 - 2016-06-03 19:56 - 17109714 _____ C:\Users\xDiTex\Downloads\ROCCAT_Lua_DRV1.14 (2).zip
2016-05-29 23:37 - 2016-05-29 23:39 - 558666507 _____ C:\Users\xDiTex\Downloads\CS-GO - Fnatic vs. TSM [Dust2] - ESL ESEA Pro League Dubai Invitational - Group B.mp4
2016-05-29 23:35 - 2016-05-29 23:38 - 361435873 _____ C:\Users\xDiTex\Downloads\CS-GO - NiP vs. Cloud9 [Dust2] - ESL ESEA Pro League Dubai Invitational - Group A.mp4
2016-05-29 23:15 - 2016-05-29 23:16 - 233249018 _____ C:\Users\xDiTex\Downloads\LEFT 4 DEAD! - Arma 2- DayZ Mod - Ep.22.mp4
2016-05-29 23:00 - 2016-05-29 23:09 - 399504436 _____ C:\Users\xDiTex\Downloads\BAMBI SIGNAL! - Arma 2- DayZ Mod - Ep.21.mp4
2016-05-29 22:51 - 2016-05-29 22:53 - 377652566 _____ C:\Users\xDiTex\Downloads\TAVIANA! - Arma 2- DayZ Mod - Ep.20.mp4
2016-05-29 19:42 - 2016-05-29 19:42 - 00000000 ____D C:\Users\xDiTex\Documents\WB Games
2016-05-29 19:42 - 2016-05-29 19:42 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Downloaded Installations
2016-05-29 19:42 - 2016-05-29 19:42 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-29 18:02 - 2016-05-29 18:05 - 395761578 _____ C:\Users\xDiTex\Downloads\Tempo Storm vs Cloud9, Game 2 - Dreamhack Austin 2016- Semifinal.mp4
2016-05-29 18:02 - 2016-05-29 18:05 - 357286084 _____ C:\Users\xDiTex\Downloads\C9 vs CLG, Game 1 - DreamHack Austin 2016- Group A Decider Match.mp4
2016-05-29 17:58 - 2016-05-29 18:03 - 522074754 _____ C:\Users\xDiTex\Downloads\Green Street Hooligans.mp4
2016-05-29 17:35 - 2016-05-29 18:00 - 393867584 _____ C:\Users\xDiTex\Downloads\ALIEN SUPERWEAPON! - Arma 2- DayZ Mod - Ep.19.mp4
2016-05-29 16:50 - 2016-05-29 16:52 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\HandBrake
2016-05-29 16:50 - 2016-05-29 16:50 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\HandBrake Team
2016-05-29 16:49 - 2016-05-29 16:59 - 00000000 ____D C:\Program Files\Handbrake
2016-05-29 16:47 - 2016-05-29 16:49 - 16520043 _____ C:\Users\xDiTex\Downloads\HandBrake-0.10.5-x86_64-Win_GUI-1.exe
2016-05-29 16:21 - 2016-05-29 16:29 - 454356515 _____ C:\Users\xDiTex\Downloads\CS-GO - EnVyUs vs. Tempo Storm [Mirage] - IEM Katowice 2016 - Group B.mp4
2016-05-29 13:56 - 2016-05-29 14:05 - 436956789 _____ C:\Users\xDiTex\Downloads\CS-GO - Team Liquid vs. Tempo Storm [Cache] - ESL One Cologne 2015 NA Qualifiers - Group A.mp4
2016-05-29 13:26 - 2016-05-29 13:29 - 333182162 _____ C:\Users\xDiTex\Downloads\21 Jump Street Full Movie [2012].mp4
2016-05-29 13:21 - 2016-05-29 13:22 - 434723352 _____ C:\Users\xDiTex\Downloads\x-men The Wolverine 2013-2014 - FULL MOVIE -.mp4
2016-05-29 13:11 - 2016-06-11 20:32 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\WeatherTool
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\Downloads\Retrospective
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\RPEng
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-05-29 13:10 - 2016-05-29 13:10 - 02530304 _____ (BitTorrent Inc.) C:\Users\xDiTex\Downloads\uTorrent.exe
2016-05-29 12:15 - 2016-05-29 12:15 - 00066128 _____ C:\Users\xDiTex\Downloads\[kat.cr]deadpool.2016.hdts.x264.readnfo.exclusive.torrent
2016-05-28 19:46 - 2016-06-03 19:23 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2016-05-28 19:46 - 2016-05-28 19:47 - 00000000 ____D C:\Users\xDiTex\Documents\Battlefield 3
2016-05-28 19:45 - 2016-05-28 21:55 - 00000000 ____D C:\ProgramData\EA Logs
2016-05-28 19:45 - 2016-05-28 19:45 - 00000000 ____D C:\ProgramData\EA Core
2016-05-28 19:42 - 2016-05-28 19:42 - 00001247 _____ C:\Users\Public\Desktop\Battlefield 3.lnk
2016-05-28 19:42 - 2016-05-28 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2016-05-28 19:26 - 2016-05-28 19:27 - 87676974 _____ C:\Users\xDiTex\Downloads\Inbetweeners Series 2 Episode 2.mp4
2016-05-28 19:25 - 2016-05-29 23:42 - 00000000 ____D C:\Users\xDiTex\Desktop\MP4
2016-05-28 18:16 - 2016-05-28 18:16 - 67449941 _____ C:\Users\xDiTex\Downloads\The inbetweeners season 1 episode 1.mp4
2016-05-28 17:35 - 2016-05-28 17:35 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Apple Computer
2016-05-28 17:34 - 2016-05-28 17:56 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\Apple Computer
2016-05-28 17:34 - 2016-05-28 17:34 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-28 17:34 - 2016-05-28 17:34 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Apple
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\ProgramData\Apple Computer
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\Program Files\iTunes
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\Program Files\iPod
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-28 17:34 - 2016-05-28 17:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-28 17:33 - 2016-05-28 17:34 - 00000000 ____D C:\ProgramData\Apple
2016-05-28 17:33 - 2016-05-28 17:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-28 17:33 - 2016-05-28 17:33 - 00000000 ____D C:\Program Files\Bonjour
2016-05-28 17:33 - 2016-05-28 17:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-28 17:32 - 2016-05-28 17:33 - 170490696 _____ (Apple Inc.) C:\Users\xDiTex\Downloads\iTunes6464Setup.exe
2016-05-27 23:09 - 2016-05-27 23:09 - 00000096 _____ C:\Users\xDiTex\Downloads\autoexec (1).cfg
2016-05-26 19:43 - 2016-05-26 19:44 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Celavimus
2016-05-26 19:42 - 2016-05-26 19:42 - 02020792 _____ ( ) C:\Users\xDiTex\Downloads\CEVOClientSetup.exe
2016-05-26 19:42 - 2016-05-26 19:42 - 00001371 _____ C:\Users\Public\Desktop\CEVO Client (CSGO).lnk
2016-05-25 18:00 - 2016-06-11 13:06 - 00046130 _____ C:\Users\xDiTex\Downloads\SteamAchievementManager63_hotfix.zip
2016-05-25 18:00 - 2016-05-25 18:00 - 02869264 _____ (Microsoft Corporation) C:\Users\xDiTex\Downloads\dotNetFx35setup (1).exe
2016-05-25 17:45 - 2016-05-25 17:45 - 02869264 _____ (Microsoft Corporation) C:\Users\xDiTex\Downloads\dotNetFx35setup.exe
2016-05-24 10:44 - 2016-05-24 22:48 - 00000000 ____D C:\Users\xDiTex\Documents\Bitcoin
2016-05-24 10:43 - 2016-05-24 10:46 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\MultiBitHD
2016-05-23 21:28 - 2016-05-23 21:28 - 00002038 _____ C:\Users\Public\Desktop\MultiBit HD.lnk
2016-05-23 21:28 - 2016-05-23 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD
2016-05-23 21:28 - 2016-05-23 21:28 - 00000000 ____D C:\Program Files\MultiBit HD
2016-05-23 21:27 - 2016-05-23 21:28 - 31931264 _____ (Bitcoin Solutions Ltd) C:\Users\xDiTex\Downloads\multibit-hd-windows-x64-0.3.0.exe
2016-05-23 17:30 - 2016-05-23 17:30 - 14228872 _____ C:\Users\xDiTex\Desktop\AutomaticUpdate.exe
2016-05-23 15:54 - 2016-06-03 21:04 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-05-23 15:54 - 2016-05-23 17:15 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\discord
2016-05-23 15:53 - 2016-06-03 21:04 - 00000000 ____D C:\Users\xDiTex\AppData\Local\SquirrelTemp
2016-05-23 15:53 - 2016-06-03 21:04 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Discord
2016-05-23 15:53 - 2016-05-23 15:53 - 48494776 _____ (Hammer & Chisel, Inc.) C:\Users\xDiTex\Downloads\DiscordSetup.exe
2016-05-23 15:06 - 2016-05-23 15:13 - 00000000 ____D C:\Users\xDiTex\Documents\Website
2016-05-21 13:35 - 2016-06-11 09:20 - 00004704 _____ C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-hourly
2016-05-21 13:34 - 2016-05-21 13:34 - 00000222 _____ C:\Users\xDiTex\Desktop\ARK Survival Evolved.url
2016-05-21 12:13 - 2016-05-21 12:13 - 00008709 _____ C:\Users\xDiTex\Downloads\vpngate_vpn475879018.opengw.net_udp_1815.ovpn
2016-05-19 22:11 - 2016-05-19 22:11 - 00000000 ____D C:\Users\xDiTex\Documents\Muisc
2016-05-18 03:59 - 2016-05-18 03:59 - 00097432 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2016-05-18 03:54 - 2016-05-18 03:54 - 00084120 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
2016-05-18 03:54 - 2016-05-18 03:54 - 00047768 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzAPIChromaSDK.dll
2016-05-17 10:52 - 2016-05-17 10:52 - 01515240 _____ (tzuk) C:\Users\xDiTex\Downloads\SandboxieInstall-3442 (1).exe
2016-05-17 10:50 - 2016-05-17 10:56 - 00000000 ____D C:\Program Files (x86)\SteamSand
2016-05-17 10:49 - 2016-05-17 10:51 - 01515240 _____ (tzuk) C:\Users\xDiTex\Downloads\SandboxieInstall-3442.exe
2016-05-16 18:04 - 2016-05-16 18:04 - 00000000 ____D C:\Crash
2016-05-15 13:13 - 2016-06-11 09:28 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\Spotify
2016-05-15 13:13 - 2016-06-11 09:23 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Spotify
2016-05-15 13:13 - 2016-05-22 16:14 - 00001855 _____ C:\Users\xDiTex\Desktop\Spotify.lnk
2016-05-15 13:13 - 2016-05-15 13:13 - 00350936 _____ (Spotify Ltd) C:\Users\xDiTex\Downloads\SpotifySetup.exe
2016-05-15 13:13 - 2016-05-15 13:13 - 00001841 _____ C:\Users\xDiTex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-15 13:07 - 2016-05-15 13:08 - 39875016 _____ ( ) C:\Users\xDiTex\Downloads\setup.exe
2016-05-13 08:56 - 2016-05-13 08:56 - 00015816 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzStats.IPC.dll
2016-05-12 16:18 - 2016-05-12 16:18 - 00000000 ____D C:\Users\xDiTex\Documents\cfg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 22:49 - 2015-08-10 13:49 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\TS3Client
2016-06-11 22:48 - 2015-08-10 13:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-11 22:43 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-11 22:43 - 2015-08-10 12:03 - 00000000 ____D C:\Users\xDiTex\AppData\Local\CrashDumps
2016-06-11 22:20 - 2015-08-14 20:27 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\Skype
2016-06-11 22:14 - 2015-08-19 19:46 - 00000406 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1104238849-1608365410-4249454038-1001.job
2016-06-11 22:09 - 2015-12-19 14:22 - 00000000 ____D C:\Users\xDiTex
2016-06-11 22:08 - 2015-08-11 11:55 - 00000000 ____D C:\Users\xDiTex\Documents\My Games
2016-06-11 21:51 - 2015-08-19 10:41 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1104238849-1608365410-4249454038-1001Core.job
2016-06-11 20:31 - 2015-08-19 19:46 - 00000406 _____ C:\WINDOWS\Tasks\update-sys.job
2016-06-11 19:33 - 2015-08-10 13:24 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-11 18:58 - 2015-08-11 20:14 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Arma 3
2016-06-11 17:54 - 2015-08-28 14:15 - 00000000 ____D C:\Program Files (x86)\A3Launcher
2016-06-11 17:16 - 2015-08-09 22:06 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-11 16:59 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-11 16:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-11 13:29 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 09:20 - 2015-08-19 14:31 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Adobe
2016-06-11 09:16 - 2015-12-19 14:43 - 00000000 ___RD C:\Users\xDiTex\OneDrive
2016-06-10 17:16 - 2015-08-13 12:08 - 00001428 _____ C:\Users\xDiTex\AppData\Roaming\BreakingPoint_Options.ini
2016-06-10 17:02 - 2015-08-13 12:08 - 00000295 _____ C:\Users\xDiTex\AppData\Roaming\BreakingPoint_Login.ini
2016-06-10 17:02 - 2015-08-11 20:07 - 00000000 ____D C:\Breaking Point
2016-06-08 19:11 - 2016-01-23 19:55 - 00307960 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-06-08 19:10 - 2015-08-09 22:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-08 18:47 - 2015-10-18 15:33 - 00237328 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-06-08 08:04 - 2015-12-19 14:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-08 08:04 - 2015-12-19 14:19 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-06 20:31 - 2015-09-23 14:53 - 00000000 ____D C:\Program Files (x86)\DayZLauncher
2016-06-06 20:21 - 2015-10-30 07:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2016-06-05 22:14 - 2016-02-26 22:23 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\vlc
2016-06-05 22:13 - 2015-10-27 00:41 - 00000000 ____D C:\Users\xDiTex\Documents\Smurf Accounts
2016-06-05 22:06 - 2015-10-03 19:07 - 00000000 ____D C:\Program Files\OpenVPN
2016-06-05 20:37 - 2016-03-20 11:47 - 00000000 ____D C:\Users\xDiTex\AppData\Local\ElevatedDiagnostics
2016-06-05 11:01 - 2015-12-25 09:42 - 00000000 ____D C:\ProgramData\Razer
2016-06-05 10:54 - 2016-01-13 00:10 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2016-06-04 23:01 - 2015-12-19 14:16 - 04937320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-04 16:04 - 2015-09-07 15:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-03 19:23 - 2016-02-15 16:53 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-06-03 19:23 - 2016-02-14 18:26 - 00280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-06-03 18:43 - 2015-12-30 14:42 - 00000000 ____D C:\ProgramData\Origin
2016-06-03 17:06 - 2015-08-09 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-28 21:30 - 2016-02-15 16:53 - 00076152 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-05-28 19:46 - 2016-02-14 20:50 - 00000000 ____D C:\Users\xDiTex\AppData\Local\PunkBuster
2016-05-28 18:21 - 2015-12-30 14:48 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-05-28 18:20 - 2015-12-30 14:43 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\Origin
2016-05-28 18:02 - 2015-12-30 14:42 - 00000000 ____D C:\Program Files (x86)\Origin
2016-05-26 19:44 - 2015-11-20 18:34 - 00000000 ____D C:\ProgramData\Celavimus
2016-05-26 19:42 - 2015-11-20 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEVO Client
2016-05-26 15:06 - 2015-08-14 20:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-25 17:59 - 2015-10-03 19:34 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\TeamViewer
2016-05-25 17:51 - 2016-04-21 17:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-05-24 17:02 - 2015-12-19 14:43 - 00002370 _____ C:\Users\xDiTex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-16 16:25 - 2015-08-11 00:37 - 00000000 ____D C:\Users\xDiTex\AppData\Local\DayZ
2016-05-16 13:30 - 2015-08-11 00:37 - 00000000 ____D C:\Users\xDiTex\Documents\DayZ
2016-05-15 13:10 - 2015-12-19 14:35 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-14 18:06 - 2015-08-15 22:24 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\OBS
2016-05-12 16:49 - 2016-01-13 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-05-12 16:49 - 2015-12-25 09:42 - 00000000 ____D C:\Users\xDiTex\AppData\Local\Razer
2016-05-12 16:19 - 2016-04-30 12:23 - 00000000 ____D C:\Users\xDiTex\Documents\STEAM BOY
 
==================== Files in the root of some directories =======
 
2015-08-13 12:08 - 2016-06-10 17:02 - 0000295 _____ () C:\Users\xDiTex\AppData\Roaming\BreakingPoint_Login.ini
2015-08-13 12:08 - 2016-06-10 17:16 - 0001428 _____ () C:\Users\xDiTex\AppData\Roaming\BreakingPoint_Options.ini
2016-04-10 14:31 - 2016-04-10 14:31 - 0000017 _____ () C:\Users\xDiTex\AppData\Local\resmon.resmoncfg
2016-03-08 15:35 - 2016-03-08 15:35 - 0292184 _____ (Microsoft Corporation) C:\Users\xDiTex\AppData\Local\Tempdxwebsetup.exe
2015-08-19 19:46 - 2015-08-19 19:46 - 0000003 _____ () C:\Users\xDiTex\AppData\Local\updater.log
2015-08-19 19:46 - 2016-03-11 19:10 - 0000424 _____ () C:\Users\xDiTex\AppData\Local\UserProducts.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-04 10:10
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by xDiTex (2016-06-11 23:04:53)
Running from C:\Users\xDiTex\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-19 13:37:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1104238849-1608365410-4249454038-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1104238849-1608365410-4249454038-503 - Limited - Disabled)
Guest (S-1-5-21-1104238849-1608365410-4249454038-501 - Limited - Disabled)
xDiTex (S-1-5-21-1104238849-1608365410-4249454038-1001 - Administrator - Enabled) => C:\Users\xDiTex
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A3Launcher version 0.0.1.9 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.1.9 - Maca134)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Batman: Arkham City GOTY (HKLM\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
Breaking Point (x32 Version: 5.0.2.9 - The Zombie Infection) Hidden
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CEVO CS:GO Client Beta version 2.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 2.0 - )
Corsair K30 Gaming Keyboard Driver V1.0 (HKLM-x32\...\{B937D0B0-9FF6-41C5-B180-519FD8DBA971}}_is1) (Version: 1.00.00.06 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{668B7711-6DAF-465F-9BE2-F3C07C962131}) (Version: 0.92.117 - Dotjosh Studios)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version:  - Codemasters Racing Studio)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Discord (HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ESEA Client (HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.64673.4 - Electronic Arts)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
H1Z1 Test Server (HKLM-x32\...\Steam App 362300) (Version:  - )
H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.12 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.025 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.027 - MSI)
MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 358.87 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.11.4 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.3.10-I602  (HKLM\...\OpenVPN) (Version: 2.3.10-I602 - )
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.2 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29263 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
ROCCAT Lua Mouse Driver (HKLM-x32\...\InstallShield_{0F5183CD-4A86-43A4-8CAA-1045871F54DE}) (Version: 1.14 - ROCCAT)
ROCCAT Lua Mouse Driver (x32 Version: 1.14 - ROCCAT) Hidden
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SNOW (HKLM\...\Steam App 244930) (Version:  - Poppermost Productions)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.07 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{EABEA8C2-451B-4AD7-A312-B27FEA28376C}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
The Desktop Weather 2.0 (HKLM\...\WeatherTool) (Version: 2.0.1.11076 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.15.55.1020 - Electronic Arts Inc.)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Tom Clancy's The Division Beta (HKLM-x32\...\Uplay Install 2036) (Version:  - Ubisoft)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
WS Launcher (HKLM-x32\...\WS Launcher 30.0.4.3) (Version: 30.0.4.3 - WS.ARMA.SU)
WS Launcher (x32 Version: 30.0.4.3 - WS.ARMA.SU) Hidden
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\xDiTex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DF7AE6E-1D69-44CA-8555-ED03DD61CF57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {11FAABC1-ED91-4B08-B3BA-737BC4748AC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {177FAB12-B12E-4B32-96CE-D1727472848A} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {225C5540-33EB-412F-B067-AFDF5B21B94C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24AF134D-8F51-401E-AFF7-8682A3B465DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {409D41E3-8F1A-4B52-95AD-193EC54C2FAA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {438C4FCF-BF94-40FA-9167-1F43797375A2} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {584B5076-7935-4986-A499-9C8E62CF765C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {5C20B44C-E8E4-4F56-9573-2B17D742600E} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {6937E542-904D-4573-BEDD-AE169BC4A94B} - System32\Tasks\update-S-1-5-21-1104238849-1608365410-4249454038-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {6B370F52-997E-4F2D-98BD-DD6496C034A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1104238849-1608365410-4249454038-1001UA => C:\Users\xDiTex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6D8BB7B1-030A-4856-AB9D-E0227EFCB31F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1104238849-1608365410-4249454038-1001Core => C:\Users\xDiTex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {739662B2-EA43-4336-83D7-EA57D83FE971} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {96184787-286F-4977-BD5A-F8ED0144954C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9B57A2E9-A7E6-41F5-BF5E-E1CE540007FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {AC9DE8AD-E402-4483-B6E4-7FBCF6F51481} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AFC456F6-EFFC-4065-A4CD-D90E35FD8C05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BCD8A27C-83CB-4401-A5BA-6039597A2C01} - System32\Tasks\AdobeAAMUpdater-1.0-Zacs-PC-xDiTex => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {CFCA3909-DA7A-4898-AF8C-BA0153A4051C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF8E724A-D6E8-4686-8A13-A14637EB4321} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E1227319-04C2-4AE8-B37D-712A95913D89} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {E5022965-54F2-4364-9E7F-0B45103CE801} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {F5A9E3DF-03C8-41EF-8013-0ADFC19621A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1104238849-1608365410-4249454038-1001Core.job => C:\Users\xDiTex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1104238849-1608365410-4249454038-1001UA.job => C:\Users\xDiTex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1104238849-1608365410-4249454038-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-16 17:24 - 2016-03-30 02:21 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-10 14:23 - 2016-03-30 02:21 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-16 17:24 - 2016-03-30 02:22 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-16 17:24 - 2016-03-30 02:21 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-15 16:53 - 2016-05-28 21:30 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-04-19 00:55 - 2016-04-19 00:55 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-11-25 05:16 - 2015-11-25 05:16 - 00152008 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherService.exe
2016-04-16 17:24 - 2016-03-30 02:21 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-16 17:24 - 2016-03-30 02:21 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-16 17:24 - 2016-03-30 02:22 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-10 14:23 - 2016-03-30 02:22 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-19 14:19 - 2016-03-22 03:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-25 05:16 - 2015-11-25 05:16 - 01050056 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherEntryDll.dll
2016-04-12 21:33 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:33 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-22 13:55 - 2016-01-22 13:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-24 17:02 - 2016-05-24 17:02 - 00959168 _____ () C:\Users\xDiTex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 15:13 - 2014-05-01 15:13 - 00470016 _____ () C:\Users\xDiTex\AppData\Local\MEGAsync\ShellExtX64.dll
2016-04-12 21:32 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-19 14:12 - 2015-12-19 14:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 21:31 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-09 22:16 - 2014-02-21 11:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2015-08-09 22:16 - 2014-02-21 11:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-09-19 16:15 - 2014-09-19 16:15 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-04-16 17:24 - 2016-03-30 02:20 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-16 17:24 - 2016-03-30 02:20 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-19 12:33 - 2016-04-19 12:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-03 17:38 - 2016-06-03 17:38 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-03 17:38 - 2016-06-03 17:38 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 17:38 - 2016-06-03 17:38 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 16:12 - 2016-03-04 16:13 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-08-04 08:54 - 2015-11-01 10:49 - 00175080 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2015-08-04 08:53 - 2015-11-01 10:49 - 00103400 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2015-08-04 08:54 - 2015-11-01 10:49 - 00108008 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2015-08-04 08:54 - 2015-11-01 10:49 - 00312296 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2016-01-04 15:46 - 2016-01-04 15:45 - 00486912 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\soundboard.dll
2015-12-30 14:09 - 2015-12-30 14:09 - 04018176 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\task_force_radio_win64.dll
2015-08-04 08:54 - 2015-11-01 10:49 - 00483816 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2015-07-17 14:10 - 2015-09-28 08:59 - 00317440 _____ () C:\Program Files\TeamSpeak 3 Client\ssleay32.dll
2015-07-17 14:10 - 2015-09-28 08:59 - 01709056 _____ () C:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2016-04-12 21:32 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 21:32 - 2016-04-02 04:00 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-04-12 21:32 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 21:32 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-12 21:32 - 2016-04-02 03:58 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 08:18 - 2015-10-30 19:08 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 08:18 - 2015-10-30 19:08 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-05-13 08:55 - 2016-05-13 08:55 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-08-10 13:06 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-08-10 13:16 - 2016-03-30 02:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-08 23:35 - 2016-04-08 23:35 - 03481600 _____ () C:\Users\xDiTex\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2016-05-24 17:02 - 2016-05-24 17:02 - 00679624 _____ () C:\Users\xDiTex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-03 21:04 - 2016-06-03 01:40 - 02779832 _____ () C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\libdiscord.dll
2016-06-03 21:04 - 2016-06-03 01:40 - 01746104 _____ () C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\ffmpeg.dll
2016-06-03 21:04 - 2016-06-03 01:40 - 00244920 _____ () \\?\C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\resources\node_modules\discord_toaster\discord_toaster.node
2016-06-03 21:04 - 2016-06-03 01:40 - 00112312 _____ () \\?\C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\resources\node_modules\discord_overlay\discord_overlay.node
2016-06-03 21:04 - 2016-06-03 01:40 - 01843896 _____ () C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\libglesv2.dll
2016-06-03 21:04 - 2016-06-03 01:40 - 00020664 _____ () C:\Users\xDiTex\AppData\Local\Discord\app-0.0.291\libegl.dll
2016-06-11 09:18 - 2016-06-11 09:18 - 00140800 _____ () \\?\C:\Users\xDiTex\AppData\Local\Temp\9DA7.tmp.node
2016-04-19 12:33 - 2016-04-19 12:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 12:33 - 2016-04-19 12:34 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-21 21:09 - 2016-04-20 22:08 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\libglesv2.dll
2016-04-21 21:09 - 2016-04-20 22:08 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\libegl.dll
2015-08-22 12:55 - 2016-04-29 21:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-22 12:55 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-10 13:23 - 2016-06-09 23:24 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-22 12:55 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-22 12:55 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-10 13:23 - 2016-02-09 00:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-10 13:23 - 2016-02-09 00:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-10 13:23 - 2016-02-09 00:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-10 13:23 - 2016-02-09 00:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-10 13:23 - 2016-02-09 00:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-22 12:54 - 2016-06-09 23:24 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 18:20 - 2016-02-17 23:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-06-11 22:48 - 2016-06-11 22:48 - 00155232 ___HT () C:\Users\xDiTex\AppData\Local\Temp\~355F.tmp
2015-08-10 13:23 - 2016-06-01 01:21 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-10 13:23 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-08-10 13:24 - 2016-06-10 16:25 - 00198144 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00317952 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00203776 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00390656 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2015-08-10 13:24 - 2016-06-10 16:25 - 06598656 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2015-08-10 13:24 - 2016-06-10 16:25 - 00166912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 01174528 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00863744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00356352 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00610816 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00164864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00708096 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00134656 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2015-08-10 13:24 - 2016-06-10 16:25 - 00957952 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00395264 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 03075584 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00574976 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00143360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00230912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 01016320 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00584704 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2015-08-10 13:24 - 2016-06-10 16:25 - 12363776 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2015-08-10 13:24 - 2016-06-10 16:25 - 10270208 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00094208 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00084992 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2015-08-10 13:24 - 2016-06-03 17:13 - 00013312 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2015-08-10 13:24 - 2016-06-03 17:13 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt
2015-08-10 13:24 - 2016-06-03 17:13 - 00974848 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2015-08-10 13:24 - 2016-06-03 17:13 - 00184832 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll
2016-05-23 10:43 - 2016-05-23 10:43 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-04-30 09:37 - 2016-04-17 16:25 - 50663704 _____ () C:\Users\xDiTex\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-04-30 09:37 - 2016-04-17 16:25 - 01881880 _____ () C:\Users\xDiTex\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-04-30 09:37 - 2016-04-17 16:25 - 00082200 _____ () C:\Users\xDiTex\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-04-21 21:09 - 2016-04-20 22:08 - 17536664 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\xDiTex:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2016-05-07 18:54 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xDiTex\Pictures\wallpaper-chelsea-search-meetii-161457.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: celavimushost => 3
MSCONFIG\Services: GamingApp_Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LogiRegistryService => 2
MSCONFIG\Services: MSI_SuperCharger => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Qualcomm Atheros Killer Service V2 => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Corsair K30"
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\StartupApproved\Run: => "EADM"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0A5FAC81-C21A-4343-AA82-2202D1518C1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{662ED0D6-8285-4D8C-8FE0-D2CF0C345F09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [UDP Query User{8793ED0D-30B9-4094-907E-AB27BC43836A}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{9786E723-3E92-4B61-9D90-13D757E6C6EE}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{936409AE-98A5-4035-83CF-C85B7E21C3D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{4A0663DA-9FC5-4CC3-BDF1-F8EC10AF6B55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{DDC375B2-464D-403F-B8EF-7F011F885DF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{0870FE82-D958-4C03-BAFC-4D434648905A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{BA6A9DF2-1646-482F-ACEB-F8377B3976F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{9D5036AB-04E3-407B-84BA-A6BCDFC9638A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{4B092BA2-DB33-494E-A035-59A1195D55A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CA0C1269-3498-4A87-84B3-E46FBBA0C68A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{98A63907-FBF9-4549-85F9-EA4A8E77B5EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{28D06021-CEB2-494E-9BEF-5C2183F4307F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{AA538B6D-D013-4C3A-B508-EB616167B7C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{D00EA514-E4BE-4DE4-81ED-466C6D5A6AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{B38FE768-1131-4F28-94BF-51BFBA1396DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{4E7BFAD3-6F07-4E93-869F-B57A6FA415F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{EA714CF7-29CE-424E-9982-DB318FC3E93B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{8275BA7C-5F46-447B-BF0E-21B6595C83A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4FECF42C-CA7C-477D-82A4-62D148497560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [{A4224A3F-6662-4A94-8BBB-C189A755AEF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [{2F201965-E09D-47B2-8A31-25A83D9B48AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{E0DEAF14-EF1A-417F-A0AF-2EFDD333B40B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{533CBF89-572C-4E4D-B0B5-75FD52ECDDE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{A68D676E-D848-475A-A060-18830A59B3E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2EBADF72-C471-4771-AF49-92D23B242DC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{B38A19D8-E6EA-45B0-A7FD-8AB5B2114E18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [UDP Query User{F07BF2E3-D44A-4205-989E-7216D0335658}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{19FEFC0F-0035-4E70-8F9A-B5D1F0666CC4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1655228E-F4E0-4FA7-AD64-2BA12A32CB9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{1B2B268A-A5C2-4586-A61F-3F739F1E3A34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{4A9A4BD8-CE98-4CF4-BFC5-B0407BD74635}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{F00FF8AC-2425-4D59-8499-74CC1C70CF78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{5C092EB2-9658-4B88-B107-602FD17EF7CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{B7C4F9B5-0BD9-47A5-AC9A-11015F1329DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{0A192157-493F-4C69-819B-6065559D10CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5CAF1FA0-4014-43B2-9D06-A7B385C90933}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{39109C21-8B6D-4E41-89FE-4690AA87EAF0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AA4E3A15-66EC-4F8A-B484-37588A7CBB21}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D47E9D55-7C4A-4F0B-A9E7-BD1A62A7BEE9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DF263B6C-5C23-42FD-A914-6296F9A88ADE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CAD64C66-F96B-46DE-922D-AA8DC98CB11F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{820A0079-BA05-4E0B-98F4-87D30EA09C5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B10C11A1-CBD8-48B7-931C-3FE11EDE15C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7902B6F8-F667-45DA-A368-2B46D76B3FBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0B02BA54-DFE3-496D-9825-66CDC213D2AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DDAB695C-CA39-4EE8-8892-27B6CE419F9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C7413764-670F-4C6D-8F98-27DD0455C0EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{739A282C-8FC2-4E49-A029-20C6A1DD8EB2}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [UDP Query User{CADA53D8-964D-4D47-82B3-510F5C99D884}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [TCP Query User{66A71D33-AE6F-433A-94EA-AB0987AFDD6A}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{2D9406B7-E85E-4D56-A7FC-CEF6D6E52923}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{20256723-0234-4B3C-87CC-C01C570C0C8C}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{82FE0136-5600-4499-86B5-35E11F7AB4E3}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{50038A3B-FC68-46D0-8401-2DB52AB764E7}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{8A5CECE0-FE36-4E39-9322-CD5D5A26CCA7}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{BB12424E-4A97-4D52-B6FA-39770CD0C0BD}C:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) C:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{56504489-C644-4A93-9D0B-9C9599D0BFD4}C:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) C:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{7C443E75-E81C-43BC-AF02-599DD443D7B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{5779F12E-B32A-45CF-833F-796EBD63F4E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [TCP Query User{FD343A54-2AC7-4838-AE48-1F430E83C27B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{EA226D56-5C4C-4EE4-B83C-51A89C94657E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{620A2FF4-3884-4CA5-84E7-FF557D133A60}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{D8E2E86C-BBB7-47AF-8D4C-1494132A8721}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{182E354E-EA44-45FC-8286-FBC9307947D5}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E48AC846-AF30-4D10-8372-E3F1FFB626E0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{28070F18-4D41-43F0-BB56-A88DE17A6393}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{DB730D72-2D29-4DC0-B002-077503861E21}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E5FA9868-DAE9-4398-B007-8F488AA25EF5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{8C70199D-684E-4164-BC18-CF6E21BF8CAA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{ED5267CB-BC7A-4B5F-9C14-E0EC280BBCA6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{29C4562E-CBE1-4131-B1BD-F75CF993F8DB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{595AC358-AFDD-44BE-A295-27B6A4CC5A43}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{16FF36AD-8449-44D3-9DDF-847C3FAA5C57}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{8401258D-648B-4C42-A95F-C335179F3110}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{8CF387FB-191D-4019-80A9-6654BD903E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{A8A8A6CF-95BA-4979-91EE-8A3676020229}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{93E42658-34BB-4D7F-AC57-90B3382FFC5E}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{B397025A-F9AA-4035-B038-A316AEE72E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{45BF65E4-62C9-44FE-B7F6-D2BFD016DB67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{FD9BD952-51E9-4A8D-B086-14280A4B7324}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{826313CB-1FC9-443E-9554-22BE0AEE5E1A}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{E4FE7D9C-D201-4EB4-B2B5-3D63208C6ADF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{724A448A-D739-4F03-8855-2CB84E6A3F6E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{69A46F9E-12B4-4511-ADD0-94634AAA4F44}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AFA2E7AD-209A-43CA-8EE1-15B87A8C1E29}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{66219B9C-6D20-4C31-B97A-4DC46365E69C}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{B53B3F8F-0ED8-48B5-9689-01176BE55062}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{02E99B4A-EAFC-4488-A81A-EF860D0FF839}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{BE6058A8-2C60-482D-840A-D60CAB0DC874}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{68FDEB92-4269-4773-BD29-58A540FEFE51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5C8822A1-FCF4-4D3C-8A85-0499E7C30D5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5E815158-2C35-406F-A902-18161C96F56A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{57B6F1BC-29A7-46EE-9C4B-CF33A07268BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{62234EA7-5585-4254-9421-5A0C9FBE1159}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{334440D7-0807-4B8F-BD99-89850A1F6D3B}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{1FEF0775-9096-4D00-8EEA-A319C65C80AF}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{D19A90BD-8FA8-4D65-AA69-802701945899}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{ECC4EBB4-BE0E-4CEF-997B-833219545369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{1B561198-C4C3-4690-8570-EA16F2A03950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C7906390-F160-4322-8C93-C66A477F2263}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{DC946CEE-8F8A-4144-A69C-3AA2847EC00F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84C297D5-E6AC-4FB0-9D51-B79F4384B43B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F8DEAED-A0C0-417A-B685-0110992A4ED8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DB20D005-43FA-4C3A-B57B-3FE7090303C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EA14A3C0-80F4-46B9-BA99-BD5DCC98F793}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0A937F57-66E7-44E1-97D7-ED2792AADDBE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{80398122-0B04-4671-8ABE-372C4B6306FE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{43136216-97F5-4C3F-9002-0BB9F541F191}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0F670D7B-D269-4D4B-AC85-10254D7FDEB5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{923F7EED-DE49-40B7-8FDE-AF031AAE901B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{F36E375A-BE84-4129-BFFC-BECD52BF7D36}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{4F09F6A6-A08F-48CD-91C1-B6C98946D3F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{0F43711A-97E1-4703-88F4-54751271FEE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{2D9CF241-CB9F-485A-96B5-DCDCE83E4A0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{0154B22B-AB95-442B-BDCB-F7E5B8FFFFE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [TCP Query User{12124CC6-53FA-40C7-8A22-D5E0957AA089}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8756870D-6411-4EFA-AA06-AB3DD12E9A62}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{CD6694C1-B81A-4DDA-98EF-B9AF52669A8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{0478A3E5-D829-41DD-99FB-F06C8599A6B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [TCP Query User{8C126C5A-D9DA-458F-A984-9C6683D73358}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{F09805D8-0658-43D2-AAB4-28843CFC3134}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{52BE7FD4-FA66-4B66-BA87-3E5C35B1747B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{844933B0-434E-4395-B935-819C32305A00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
 
==================== Restore Points =========================
 
28-05-2016 19:39:31 Installed DirectX
29-05-2016 19:40:55 Installed DirectX
03-06-2016 19:14:02 Windows Update
06-06-2016 20:46:49 Windows Update
08-06-2016 19:09:47 UE4 Prerequisites (x64)
08-06-2016 19:10:33 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2016 12:58:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SAM.Picker.exe, version: 6.3.0.987, time stamp: 0x4e7c5c91
Faulting module name: KERNELBASE.dll, version: 6.2.10586.162, time stamp: 0x56cd55ab
Exception code: 0xe0434f4d
Fault offset: 0x000bdad8
Faulting process ID: 0x%9
Faulting application start time: 0xSAM.Picker.exe0
Faulting application path: SAM.Picker.exe1
Faulting module path: SAM.Picker.exe2
Report ID: SAM.Picker.exe3
Faulting package full name: SAM.Picker.exe4
Faulting package-relative application ID: SAM.Picker.exe5
 
Error: (06/11/2016 11:33:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.0.1.1, time stamp: 0x5735831b
Faulting module name: mscorlib.ni.dll, version: 4.6.1078.0, time stamp: 0x56e1f0f8
Exception code: 0xc0000005
Fault offset: 0x007d7a66
Faulting process ID: 0x2fc0
Faulting application start time: 0xRzStats.Manager.exe0
Faulting application path: RzStats.Manager.exe1
Faulting module path: RzStats.Manager.exe2
Report ID: RzStats.Manager.exe3
Faulting package full name: RzStats.Manager.exe4
Faulting package-relative application ID: RzStats.Manager.exe5
 
Error: (06/11/2016 11:33:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 72657A66
Stack:
 
Error: (06/10/2016 11:48:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program arma3.exe version 1.60.136.470 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3a1c
 
Start Time: 01d1c36a33f24038
 
Termination Time: 37
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe
 
Report Id: 8250a7ff-2f5d-11e6-83e1-d8cb8a5858ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/10/2016 11:16:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.0.1.1, time stamp: 0x5735831b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process ID: 0x21d0
Faulting application start time: 0xRzStats.Manager.exe0
Faulting application path: RzStats.Manager.exe1
Faulting module path: RzStats.Manager.exe2
Report ID: RzStats.Manager.exe3
Faulting package full name: RzStats.Manager.exe4
Faulting package-relative application ID: RzStats.Manager.exe5
 
Error: (06/10/2016 11:16:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00000000
Stack:
 
Error: (06/10/2016 07:06:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program arma3.exe version 1.60.136.470 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2e4c
 
Start Time: 01d1c342d8ed14ca
 
Termination Time: 7
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe
 
Report Id: 1b4923f7-2f36-11e6-83e1-d8cb8a5858ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/10/2016 06:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppID_Patch.exe, version: 0.0.0.0, time stamp: 0x5486d3ca
Faulting module name: AppID_Patch.exe, version: 0.0.0.0, time stamp: 0x5486d3ca
Exception code: 0xc0000005
Fault offset: 0x000011e1
Faulting process ID: 0x1a54
Faulting application start time: 0xAppID_Patch.exe0
Faulting application path: AppID_Patch.exe1
Faulting module path: AppID_Patch.exe2
Report ID: AppID_Patch.exe3
Faulting package full name: AppID_Patch.exe4
Faulting package-relative application ID: AppID_Patch.exe5
 
Error: (06/10/2016 06:56:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppID_Patch.exe, version: 0.0.0.0, time stamp: 0x5486d3ca
Faulting module name: AppID_Patch.exe, version: 0.0.0.0, time stamp: 0x5486d3ca
Exception code: 0xc0000005
Fault offset: 0x000011e1
Faulting process ID: 0x2a48
Faulting application start time: 0xAppID_Patch.exe0
Faulting application path: AppID_Patch.exe1
Faulting module path: AppID_Patch.exe2
Report ID: AppID_Patch.exe3
Faulting package full name: AppID_Patch.exe4
Faulting package-relative application ID: AppID_Patch.exe5
 
Error: (06/10/2016 06:56:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppID_Patch.exe, version: 0.0.0.0, time stamp: 0x5486d3ca
Faulting module name: AppID_Patch.exe, version: 0.0.0.0, time stamp: 0x5486d3ca
Exception code: 0xc0000005
Fault offset: 0x000011e1
Faulting process ID: 0x2e4c
Faulting application start time: 0xAppID_Patch.exe0
Faulting application path: AppID_Patch.exe1
Faulting module path: AppID_Patch.exe2
Report ID: AppID_Patch.exe3
Faulting package full name: AppID_Patch.exe4
Faulting package-relative application ID: AppID_Patch.exe5
 
 
System errors:
=============
Error: (06/11/2016 01:14:22 AM) (Source: DCOM) (EventID: 10010) (User: ZACS-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (06/11/2016 01:14:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_6c63d02 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/11/2016 01:14:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_6c63d02 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/11/2016 01:14:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_6c63d02 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/11/2016 01:14:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_6c63d02 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/11/2016 01:14:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/10/2016 06:39:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (06/10/2016 06:39:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/10/2016 04:16:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3156421).
 
Error: (06/10/2016 04:10:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
 
CodeIntegrity:
===================================
  Date: 2016-06-11 13:12:17.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 13:12:17.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 13:12:17.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 13:12:16.973
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 12:58:22.553
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 12:58:22.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 12:58:22.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 12:58:22.134
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-09 12:12:55.497
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-09 12:12:55.325
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 60%
Total physical RAM: 8143.77 MB
Available physical RAM: 3256.95 MB
Total Virtual: 14235.13 MB
Available Virtual: 7672.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.73 GB) (Free:338.49 GB) NTFS
Drive e: () (Removable) (Total:14.44 GB) (Free:14.37 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C8550814)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 17A0A5E1)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

Edited by Zac Hopkins, 12 June 2016 - 01:46 AM.

  • 0

#4
Zac Hopkins

Zac Hopkins

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

here is the url for the download. It says it's safe does that mean i 100% don't have a RAT. https://www.virustot...sis/1465717466/


  • 0

#5
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

The VT link showed that you had the web site scanned not the file.  Your logs show that your system is fairly clean (for the most part) but there are some items that need to be handled.

 

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Amazon 1Button App

Amazon Assistant
The Desktop Weather 2.0


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [GoogleChromeAutoLaunch_53A46035466EA9E447ECACD134677BDE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-20] (Google Inc.)
SearchScopes: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_uk_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_124694ed_1201_1401_20160421_GB_ie_ds_&tag=bds-p10-serp-uk-ie-21&query={searchTerms}
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
CHR DefaultSearchURL: Default -> hxxps://www.amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Session Restore: Default -> is enabled.
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
C:\Program Files (x86)\Amazon\Amazon1ButtonApp
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherService.exe [152008 2015-11-25] ()
C:\Program Files (x86)\WeatherTool
S4 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
C:\Program Files\OpenVPN
S3 bONdDSVB; \??\E:\bONdDSVB.sys [X]
S3 USSwnRCs6ZU; \??\E:\USSwnRCs6ZU.sys [X]
S3 WXiuu; \??\E:\WXiuu.sys [X]
E:\bONdDSVB.sys
E:\USSwnRCs6ZU.sys
E:\WXiuu.sys
2016-05-29 13:11 - 2016-06-11 20:32 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\WeatherTool
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\Downloads\Retrospective
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\RPEng
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-05-27 23:09 - 2016-05-27 23:09 - 00000096 _____ C:\Users\xDiTex\Downloads\autoexec (1).cfg
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {0DF7AE6E-1D69-44CA-8555-ED03DD61CF57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {11FAABC1-ED91-4B08-B3BA-737BC4748AC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {177FAB12-B12E-4B32-96CE-D1727472848A} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {225C5540-33EB-412F-B067-AFDF5B21B94C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24AF134D-8F51-401E-AFF7-8682A3B465DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {409D41E3-8F1A-4B52-95AD-193EC54C2FAA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {438C4FCF-BF94-40FA-9167-1F43797375A2} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
C:\Program Files (x86)\Amazon Browser Settings
Task: {5C20B44C-E8E4-4F56-9573-2B17D742600E} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {96184787-286F-4977-BD5A-F8ED0144954C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AFC456F6-EFFC-4065-A4CD-D90E35FD8C05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CFCA3909-DA7A-4898-AF8C-BA0153A4051C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF8E724A-D6E8-4686-8A13-A14637EB4321} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\xDiTex:Heroes & Generals [38]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

How is your system running now?
 

 


  • 0

#6
Zac Hopkins

Zac Hopkins

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

The VT link showed that you had the web site scanned not the file.  Your logs show that your system is fairly clean (for the most part) but there are some items that need to be handled.

 

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Amazon 1Button App

Amazon Assistant
The Desktop Weather 2.0


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [GoogleChromeAutoLaunch_53A46035466EA9E447ECACD134677BDE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-20] (Google Inc.)
SearchScopes: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_uk_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_124694ed_1201_1401_20160421_GB_ie_ds_&tag=bds-p10-serp-uk-ie-21&query={searchTerms}
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
CHR DefaultSearchURL: Default -> hxxps://www.amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Session Restore: Default -> is enabled.
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
C:\Program Files (x86)\Amazon\Amazon1ButtonApp
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherService.exe [152008 2015-11-25] ()
C:\Program Files (x86)\WeatherTool
S4 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
C:\Program Files\OpenVPN
S3 bONdDSVB; \??\E:\bONdDSVB.sys [X]
S3 USSwnRCs6ZU; \??\E:\USSwnRCs6ZU.sys [X]
S3 WXiuu; \??\E:\WXiuu.sys [X]
E:\bONdDSVB.sys
E:\USSwnRCs6ZU.sys
E:\WXiuu.sys
2016-05-29 13:11 - 2016-06-11 20:32 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\WeatherTool
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\Downloads\Retrospective
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\RPEng
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-05-27 23:09 - 2016-05-27 23:09 - 00000096 _____ C:\Users\xDiTex\Downloads\autoexec (1).cfg
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {0DF7AE6E-1D69-44CA-8555-ED03DD61CF57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {11FAABC1-ED91-4B08-B3BA-737BC4748AC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {177FAB12-B12E-4B32-96CE-D1727472848A} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {225C5540-33EB-412F-B067-AFDF5B21B94C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24AF134D-8F51-401E-AFF7-8682A3B465DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {409D41E3-8F1A-4B52-95AD-193EC54C2FAA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {438C4FCF-BF94-40FA-9167-1F43797375A2} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
C:\Program Files (x86)\Amazon Browser Settings
Task: {5C20B44C-E8E4-4F56-9573-2B17D742600E} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {96184787-286F-4977-BD5A-F8ED0144954C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AFC456F6-EFFC-4065-A4CD-D90E35FD8C05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CFCA3909-DA7A-4898-AF8C-BA0153A4051C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF8E724A-D6E8-4686-8A13-A14637EB4321} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\xDiTex:Heroes & Generals [38]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=975de5d1356bde2e4b9ed9644e45363e&app=forums&module=ajax§ion=topics&do=quote&t=361577&p=2565970&md5check=b627330682c2ae1b49890009cf995b9c&isRte=1,zBX8hFeDQI,true,true,as0Rp3sJCu0');//]]></script> Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

How is your system running now?
 &&0

 

 

 

 

thankyou so much for your amazing help, the steps are easily put together and have helped me so much, i know you don't have to do this so i'm truely grateful for your help bro. Thanks.

 

 

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by xDiTex (2016-06-12 23:28:04) Run:2
Running from C:\Users\xDiTex\Desktop
Loaded Profiles: xDiTex (Available Profiles: xDiTex)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [GoogleChromeAutoLaunch_53A46035466EA9E447ECACD134677BDE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-20] (Google Inc.)
SearchScopes: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_uk_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_124694ed_1201_1401_20160421_GB_ie_ds_&tag=bds-p10-serp-uk-ie-21&query={searchTerms}
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
CHR DefaultSearchURL: Default -> hxxps://www.amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Session Restore: Default -> is enabled.
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
C:\Program Files (x86)\Amazon\Amazon1ButtonApp
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherService.exe [152008 2015-11-25] ()
C:\Program Files (x86)\WeatherTool
S4 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
C:\Program Files\OpenVPN
S3 bONdDSVB; \??\E:\bONdDSVB.sys [X]
S3 USSwnRCs6ZU; \??\E:\USSwnRCs6ZU.sys [X]
S3 WXiuu; \??\E:\WXiuu.sys [X]
E:\bONdDSVB.sys
E:\USSwnRCs6ZU.sys
E:\WXiuu.sys
2016-05-29 13:11 - 2016-06-11 20:32 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\WeatherTool
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\Downloads\Retrospective
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\RPEng
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-05-27 23:09 - 2016-05-27 23:09 - 00000096 _____ C:\Users\xDiTex\Downloads\autoexec (1).cfg
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {0DF7AE6E-1D69-44CA-8555-ED03DD61CF57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {11FAABC1-ED91-4B08-B3BA-737BC4748AC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {177FAB12-B12E-4B32-96CE-D1727472848A} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {225C5540-33EB-412F-B067-AFDF5B21B94C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24AF134D-8F51-401E-AFF7-8682A3B465DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {409D41E3-8F1A-4B52-95AD-193EC54C2FAA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {438C4FCF-BF94-40FA-9167-1F43797375A2} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
C:\Program Files (x86)\Amazon Browser Settings
Task: {5C20B44C-E8E4-4F56-9573-2B17D742600E} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {96184787-286F-4977-BD5A-F8ED0144954C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AFC456F6-EFFC-4065-A4CD-D90E35FD8C05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CFCA3909-DA7A-4898-AF8C-BA0153A4051C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF8E724A-D6E8-4686-8A13-A14637EB4321} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\xDiTex:Heroes & Generals [38]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_53A46035466EA9E447ECACD134677BDE => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. 
HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
Chrome Session Restore: => removed successfully
C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
Amazon 1Button App Service => service not found.
"C:\Program Files (x86)\Amazon\Amazon1ButtonApp" => not found.
TheDesktopWeatherService => service not found.
"C:\Program Files (x86)\WeatherTool" => not found.
OpenVPNService => service removed successfully
C:\Program Files\OpenVPN => moved successfully
bONdDSVB => service removed successfully
USSwnRCs6ZU => service removed successfully
WXiuu => service removed successfully
"E:\bONdDSVB.sys" => not found.
"E:\USSwnRCs6ZU.sys" => not found.
"E:\WXiuu.sys" => not found.
"C:\Users\xDiTex\AppData\Roaming\WeatherTool" => not found.
C:\Users\xDiTex\Downloads\Retrospective => moved successfully
C:\Users\xDiTex\AppData\Roaming\RPEng => moved successfully
C:\Users\Public\Documents\Guid => moved successfully
"C:\Program Files (x86)\WeatherTool" => not found.
C:\Users\xDiTex\Downloads\autoexec (1).cfg => moved successfully
"HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DF7AE6E-1D69-44CA-8555-ED03DD61CF57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DF7AE6E-1D69-44CA-8555-ED03DD61CF57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11FAABC1-ED91-4B08-B3BA-737BC4748AC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11FAABC1-ED91-4B08-B3BA-737BC4748AC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{177FAB12-B12E-4B32-96CE-D1727472848A} => key not found. 
C:\WINDOWS\System32\Tasks\DistromaticUpdater-logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{225C5540-33EB-412F-B067-AFDF5B21B94C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225C5540-33EB-412F-B067-AFDF5B21B94C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24AF134D-8F51-401E-AFF7-8682A3B465DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24AF134D-8F51-401E-AFF7-8682A3B465DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{409D41E3-8F1A-4B52-95AD-193EC54C2FAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{409D41E3-8F1A-4B52-95AD-193EC54C2FAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{438C4FCF-BF94-40FA-9167-1F43797375A2} => key not found. 
C:\WINDOWS\System32\Tasks\DistromaticUpdater-periodic => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic => key not found. 
"C:\Program Files (x86)\Amazon Browser Settings" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C20B44C-E8E4-4F56-9573-2B17D742600E} => key not found. 
C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96184787-286F-4977-BD5A-F8ED0144954C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96184787-286F-4977-BD5A-F8ED0144954C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AFC456F6-EFFC-4065-A4CD-D90E35FD8C05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC456F6-EFFC-4065-A4CD-D90E35FD8C05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFCA3909-DA7A-4898-AF8C-BA0153A4051C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFCA3909-DA7A-4898-AF8C-BA0153A4051C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF8E724A-D6E8-4686-8A13-A14637EB4321}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF8E724A-D6E8-4686-8A13-A14637EB4321}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\Users\xDiTex => ":Heroes & Generals" ADS removed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 595.7 MB temporary data Removed.
 
 
The system needed a reboot.
 

==== End of Fixlog 23:28:41 ====Fix result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01

Ran by xDiTex (2016-06-12 23:28:04) Run:2
Running from C:\Users\xDiTex\Desktop
Loaded Profiles: xDiTex (Available Profiles: xDiTex)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\...\Run: [GoogleChromeAutoLaunch_53A46035466EA9E447ECACD134677BDE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-20] (Google Inc.)
SearchScopes: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_uk_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_124694ed_1201_1401_20160421_GB_ie_ds_&tag=bds-p10-serp-uk-ie-21&query={searchTerms}
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
CHR DefaultSearchURL: Default -> hxxps://www.amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Session Restore: Default -> is enabled.
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
C:\Program Files (x86)\Amazon\Amazon1ButtonApp
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11076\WeatherService.exe [152008 2015-11-25] ()
C:\Program Files (x86)\WeatherTool
S4 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
C:\Program Files\OpenVPN
S3 bONdDSVB; \??\E:\bONdDSVB.sys [X]
S3 USSwnRCs6ZU; \??\E:\USSwnRCs6ZU.sys [X]
S3 WXiuu; \??\E:\WXiuu.sys [X]
E:\bONdDSVB.sys
E:\USSwnRCs6ZU.sys
E:\WXiuu.sys
2016-05-29 13:11 - 2016-06-11 20:32 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\WeatherTool
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\Downloads\Retrospective
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\xDiTex\AppData\Roaming\RPEng
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-05-29 13:11 - 2016-05-29 13:11 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-05-27 23:09 - 2016-05-27 23:09 - 00000096 _____ C:\Users\xDiTex\Downloads\autoexec (1).cfg
CustomCLSID: HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\xDiTex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {0DF7AE6E-1D69-44CA-8555-ED03DD61CF57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {11FAABC1-ED91-4B08-B3BA-737BC4748AC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {177FAB12-B12E-4B32-96CE-D1727472848A} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {225C5540-33EB-412F-B067-AFDF5B21B94C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24AF134D-8F51-401E-AFF7-8682A3B465DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {409D41E3-8F1A-4B52-95AD-193EC54C2FAA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {438C4FCF-BF94-40FA-9167-1F43797375A2} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-21] (Distromatic) <==== ATTENTION
C:\Program Files (x86)\Amazon Browser Settings
Task: {5C20B44C-E8E4-4F56-9573-2B17D742600E} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-21] (Distromatic) <==== ATTENTION
Task: {96184787-286F-4977-BD5A-F8ED0144954C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AFC456F6-EFFC-4065-A4CD-D90E35FD8C05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CFCA3909-DA7A-4898-AF8C-BA0153A4051C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF8E724A-D6E8-4686-8A13-A14637EB4321} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\xDiTex:Heroes & Generals [38]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_53A46035466EA9E447ECACD134677BDE => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. 
HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
Chrome Session Restore: => removed successfully
C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
Amazon 1Button App Service => service not found.
"C:\Program Files (x86)\Amazon\Amazon1ButtonApp" => not found.
TheDesktopWeatherService => service not found.
"C:\Program Files (x86)\WeatherTool" => not found.
OpenVPNService => service removed successfully
C:\Program Files\OpenVPN => moved successfully
bONdDSVB => service removed successfully
USSwnRCs6ZU => service removed successfully
WXiuu => service removed successfully
"E:\bONdDSVB.sys" => not found.
"E:\USSwnRCs6ZU.sys" => not found.
"E:\WXiuu.sys" => not found.
"C:\Users\xDiTex\AppData\Roaming\WeatherTool" => not found.
C:\Users\xDiTex\Downloads\Retrospective => moved successfully
C:\Users\xDiTex\AppData\Roaming\RPEng => moved successfully
C:\Users\Public\Documents\Guid => moved successfully
"C:\Program Files (x86)\WeatherTool" => not found.
C:\Users\xDiTex\Downloads\autoexec (1).cfg => moved successfully
"HKU\S-1-5-21-1104238849-1608365410-4249454038-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DF7AE6E-1D69-44CA-8555-ED03DD61CF57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DF7AE6E-1D69-44CA-8555-ED03DD61CF57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11FAABC1-ED91-4B08-B3BA-737BC4748AC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11FAABC1-ED91-4B08-B3BA-737BC4748AC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{177FAB12-B12E-4B32-96CE-D1727472848A} => key not found. 
C:\WINDOWS\System32\Tasks\DistromaticUpdater-logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20CFDC44-56B7-44C6-AFFA-F6892DA9B2FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{225C5540-33EB-412F-B067-AFDF5B21B94C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225C5540-33EB-412F-B067-AFDF5B21B94C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24AF134D-8F51-401E-AFF7-8682A3B465DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24AF134D-8F51-401E-AFF7-8682A3B465DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{409D41E3-8F1A-4B52-95AD-193EC54C2FAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{409D41E3-8F1A-4B52-95AD-193EC54C2FAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{438C4FCF-BF94-40FA-9167-1F43797375A2} => key not found. 
C:\WINDOWS\System32\Tasks\DistromaticUpdater-periodic => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic => key not found. 
"C:\Program Files (x86)\Amazon Browser Settings" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C20B44C-E8E4-4F56-9573-2B17D742600E} => key not found. 
C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96184787-286F-4977-BD5A-F8ED0144954C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96184787-286F-4977-BD5A-F8ED0144954C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AFC456F6-EFFC-4065-A4CD-D90E35FD8C05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC456F6-EFFC-4065-A4CD-D90E35FD8C05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFCA3909-DA7A-4898-AF8C-BA0153A4051C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFCA3909-DA7A-4898-AF8C-BA0153A4051C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF8E724A-D6E8-4686-8A13-A14637EB4321}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF8E724A-D6E8-4686-8A13-A14637EB4321}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\Users\xDiTex => ":Heroes & Generals" ADS removed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1104238849-1608365410-4249454038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 595.7 MB temporary data Removed.
 
 
The system needed a reboot.
 

==== End of Fixlog 23:28:41 ==== 


  • 0

#7
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

I see that the fixlist was run twice; did it hang the first time or ???

 


FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
[ul]
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
AdwCleaner_v5016_zpsf8ln0fea.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
[/ul]

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


LAST >>>>

[font color="blue"]Malwarebytes' Anti-Malware[/font]
Please download the latest version of Malwarebytes' Anti-Malware from [a href="http://www.malwareby...ownload/"][fontcolor="#2E8B57"]Here[/font][/a].  The version you have installed needs to be updated.

Double Click on the mbam-setup.exe file to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click [font color="#0000ff"]View detailed log >>[/font] to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.
 


  • 0

#8
Zac Hopkins

Zac Hopkins

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
There was no log created from, JRT.exe.
 
 
 
 
 
# AdwCleaner v5.119 - Logfile created 13/06/2016 at 12:08:50
# Updated 30/05/2016 by Xplode
# Database : 2016-06-12.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : xDiTex - ZACHOPKINS-PC-M
# Running from : C:\Users\xDiTex\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKCU\Software\distromatic
 
***** [ Web browsers ] *****
 
[-] [C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\xDiTex\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : call-of-duty-world-at-war-patch.en.softonic.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1952 bytes] - [13/06/2016 12:08:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [2010 bytes] - [13/06/2016 12:05:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2098 bytes] ##########

  • 0

#9
Zac Hopkins

Zac Hopkins

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

once again the final test shut down my computer once it was complete therefore i couldn't export it. Here is what it deleted i believe. http://prntscr.com/bfspt2


Edited by Zac Hopkins, 13 June 2016 - 05:37 AM.

  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

One last scan ...
 

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

Select%20at%20Web%20site2_zpsawdg8ncg.pn

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please.  Thanks.


  • 0

#11
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP