Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 The module...failed to load. [Solved]

Started by agamer7809 , Feb 15 2017 04:13 PM

  • This topic is locked This topic is locked

#16
agamer7809
Posted 08 March 2017 - 06:30 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
This is the Fresh FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Alex (administrator) on ALEXSPC (08-03-2017 16:20:12)
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Electronic Arts) D:\Program Files\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) D:\Program Files\Steam.exe
(Flux Software LLC) C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Corsair Components, Inc.) D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-26] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17305208 2016-12-08] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Steam] => D:\Program Files\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [3970112 2016-11-28] (GOG.com)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [f.lux] => C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Chromium] => "c:\users\alex\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-30] ()
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 173.244.211.97,8.8.8.8
Tcpip\..\Interfaces\{80fe19d2-3f40-431f-ba78-c6175d1cfaad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{999cdded-6345-4aba-ba99-46751f4637de}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:64550;https=127.0.0.1:64550
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: xzezvwlb.default
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default [2017-02-24]
FF Extension: (All Aboard) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\@all-aboard-v1 [2016-07-26]
FF Extension: (Notification Manager) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\{1ACA5BE8-BFF0-B122-637B-00976A61FF79} [2017-02-08] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-482574108-2876646391-2450146034-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_24_0_0_186.dll => No File
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]
CHR Extension: (BetterTTV) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-28]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-22]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-22]
CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-09]
CHR Extension: (uBlock Origin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-10]
CHR Extension: (8 Ball Pool Chat) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmamjkbajpfchgmmmjcffiaoilhnckei [2017-02-09]
CHR Extension: (OP.GG Summoner Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfnoddgekoeiljeaekobnchnedoipgpc [2016-11-25]
CHR Extension: (Google Play Music) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-03-01]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (KingsRoad) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2016-06-22]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-24]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-24]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-11] (Advanced Micro Devices) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-02-07] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [409128 2017-02-23] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284224 2016-11-28] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-17] (GOG.com)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [2121736 2017-01-24] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files\Origin\OriginWebHelperService.exe [2183696 2017-01-24] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2016-04-05] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmdag.sys [28762648 2017-01-27] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmpag.sys [530968 2017-01-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc.)
S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-08 16:17 - 2017-03-08 16:17 - 00004613 _____ C:\Users\Alex\Desktop\AdwCleaner[C0].txt
2017-03-08 16:08 - 2017-03-08 16:16 - 00000000 ____D C:\AdwCleaner
2017-03-08 16:08 - 2017-03-08 16:08 - 04031440 _____ C:\Users\Alex\Desktop\AdwCleaner.exe
2017-03-08 15:24 - 2017-03-08 15:24 - 00412660 _____ C:\WINDOWS\Minidump\030817-6031-01.dmp
2017-03-07 10:40 - 2017-03-07 10:40 - 00412692 _____ C:\WINDOWS\Minidump\030717-6000-01.dmp
2017-03-03 23:09 - 2017-03-03 23:09 - 00412484 _____ C:\WINDOWS\Minidump\030317-6015-01.dmp
2017-03-03 09:40 - 2017-03-08 16:17 - 00004414 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2017-03-02 23:39 - 2017-03-08 16:16 - 00003360 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2017-03-02 01:27 - 2017-03-02 01:27 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Mastfire Studios
2017-03-01 20:11 - 2017-03-03 09:40 - 00000000 ____D C:\Users\Alex\AppData\Local\Verto Analytics
2017-02-25 02:51 - 2017-02-25 02:51 - 00000537 _____ C:\Users\Public\Desktop\Overwatch Test.lnk
2017-02-25 02:51 - 2017-02-25 02:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-02-24 10:42 - 2017-02-24 10:45 - 00000688 _____ C:\Users\Alex\Desktop\JRT.txt
2017-02-24 10:37 - 2017-03-08 16:19 - 00000000 ____D C:\Users\Alex\Desktop\FRST-OlderVersion
2017-02-24 10:37 - 2017-02-24 10:37 - 00005840 _____ C:\Users\Alex\Desktop\Fixlog.txt
2017-02-24 02:59 - 2017-03-08 16:20 - 00021125 _____ C:\Users\Alex\Desktop\FRST.txt
2017-02-23 23:05 - 2017-03-08 16:19 - 02423808 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2017-02-23 22:58 - 2017-02-23 22:58 - 00356516 _____ C:\WINDOWS\Minidump\022317-6390-01.dmp
2017-02-22 21:19 - 2017-02-22 21:19 - 00001100 _____ C:\Users\Alex\Desktop\WinDirStat.lnk
2017-02-22 21:19 - 2017-02-22 21:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-02-22 21:19 - 2017-02-22 21:19 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2017-02-22 20:39 - 2017-02-22 20:39 - 00000044 _____ C:\Users\Alex\Documents\TS recovery key.txt
2017-02-22 20:38 - 2017-02-22 21:18 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2017-02-22 20:38 - 2017-02-22 20:38 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-02-22 20:38 - 2017-02-22 20:38 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3
2017-02-22 20:38 - 2017-02-22 20:38 - 00000000 ____D C:\Users\Alex\.TeamSpeak 3
2017-02-22 20:38 - 2017-02-22 20:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-17 23:56 - 2017-03-08 16:20 - 00000000 ____D C:\FRST
2017-02-17 23:54 - 2017-02-17 23:54 - 00543684 _____ C:\WINDOWS\Minidump\021717-6140-01.dmp
2017-02-15 17:07 - 2017-02-15 17:07 - 00543652 _____ C:\WINDOWS\Minidump\021517-8078-01.dmp
2017-02-15 01:38 - 2017-02-23 13:10 - 00000000 ____D C:\Users\Alex\AppData\Roaming\EasyAntiCheat
2017-02-15 01:38 - 2017-02-15 01:38 - 00000000 ____D C:\ProgramData\For Honor Data
2017-02-14 12:39 - 2017-02-14 12:40 - 00412612 _____ C:\WINDOWS\Minidump\021417-5984-01.dmp
2017-02-08 21:23 - 2017-02-08 21:23 - 00000000 ____D C:\Users\Alex\.Plays.tv
2017-02-08 00:26 - 2017-02-08 17:03 - 00000000 ____D C:\Users\Alex\AppData\Local\Oqdlics
2017-02-07 16:34 - 2017-02-07 16:34 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-02-07 16:34 - 2017-02-07 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-02-07 16:32 - 2017-02-07 16:32 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\AMD
2017-02-07 16:25 - 2017-02-07 16:28 - 34390000 _____ (AMD Inc.) C:\Users\Alex\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170130_64bit.exe
2017-02-07 16:19 - 2017-02-07 16:19 - 00412660 _____ C:\WINDOWS\Minidump\020717-5671-01.dmp
2017-02-07 00:25 - 2017-02-08 00:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Metal.Gear.Solid.V.The.Phantom.Pain-ALI213
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-08 16:18 - 2016-12-16 23:00 - 00000000 ____D C:\Users\Alex\AppData\Local\Personify
2017-03-08 16:16 - 2016-08-16 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 16:16 - 2016-08-16 10:20 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-03-08 16:16 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 16:15 - 2016-08-16 10:21 - 00000000 ____D C:\Users\Alex
2017-03-08 15:30 - 2016-08-16 10:21 - 02545600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 15:24 - 2016-08-24 22:38 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-08 15:24 - 2016-08-16 10:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 15:24 - 2016-06-22 22:57 - 1350516210 _____ C:\WINDOWS\MEMORY.DMP
2017-03-05 01:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-03 09:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-03 00:17 - 2016-07-27 13:02 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net
2017-03-03 00:17 - 2016-06-22 21:27 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-02 23:39 - 2016-06-27 10:34 - 00000000 ____D C:\Program Files (x86)\SmartApp
2017-03-02 23:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-01 20:39 - 2016-09-17 15:58 - 00000000 ____D C:\Users\Alex\AppData\Roaming\StardewValley
2017-03-01 20:37 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 17:39 - 2016-07-17 18:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BitTorrent
2017-02-28 23:50 - 2016-06-22 23:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-28 23:43 - 2016-07-11 20:48 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-28 13:26 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-27 00:50 - 2016-06-23 00:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Ubisoft Game Launcher
2017-02-27 00:23 - 2016-08-21 22:37 - 00575528 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-25 12:05 - 2016-06-22 23:09 - 00000000 ____D C:\Users\Alex\AppData\Local\Razer
2017-02-25 12:05 - 2016-06-22 23:00 - 00000000 ____D C:\ProgramData\Razer
2017-02-25 12:05 - 2016-06-22 22:59 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-24 10:39 - 2017-01-29 00:12 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-23 22:59 - 2016-06-23 00:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OBS
2017-02-23 13:10 - 2015-12-15 04:32 - 00000000 ____D C:\Users\Alex\Documents\My Games
2017-02-23 12:05 - 2016-08-21 22:37 - 00409128 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-02-23 11:32 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 11:31 - 2016-06-24 08:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 03:18 - 2016-06-24 08:46 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 01:52 - 2016-01-29 10:41 - 00000000 ____D C:\Users\Alex\Documents\Darkest
2017-02-20 21:24 - 2016-09-11 19:01 - 00000000 ____D C:\Users\Alex\AppData\Roaming\obs-studio
2017-02-20 12:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-20 12:08 - 2017-01-16 20:09 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2017-02-20 12:08 - 2016-07-09 18:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-20 12:03 - 2016-06-22 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2017-02-20 12:03 - 2016-06-22 21:35 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2017-02-20 11:53 - 2016-09-16 15:17 - 00000000 ____D C:\Users\Alex\.tmcbeans-installer
2017-02-20 11:42 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-20 11:42 - 2016-07-06 11:02 - 00000000 ____D C:\Users\Alex\AppData\Local\BlueStacks
2017-02-20 00:09 - 2016-06-27 10:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2017-02-19 20:22 - 2016-06-27 10:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-19 20:22 - 2016-06-27 10:46 - 00000000 ____D C:\ProgramData\Skype
2017-02-17 23:54 - 2016-10-21 22:30 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-17 23:54 - 2016-10-21 22:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 19:34 - 2016-10-21 22:30 - 00003964 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-14 12:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-14 01:18 - 2016-06-22 23:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-09 23:15 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-08 02:04 - 2016-08-19 00:10 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Launcher
2017-02-08 02:03 - 2016-08-19 00:14 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3
2017-02-07 16:32 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-07 16:32 - 2016-06-22 21:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-07 16:29 - 2017-01-10 12:03 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-02-07 16:28 - 2015-12-15 05:53 - 00000000 ____D C:\AMD
2017-02-07 00:35 - 2016-08-22 22:50 - 00000000 ____D C:\Users\Alex\Documents\CPY_SAVES
2017-02-06 20:23 - 2016-09-23 12:13 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:23 - 2016-09-23 12:13 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-06-17 01:54 - 2016-06-17 01:54 - 0000217 _____ () C:\Users\Alex\AppData\Roaming\10-unhinted.conf
2016-06-17 01:54 - 2016-06-17 01:54 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\159 dk orange bl 1.ADO
2016-06-17 01:54 - 2016-06-17 01:54 - 0000303 _____ () C:\Users\Alex\AppData\Roaming\3.png
2016-06-17 01:54 - 2016-06-17 01:54 - 0001283 _____ () C:\Users\Alex\AppData\Roaming\404-1.htm
2016-06-17 01:54 - 2016-06-17 01:54 - 0004365 _____ () C:\Users\Alex\AppData\Roaming\Adobe-CNS1-4
2016-06-17 01:54 - 2016-06-17 01:54 - 0002190 _____ () C:\Users\Alex\AppData\Roaming\annotation.css.xml
2016-06-17 01:54 - 2016-06-17 01:54 - 0000379 _____ () C:\Users\Alex\AppData\Roaming\AsapiLoggerConfig.xml
2016-06-17 01:53 - 2016-06-17 01:53 - 0000027 _____ () C:\Users\Alex\AppData\Roaming\AST4
2016-06-17 01:53 - 2016-06-17 01:53 - 0004205 _____ () C:\Users\Alex\AppData\Roaming\back.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0000430 _____ () C:\Users\Alex\AppData\Roaming\doc_to_epub.xsl
2016-06-17 01:53 - 2016-06-17 01:53 - 0002385 _____ () C:\Users\Alex\AppData\Roaming\dsfksvcsw2k.inf
2016-06-17 01:53 - 2016-06-17 01:53 - 0003749 _____ () C:\Users\Alex\AppData\Roaming\ExampleAWTViewer.java
2016-06-17 01:53 - 2016-06-17 01:53 - 0001194 _____ () C:\Users\Alex\AppData\Roaming\f39.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0001150 _____ () C:\Users\Alex\AppData\Roaming\fast_forward.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0003405 _____ () C:\Users\Alex\AppData\Roaming\finphon.env
2016-06-17 01:53 - 2016-06-17 01:53 - 0000935 _____ () C:\Users\Alex\AppData\Roaming\glossterm.width.xml
2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_fr.csv
2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_jp.csv
2016-06-17 01:52 - 2016-06-17 01:52 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\gray 423 bl soft.ADO
2013-11-13 03:00 - 2013-11-13 03:00 - 0049948 _____ () C:\Users\Alex\AppData\Roaming\Plangency.P
1989-01-27 03:00 - 1989-01-27 03:00 - 0003406 _____ () C:\Users\Alex\AppData\Roaming\Stereophony.t
2016-12-03 21:56 - 2016-12-03 21:56 - 0007605 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2016-12-20 23:03 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\Alex\AppData\Local\TroubleshooterConfig.json
2016-06-23 00:12 - 2016-06-23 00:12 - 0000003 _____ () C:\Users\Alex\AppData\Local\updater.log
2016-06-23 00:12 - 2016-08-06 21:17 - 0000424 _____ () C:\Users\Alex\AppData\Local\UserProducts.xml
2016-08-16 10:20 - 2016-08-16 10:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-10 12:03 - 2017-02-07 16:29 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-05 00:51
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Alex (administrator) on ALEXSPC (08-03-2017 16:20:12)
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Electronic Arts) D:\Program Files\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) D:\Program Files\Steam.exe
(Flux Software LLC) C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Corsair Components, Inc.) D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-26] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17305208 2016-12-08] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Steam] => D:\Program Files\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [3970112 2016-11-28] (GOG.com)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [f.lux] => C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Chromium] => "c:\users\alex\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-30] ()
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 173.244.211.97,8.8.8.8
Tcpip\..\Interfaces\{80fe19d2-3f40-431f-ba78-c6175d1cfaad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{999cdded-6345-4aba-ba99-46751f4637de}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:64550;https=127.0.0.1:64550
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: xzezvwlb.default
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default [2017-02-24]
FF Extension: (All Aboard) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\@all-aboard-v1 [2016-07-26]
FF Extension: (Notification Manager) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\{1ACA5BE8-BFF0-B122-637B-00976A61FF79} [2017-02-08] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-482574108-2876646391-2450146034-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_24_0_0_186.dll => No File
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]
CHR Extension: (BetterTTV) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-28]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-22]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-22]
CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-09]
CHR Extension: (uBlock Origin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-10]
CHR Extension: (8 Ball Pool Chat) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmamjkbajpfchgmmmjcffiaoilhnckei [2017-02-09]
CHR Extension: (OP.GG Summoner Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfnoddgekoeiljeaekobnchnedoipgpc [2016-11-25]
CHR Extension: (Google Play Music) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-03-01]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (KingsRoad) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2016-06-22]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-24]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-24]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-11] (Advanced Micro Devices) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-02-07] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [409128 2017-02-23] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284224 2016-11-28] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-17] (GOG.com)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [2121736 2017-01-24] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files\Origin\OriginWebHelperService.exe [2183696 2017-01-24] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2016-04-05] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmdag.sys [28762648 2017-01-27] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmpag.sys [530968 2017-01-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc.)
S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-08 16:17 - 2017-03-08 16:17 - 00004613 _____ C:\Users\Alex\Desktop\AdwCleaner[C0].txt
2017-03-08 16:08 - 2017-03-08 16:16 - 00000000 ____D C:\AdwCleaner
2017-03-08 16:08 - 2017-03-08 16:08 - 04031440 _____ C:\Users\Alex\Desktop\AdwCleaner.exe
2017-03-08 15:24 - 2017-03-08 15:24 - 00412660 _____ C:\WINDOWS\Minidump\030817-6031-01.dmp
2017-03-07 10:40 - 2017-03-07 10:40 - 00412692 _____ C:\WINDOWS\Minidump\030717-6000-01.dmp
2017-03-03 23:09 - 2017-03-03 23:09 - 00412484 _____ C:\WINDOWS\Minidump\030317-6015-01.dmp
2017-03-03 09:40 - 2017-03-08 16:17 - 00004414 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2017-03-02 23:39 - 2017-03-08 16:16 - 00003360 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2017-03-02 01:27 - 2017-03-02 01:27 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Mastfire Studios
2017-03-01 20:11 - 2017-03-03 09:40 - 00000000 ____D C:\Users\Alex\AppData\Local\Verto Analytics
2017-02-25 02:51 - 2017-02-25 02:51 - 00000537 _____ C:\Users\Public\Desktop\Overwatch Test.lnk
2017-02-25 02:51 - 2017-02-25 02:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-02-24 10:42 - 2017-02-24 10:45 - 00000688 _____ C:\Users\Alex\Desktop\JRT.txt
2017-02-24 10:37 - 2017-03-08 16:19 - 00000000 ____D C:\Users\Alex\Desktop\FRST-OlderVersion
2017-02-24 10:37 - 2017-02-24 10:37 - 00005840 _____ C:\Users\Alex\Desktop\Fixlog.txt
2017-02-24 02:59 - 2017-03-08 16:20 - 00021125 _____ C:\Users\Alex\Desktop\FRST.txt
2017-02-23 23:05 - 2017-03-08 16:19 - 02423808 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2017-02-23 22:58 - 2017-02-23 22:58 - 00356516 _____ C:\WINDOWS\Minidump\022317-6390-01.dmp
2017-02-22 21:19 - 2017-02-22 21:19 - 00001100 _____ C:\Users\Alex\Desktop\WinDirStat.lnk
2017-02-22 21:19 - 2017-02-22 21:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-02-22 21:19 - 2017-02-22 21:19 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2017-02-22 20:39 - 2017-02-22 20:39 - 00000044 _____ C:\Users\Alex\Documents\TS recovery key.txt
2017-02-22 20:38 - 2017-02-22 21:18 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2017-02-22 20:38 - 2017-02-22 20:38 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-02-22 20:38 - 2017-02-22 20:38 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3
2017-02-22 20:38 - 2017-02-22 20:38 - 00000000 ____D C:\Users\Alex\.TeamSpeak 3
2017-02-22 20:38 - 2017-02-22 20:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-17 23:56 - 2017-03-08 16:20 - 00000000 ____D C:\FRST
2017-02-17 23:54 - 2017-02-17 23:54 - 00543684 _____ C:\WINDOWS\Minidump\021717-6140-01.dmp
2017-02-15 17:07 - 2017-02-15 17:07 - 00543652 _____ C:\WINDOWS\Minidump\021517-8078-01.dmp
2017-02-15 01:38 - 2017-02-23 13:10 - 00000000 ____D C:\Users\Alex\AppData\Roaming\EasyAntiCheat
2017-02-15 01:38 - 2017-02-15 01:38 - 00000000 ____D C:\ProgramData\For Honor Data
2017-02-14 12:39 - 2017-02-14 12:40 - 00412612 _____ C:\WINDOWS\Minidump\021417-5984-01.dmp
2017-02-08 21:23 - 2017-02-08 21:23 - 00000000 ____D C:\Users\Alex\.Plays.tv
2017-02-08 00:26 - 2017-02-08 17:03 - 00000000 ____D C:\Users\Alex\AppData\Local\Oqdlics
2017-02-07 16:34 - 2017-02-07 16:34 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-02-07 16:34 - 2017-02-07 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-02-07 16:32 - 2017-02-07 16:32 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\AMD
2017-02-07 16:25 - 2017-02-07 16:28 - 34390000 _____ (AMD Inc.) C:\Users\Alex\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170130_64bit.exe
2017-02-07 16:19 - 2017-02-07 16:19 - 00412660 _____ C:\WINDOWS\Minidump\020717-5671-01.dmp
2017-02-07 00:25 - 2017-02-08 00:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Metal.Gear.Solid.V.The.Phantom.Pain-ALI213
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-08 16:18 - 2016-12-16 23:00 - 00000000 ____D C:\Users\Alex\AppData\Local\Personify
2017-03-08 16:16 - 2016-08-16 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 16:16 - 2016-08-16 10:20 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-03-08 16:16 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 16:15 - 2016-08-16 10:21 - 00000000 ____D C:\Users\Alex
2017-03-08 15:30 - 2016-08-16 10:21 - 02545600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 15:24 - 2016-08-24 22:38 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-08 15:24 - 2016-08-16 10:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 15:24 - 2016-06-22 22:57 - 1350516210 _____ C:\WINDOWS\MEMORY.DMP
2017-03-05 01:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-03 09:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-03 00:17 - 2016-07-27 13:02 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net
2017-03-03 00:17 - 2016-06-22 21:27 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-02 23:39 - 2016-06-27 10:34 - 00000000 ____D C:\Program Files (x86)\SmartApp
2017-03-02 23:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-01 20:39 - 2016-09-17 15:58 - 00000000 ____D C:\Users\Alex\AppData\Roaming\StardewValley
2017-03-01 20:37 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 17:39 - 2016-07-17 18:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BitTorrent
2017-02-28 23:50 - 2016-06-22 23:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-28 23:43 - 2016-07-11 20:48 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-28 13:26 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-27 00:50 - 2016-06-23 00:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Ubisoft Game Launcher
2017-02-27 00:23 - 2016-08-21 22:37 - 00575528 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-25 12:05 - 2016-06-22 23:09 - 00000000 ____D C:\Users\Alex\AppData\Local\Razer
2017-02-25 12:05 - 2016-06-22 23:00 - 00000000 ____D C:\ProgramData\Razer
2017-02-25 12:05 - 2016-06-22 22:59 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-24 10:39 - 2017-01-29 00:12 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-23 22:59 - 2016-06-23 00:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OBS
2017-02-23 13:10 - 2015-12-15 04:32 - 00000000 ____D C:\Users\Alex\Documents\My Games
2017-02-23 12:05 - 2016-08-21 22:37 - 00409128 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-02-23 11:32 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 11:31 - 2016-06-24 08:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 03:18 - 2016-06-24 08:46 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 01:52 - 2016-01-29 10:41 - 00000000 ____D C:\Users\Alex\Documents\Darkest
2017-02-20 21:24 - 2016-09-11 19:01 - 00000000 ____D C:\Users\Alex\AppData\Roaming\obs-studio
2017-02-20 12:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-20 12:08 - 2017-01-16 20:09 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2017-02-20 12:08 - 2016-07-09 18:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-20 12:03 - 2016-06-22 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2017-02-20 12:03 - 2016-06-22 21:35 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2017-02-20 11:53 - 2016-09-16 15:17 - 00000000 ____D C:\Users\Alex\.tmcbeans-installer
2017-02-20 11:42 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-20 11:42 - 2016-07-06 11:02 - 00000000 ____D C:\Users\Alex\AppData\Local\BlueStacks
2017-02-20 00:09 - 2016-06-27 10:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2017-02-19 20:22 - 2016-06-27 10:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-19 20:22 - 2016-06-27 10:46 - 00000000 ____D C:\ProgramData\Skype
2017-02-17 23:54 - 2016-10-21 22:30 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-17 23:54 - 2016-10-21 22:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 19:34 - 2016-10-21 22:30 - 00003964 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-14 12:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-14 01:18 - 2016-06-22 23:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-09 23:15 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-08 02:04 - 2016-08-19 00:10 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Launcher
2017-02-08 02:03 - 2016-08-19 00:14 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3
2017-02-07 16:32 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-07 16:32 - 2016-06-22 21:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-07 16:29 - 2017-01-10 12:03 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-02-07 16:28 - 2015-12-15 05:53 - 00000000 ____D C:\AMD
2017-02-07 00:35 - 2016-08-22 22:50 - 00000000 ____D C:\Users\Alex\Documents\CPY_SAVES
2017-02-06 20:23 - 2016-09-23 12:13 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:23 - 2016-09-23 12:13 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-06-17 01:54 - 2016-06-17 01:54 - 0000217 _____ () C:\Users\Alex\AppData\Roaming\10-unhinted.conf
2016-06-17 01:54 - 2016-06-17 01:54 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\159 dk orange bl 1.ADO
2016-06-17 01:54 - 2016-06-17 01:54 - 0000303 _____ () C:\Users\Alex\AppData\Roaming\3.png
2016-06-17 01:54 - 2016-06-17 01:54 - 0001283 _____ () C:\Users\Alex\AppData\Roaming\404-1.htm
2016-06-17 01:54 - 2016-06-17 01:54 - 0004365 _____ () C:\Users\Alex\AppData\Roaming\Adobe-CNS1-4
2016-06-17 01:54 - 2016-06-17 01:54 - 0002190 _____ () C:\Users\Alex\AppData\Roaming\annotation.css.xml
2016-06-17 01:54 - 2016-06-17 01:54 - 0000379 _____ () C:\Users\Alex\AppData\Roaming\AsapiLoggerConfig.xml
2016-06-17 01:53 - 2016-06-17 01:53 - 0000027 _____ () C:\Users\Alex\AppData\Roaming\AST4
2016-06-17 01:53 - 2016-06-17 01:53 - 0004205 _____ () C:\Users\Alex\AppData\Roaming\back.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0000430 _____ () C:\Users\Alex\AppData\Roaming\doc_to_epub.xsl
2016-06-17 01:53 - 2016-06-17 01:53 - 0002385 _____ () C:\Users\Alex\AppData\Roaming\dsfksvcsw2k.inf
2016-06-17 01:53 - 2016-06-17 01:53 - 0003749 _____ () C:\Users\Alex\AppData\Roaming\ExampleAWTViewer.java
2016-06-17 01:53 - 2016-06-17 01:53 - 0001194 _____ () C:\Users\Alex\AppData\Roaming\f39.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0001150 _____ () C:\Users\Alex\AppData\Roaming\fast_forward.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0003405 _____ () C:\Users\Alex\AppData\Roaming\finphon.env
2016-06-17 01:53 - 2016-06-17 01:53 - 0000935 _____ () C:\Users\Alex\AppData\Roaming\glossterm.width.xml
2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_fr.csv
2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_jp.csv
2016-06-17 01:52 - 2016-06-17 01:52 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\gray 423 bl soft.ADO
2013-11-13 03:00 - 2013-11-13 03:00 - 0049948 _____ () C:\Users\Alex\AppData\Roaming\Plangency.P
1989-01-27 03:00 - 1989-01-27 03:00 - 0003406 _____ () C:\Users\Alex\AppData\Roaming\Stereophony.t
2016-12-03 21:56 - 2016-12-03 21:56 - 0007605 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2016-12-20 23:03 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\Alex\AppData\Local\TroubleshooterConfig.json
2016-06-23 00:12 - 2016-06-23 00:12 - 0000003 _____ () C:\Users\Alex\AppData\Local\updater.log
2016-06-23 00:12 - 2016-08-06 21:17 - 0000424 _____ () C:\Users\Alex\AppData\Local\UserProducts.xml
2016-08-16 10:20 - 2016-08-16 10:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-10 12:03 - 2017-02-07 16:29 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-05 00:51
 
==================== End of FRST.txt ============================

  • 0

Advertisements

#17
agamer7809
Posted 08 March 2017 - 06:31 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

And last but not least the Fresh Addition log 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Alex (08-03-2017 16:21:54)
Running from C:\Users\Alex\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-16 15:27:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-482574108-2876646391-2450146034-500 - Administrator - Disabled)
Alex (S-1-5-21-482574108-2876646391-2450146034-1001 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-482574108-2876646391-2450146034-503 - Limited - Disabled)
Guest (S-1-5-21-482574108-2876646391-2450146034-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
ACP Application (Version: 2016.0811.0433.30 - Advanced Micro Devices, Inc.) Hidden
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Besiege (HKLM\...\Steam App 346010) (Version:  - Spiderling Studios)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
BitTorrent (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Flux) (Version:  - )
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)
For Honor (HKLM\...\Steam App 304390) (Version:  - Ubisoft Montreal)
ForHonorBETA (HKLM-x32\...\Uplay Install 2184) (Version:  - Ubisoft)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
GD Hardware Scan (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
League client alpha (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.1.87.0 - Logitech Europe S.A.)
Logitech Gaming Software 8.89 (HKLM\...\Logitech Gaming Software) (Version: 8.89.68 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Oh...Sir! The Insult Simulator (HKLM\...\Steam App 512250) (Version:  - Vile Monarch)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
Personify ChromaCam (remove only) (HKLM-x32\...\Personify ChromaCam) (Version: 1.1.8.8 - Personify, Inc.)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
SmartApp (HKLM-x32\...\{74C732EB-DE42-4EAD-985F-5C45837D0951}) (Version: 3.4.0 - SmartApp)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.1 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.3 - Electronic Arts, Inc.)
Tom Clancy's Ghost Recon Wildlands Open Beta (HKLM\...\Steam App 584210) (Version:  - Ubisoft Paris)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)
Unity Web Player (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-6) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\WinDirStat) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM 2 (HKLM\...\Steam App 268500) (Version:  - Firaxis)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-482574108-2876646391-2450146034-1001_Classes\CLSID\{722a84b3-a054-4606-be78-891dd9e35858}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {209783C5-01E2-4A4E-8496-5138EF147B34} - System32\Tasks\{72380271-88CC-44AF-8B13-3E63831FE6CA} => pcalua.exe -a "C:\Program Files (x86)\Bluestacks\BluestacksUninstaller.exe" -c :tmp
Task: {3F1ED06D-2A99-4C4C-8BD1-CF4A04AC6541} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2017-02-20] (Verto Analytics Inc.)
Task: {4F7E9507-DF71-47EA-8C33-6E04A8819370} - System32\Tasks\{48E24B94-D2FA-4A14-BC2B-C979A719A2B5} => pcalua.exe -a "d:\program files\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5
Task: {5DCC4201-0C7C-4870-9BCB-C8AA73B4687E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {634F0C50-C7FD-498F-A4A7-4913EA7E2A27} - System32\Tasks\{0AADCEBB-B6A9-43C6-A896-CE3BB8DF55B7} => pcalua.exe -a "d:\mygames\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/8
Task: {6FE1C419-5EA6-4508-86F2-7B3A8EB115E4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {72B52D9E-2EE2-4A54-ACBF-8D7A827C18DE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {76267BAC-3588-446B-A943-EF4D66902606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {7F1252E4-D377-4294-86FD-FEF4D310E766} - System32\Tasks\{17D16A22-F131-4CD9-BBED-207B24FE040B} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=prometheus --displayname="Overwatch"
Task: {A5CC2E01-13C4-4627-A72D-D5009A414849} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {E27A6E0A-28CA-4322-852E-4E9210EDA832} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {FBCD54B1-CC8F-4F83-83DC-0A3416CAC7E7} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-25] (Advanced Micro Devices, Inc.)
Task: {FCC3AE3C-B71F-4D98-9593-3C0F916C7C8E} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2017-02-20] (Verto Analytics Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-04 18:11 - 2015-11-04 18:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-14 14:22 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 14:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 14:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 14:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 20:09 - 2017-02-22 20:10 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 20:09 - 2017-02-22 20:10 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 20:09 - 2017-02-22 20:10 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:26 - 2017-02-06 20:26 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-12-08 15:47 - 2016-12-08 15:47 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-12-08 15:47 - 2016-12-08 15:47 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-01-01 08:59 - 2017-01-01 08:59 - 00336384 _____ () C:\Program Files\Rainmeter\Plugins\RunCommand.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00125952 _____ () C:\Program Files\Rainmeter\Plugins\WiFiStatus.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00136704 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00096256 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.DLL
2017-01-01 09:00 - 2017-01-01 09:00 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2016-11-04 14:23 - 2016-11-04 14:23 - 10618760 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyCameoUE.ax
2016-11-04 14:23 - 2016-11-04 14:23 - 19655560 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyApi.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 06355848 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\psyplatform.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 12881800 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\opencv_core310.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00106888 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_thread-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00025480 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_system-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00122248 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_filesystem-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00056712 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_date_time-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00034696 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_chrono-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00656776 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_log-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 38267784 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyML.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00447368 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_program_options-vc120-mt-1_56.dll
2017-02-06 20:23 - 2017-02-01 04:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 20:23 - 2017-02-01 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-01-24 13:55 - 2017-01-24 13:55 - 02493440 _____ () D:\Program Files\Origin\libGLESv2.dll
2017-01-19 23:59 - 2016-12-23 13:28 - 00657184 _____ () D:\Program Files\SDL2.dll
2016-10-16 16:11 - 2016-08-31 20:02 - 04969248 _____ () D:\Program Files\v8.dll
2017-01-19 23:59 - 2017-01-18 20:30 - 02327840 _____ () D:\Program Files\video.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 02549760 _____ () D:\Program Files\libavcodec-56.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00491008 _____ () D:\Program Files\libavformat-56.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00332800 _____ () D:\Program Files\libavresample-2.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00442880 _____ () D:\Program Files\libavutil-54.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00485888 _____ () D:\Program Files\libswscale-3.dll
2016-10-16 16:10 - 2016-08-31 20:02 - 01563936 _____ () D:\Program Files\icui18n.dll
2016-10-16 16:10 - 2016-08-31 20:02 - 01195296 _____ () D:\Program Files\icuuc.dll
2017-01-19 23:59 - 2017-01-18 20:30 - 00838432 _____ () D:\Program Files\bin\chromehtml.DLL
2016-10-16 16:10 - 2016-07-04 17:17 - 00266560 _____ () D:\Program Files\openvr_api.dll
2016-03-23 10:04 - 2016-03-23 10:04 - 00091136 _____ () D:\Program Files\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00224256 _____ () D:\Program Files\Corsair\Corsair Utility Engine\quazip.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00200704 _____ () D:\Program Files\Corsair\Corsair Utility Engine\lua52.dll
2017-01-19 23:59 - 2017-01-04 22:12 - 68813088 _____ () D:\Program Files\bin\cef\cef.win7\libcef.dll
2017-01-19 23:59 - 2017-01-18 20:30 - 00383776 _____ () D:\Program Files\steam.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Alex:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2016-08-13 16:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: UI0Detect => 3
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "GalaxyClient"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{42E3EEB5-0DB6-48A1-8012-9A6FDB4F9BF8}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D737D783-61ED-4F1E-8D5E-22CB810BF3C0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{2F69ADA4-3958-4DB3-B40B-84E4AC6D75B5}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{D2CBA2DC-445F-494C-BFAD-FADF34FC4364}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{053C4E66-0D41-4436-92BE-8DF3B77FFB4A}] => (Allow) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6736163C-73D3-4B51-A56A-6070F941AA29}] => (Allow) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{94F1EEE4-3D8E-40FA-BFAC-ED3FFD8F335F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F84F18D7-5DA0-4B2A-8D49-855912C4E397}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
25-02-2017 12:05:38 Removed Razer Synapse.
01-03-2017 17:05:14 Installed SmartApp
01-03-2017 20:10:15 Removed SmartApp
01-03-2017 20:11:00 Installed SmartApp
02-03-2017 23:39:48 Installed SmartApp
03-03-2017 00:18:57 Removed SmartApp
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2017 04:16:16 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/08/2017 04:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 56.0.2924.87, time stamp: 0x58916e12
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc000000d
Fault offset: 0x00000000000ff44c
Faulting process id: 0x163c
Faulting application start time: 0x01d2984a2966ef07
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c89ff51c-0561-4aef-b97b-f6df364608a7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/08/2017 03:24:39 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/07/2017 11:24:56 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/07/2017 03:32:58 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/07/2017 01:21:07 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/07/2017 10:47:19 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/07/2017 10:40:30 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/07/2017 12:17:20 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/06/2017 11:07:52 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (03/08/2017 04:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/08/2017 04:15:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/08/2017 04:14:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/08/2017 04:14:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/08/2017 04:14:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/08/2017 04:14:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Logitech Gaming Registry Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/08/2017 04:14:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ACP User Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/08/2017 04:14:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (03/08/2017 04:14:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/08/2017 04:04:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-10-14 05:58:33.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-14 05:58:33.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-13 22:57:46.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-13 22:57:46.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 18%
Total physical RAM: 16295.52 MB
Available physical RAM: 13288.86 MB
Total Virtual: 18727.52 MB
Available Virtual: 15297.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.44 GB) (Free:60.77 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:931.51 GB) (Free:109.22 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59C3683A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 59C36822)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

  • 0

#18
pystryker
Posted 08 March 2017 - 07:17 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,899 posts
Hello :)

The logs look good, only a couple things to tidy up, then we can scan for remnants. I have a quick question for you: Are you knowingly running a proxy on the machine? A proxy is basically a server that all your internet traffic goes through before getting to the web, and the traffic that comes to your machine goes through it first. If not, please let me know, and we'll continue. :thumbsup:
  • 0

#19
agamer7809
Posted 09 March 2017 - 12:47 AM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

To be honest I don't know if I have one active or not.  If I do for whatever reason, I do not remember turning it on.

To add onto this, and it might be an entirely different topic and if that is the case please let me know so I can post else where, but would this help my pc get back up to proper speed?  Over the past few days is has slowed down drastically and I am unsure as to why it would have done that.


Edited by agamer7809, 09 March 2017 - 12:48 AM.

  • 0

#20
pystryker
Posted 09 March 2017 - 04:37 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,899 posts
Hello :)
 

To be honest I don't know if I have one active or not. If I do for whatever reason, I do not remember turning it on.


Ok, thank you. We'll remove it in the next step.
 

To add onto this, and it might be an entirely different topic and if that is the case please let me know so I can post else where, but would this help my pc get back up to proper speed? Over the past few days is has slowed down drastically and I am unsure as to why it would have done that.


I can't say at the moment, as we're still in the process of removing malware related items. If the machine is still running slow when we're finished, we'll get the team in the Hardware forum to test the hardware to check it.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
RemoveProxy:
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Fresh FRST.txt Log

Fresh Addition.txt Log
  • 0

#21
agamer7809
Posted 09 March 2017 - 11:04 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
This is the Fresh addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Alex (09-03-2017 23:56:51)
Running from C:\Users\Alex\Desktop
Windows 10 Home Version 1607 (X64) (2017-03-09 20:22:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-482574108-2876646391-2450146034-500 - Administrator - Disabled)
Alex (S-1-5-21-482574108-2876646391-2450146034-1001 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-482574108-2876646391-2450146034-503 - Limited - Disabled)
Guest (S-1-5-21-482574108-2876646391-2450146034-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {47203CA8-846C-4E48-B451-F0FA667C2701} - System32\Tasks\Opera scheduled Autoupdate 1489120606 => C:\Program Files\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {4960D9A8-C35F-404D-9F29-7FF0F343F021} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
Task: {898DFD37-25BD-4ED3-83AE-C5B9F0011724} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => C:\WINDOWS\system32\ResetEngine.exe [2016-08-05] (Microsoft Corporation)
Task: {AB1C1676-5CAF-4BDE-954F-CC4E4C83AC62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-14 14:22 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 14:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 14:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 14:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-10 14:20 - 2016-12-21 01:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-03-09 23:36 - 2017-03-09 00:26 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\libglesv2.dll
2017-03-09 23:36 - 2017-03-09 00:26 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\libegl.dll
2016-11-21 17:19 - 2016-11-21 17:19 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2017-03-09 23:40 - 2017-03-09 23:40 - 01070080 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.452.0_x64__8wekyb3d8bbwe\TimeBackground.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-09 18:13 - 2017-03-09 18:12 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{698E5698-B489-4E97-BFC9-E1FB53B2E5D1}] => (Allow) C:\Program Files\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{4C312F8F-8389-4BC7-9233-6C4C70EBD73E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-03-2017 15:25:15 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
09-03-2017 15:25:24 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2017 11:50:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (03/09/2017 11:50:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/09/2017 11:38:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/09/2017 03:25:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.14393.0, time stamp: 0x57899ac7
Faulting module name: MSI9D43.tmp, version: 1.0.0.1, time stamp: 0x577b80e4
Exception code: 0xc0000005
Fault offset: 0x000000000000dd9d
Faulting process id: 0x12a4
Faulting application start time: 0x01d299134e458c3b
Faulting application path: C:\Windows\System32\MsiExec.exe
Faulting module path: C:\WINDOWS\Installer\MSI9D43.tmp
Report Id: 8c5a3438-2cbf-4830-b1d6-6c9fd7118edb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/09/2017 03:25:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/09/2017 03:25:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/09/2017 03:25:11 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Application or service 'AdaptiveSleepService' could not be restarted.
 
Error: (03/09/2017 03:25:11 PM) (Source: Adaptive Sleep Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/09/2017 03:21:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (03/09/2017 03:21:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).
 
 
System errors:
=============
Error: (03/09/2017 11:57:01 PM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
 
Error: (03/09/2017 11:55:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (03/09/2017 11:55:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (03/09/2017 11:54:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 11:53:52 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
 
Error: (03/09/2017 11:50:50 PM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (03/09/2017 11:50:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/09/2017 11:50:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2017 11:50:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2017 11:50:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-09 15:19:02.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-09 15:19:02.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 14%
Total physical RAM: 16295.52 MB
Available physical RAM: 13980.64 MB
Total Virtual: 19239.52 MB
Available Virtual: 16651.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.44 GB) (Free:149.04 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:931.51 GB) (Free:240.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:840.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59C3683A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 59C36822)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 57C62514)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#22
agamer7809
Posted 09 March 2017 - 11:04 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

This is the fresh FRST log 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Alex (administrator) on ALEXSPC (09-03-2017 23:56:30)
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7e90480e-480a-4353-8d09-eb0d03979a30}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-09] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-09]
CHR Extension: (BetterTTV) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-09]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-09]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-09]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-09]
CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-09]
CHR Extension: (uBlock Origin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (8 Ball Pool Chat) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmamjkbajpfchgmmmjcffiaoilhnckei [2017-03-09]
CHR Extension: (OP.GG Summoner Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfnoddgekoeiljeaekobnchnedoipgpc [2017-03-09]
CHR Extension: (Google Play Music) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-03-09]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-09]
CHR Extension: (KingsRoad) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2017-03-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-03-09]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09]
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
S3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [58144 2015-06-10] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47656 2015-06-10] (Logitech Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-04-24] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 23:53 - 2017-03-09 23:53 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2017-03-09 23:38 - 2017-03-09 23:38 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-09 23:38 - 2017-03-09 23:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-09 23:38 - 2017-03-09 23:33 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-09 23:37 - 2017-03-09 23:37 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-03-09 23:36 - 2017-03-09 23:44 - 00000000 ____D C:\Users\Alex\AppData\Local\Google
2017-03-09 23:36 - 2017-03-09 23:36 - 01191792 _____ (Opera Software) C:\Users\Alex\Downloads\OperaSetup.exe
2017-03-09 23:36 - 2017-03-09 23:36 - 01129376 _____ (Google Inc.) C:\Users\Alex\Downloads\ChromeSetup.exe
2017-03-09 23:36 - 2017-03-09 23:36 - 00003930 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1489120606
2017-03-09 23:36 - 2017-03-09 23:36 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-09 23:36 - 2017-03-09 23:36 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-09 23:36 - 2017-03-09 23:36 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 23:36 - 2017-03-09 23:36 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-09 23:36 - 2017-03-09 23:36 - 00001162 _____ C:\Users\Public\Desktop\Opera.lnk
2017-03-09 23:36 - 2017-03-09 23:36 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-09 23:36 - 2017-03-09 23:36 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Opera Software
2017-03-09 23:36 - 2017-03-09 23:36 - 00000000 ____D C:\Users\Alex\AppData\Local\Opera Software
2017-03-09 23:36 - 2017-03-09 23:36 - 00000000 ____D C:\Program Files\Opera
2017-03-09 23:36 - 2017-03-09 23:36 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-09 23:33 - 2017-03-09 23:34 - 00000000 ____D C:\Users\Alex\AppData\Local\MicrosoftEdge
2017-03-09 23:32 - 2017-03-09 23:43 - 00000000 ____D C:\Users\Alex\AppData\Local\PackageStaging
2017-03-09 18:16 - 2017-03-09 18:16 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-03-09 18:16 - 2017-03-09 18:16 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-03-09 18:16 - 2017-03-09 18:16 - 00000000 ____D C:\Windows.old
2017-03-09 18:16 - 2017-03-09 18:16 - 00000000 ____D C:\Program Files (x86)\Razer
2017-03-09 18:16 - 2017-03-09 15:22 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-09 18:16 - 2017-03-09 15:17 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\0409
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\Setup
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\OCR
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\Program Files\MSBuild
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-03-09 18:15 - 2017-03-09 18:15 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-09 18:14 - 2017-02-06 14:48 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-09 18:14 - 2017-02-06 14:48 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 18:13 - 2017-03-09 23:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 18:13 - 2017-03-09 23:52 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\Provisioning
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\INF
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-09 18:13 - 2017-03-09 23:52 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-09 18:13 - 2017-03-09 23:45 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 18:13 - 2017-03-09 18:16 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\SystemApps
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\Com
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\IME
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\WINDOWS\Help
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\Program Files\Common Files\System
2017-03-09 18:13 - 2017-03-09 18:15 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 __RSD C:\WINDOWS\Media
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Web
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Vss
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\tracing
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\TAPI
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SystemResources
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\ras
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\IME
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\ias
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\DDFs
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\System
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SKB
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\security
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\schemas
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\SchCache
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Resources
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\rescache
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Registration
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\PLA
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Performance
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\InputMethod
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Globalization
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Cursors
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\Branding
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\appcompat
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\addins
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\ProgramData\USOPrivate
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\ProgramData\Comms
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files\Windows NT
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files\Common Files\Services
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-03-09 18:13 - 2017-03-09 18:12 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-03-09 18:13 - 2017-03-09 18:12 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-03-09 18:13 - 2017-03-09 18:12 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-03-09 18:13 - 2017-03-09 18:12 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-03-09 18:13 - 2017-03-09 18:12 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-03-09 18:13 - 2017-03-09 18:12 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-03-09 18:13 - 2017-03-09 18:12 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-03-09 18:13 - 2017-03-09 18:12 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-03-09 18:13 - 2017-03-09 18:12 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-03-09 18:13 - 2017-03-09 18:12 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-03-09 18:13 - 2017-03-09 18:12 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-03-09 18:13 - 2017-03-09 18:12 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-03-09 18:13 - 2017-03-09 18:12 - 00000219 _____ C:\WINDOWS\system.ini
2017-03-09 18:13 - 2017-03-09 18:12 - 00000092 _____ C:\WINDOWS\win.ini
2017-03-09 18:13 - 2017-03-09 15:22 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-03-09 18:13 - 2017-03-09 15:21 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-09 18:13 - 2017-03-09 15:21 - 00000000 ____D C:\WINDOWS\system32\spool
2017-03-09 18:13 - 2017-03-09 15:21 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-03-09 18:13 - 2017-03-09 15:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-09 18:13 - 2017-03-09 15:18 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-09 18:13 - 2017-03-09 15:18 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-03-09 18:10 - 2017-03-09 23:52 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 18:10 - 2017-03-09 23:52 - 00000000 ____D C:\WINDOWS\servicing
2017-03-09 18:10 - 2017-03-09 23:38 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-09 18:10 - 2017-03-09 18:16 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-09 18:10 - 2017-03-09 18:13 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-03-09 18:10 - 2017-03-09 15:17 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-09 15:32 - 2017-03-09 23:34 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F3E06FFA-49C9-4D08-97C5-82290B18C47C}
2017-03-09 15:27 - 2017-03-09 15:27 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-09 15:27 - 2017-03-09 15:27 - 00000000 ____D C:\Users\Alex\AppData\Local\Comms
2017-03-09 15:26 - 2017-03-09 15:27 - 00002360 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-09 15:26 - 2017-03-09 15:26 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2017-03-09 15:26 - 2017-03-09 15:26 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-03-09 15:25 - 2017-03-09 23:48 - 00000000 ____D C:\Users\Alex\AppData\Local\Packages
2017-03-09 15:25 - 2017-03-09 23:34 - 00000000 ____D C:\Users\Alex\AppData\Local\ConnectedDevicesPlatform
2017-03-09 15:25 - 2017-03-09 15:26 - 00000000 ____D C:\Users\Alex\AppData\Local\AMD
2017-03-09 15:25 - 2017-03-09 15:25 - 00882678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 15:25 - 2017-03-09 15:25 - 00000020 ___SH C:\Users\Alex\ntuser.ini
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\Users\Alex\AppData\Local\VirtualStore
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\Users\Alex\AppData\Local\TileDataLayer
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\Users\Alex\AppData\Local\Publishers
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\Program Files\ATI Technologies
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\Program Files (x86)\AMD
2017-03-09 15:24 - 2017-03-09 15:24 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore
2017-03-09 15:22 - 2017-03-09 15:22 - 00025000 _____ C:\Users\Alex\Desktop\Removed Apps.html
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\Default User
2017-03-09 15:22 - 2017-03-09 15:22 - 00000000 _SHDL C:\Users\All Users
2017-03-09 15:21 - 2016-07-16 06:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-09 15:19 - 2017-03-09 23:54 - 00000000 ____D C:\Users\Alex
2017-03-09 15:19 - 2017-03-09 15:19 - 00000000 _SHDL C:\Users\Alex\My Documents
2017-03-09 15:19 - 2017-03-09 15:19 - 00000000 _SHDL C:\Users\Alex\Documents\My Videos
2017-03-09 15:19 - 2017-03-09 15:19 - 00000000 _SHDL C:\Users\Alex\Documents\My Pictures
2017-03-09 15:19 - 2017-03-09 15:19 - 00000000 _SHDL C:\Users\Alex\Documents\My Music
2017-03-09 15:18 - 2017-03-09 23:52 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-03-09 15:18 - 2017-03-09 15:18 - 00000000 ____D C:\ProgramData\USOShared
2017-03-09 15:18 - 2017-03-09 15:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-09 15:18 - 2017-03-09 15:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-03-09 15:17 - 2017-03-09 23:53 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-09 15:17 - 2017-03-09 23:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 15:17 - 2017-03-09 15:25 - 00000000 ____D C:\Program Files\AMD
2017-03-09 15:17 - 2017-03-09 15:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-03-09 15:17 - 2017-03-09 15:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-03-09 15:17 - 2017-03-09 15:17 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-03-09 15:17 - 2017-03-09 15:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-03-09 15:17 - 2017-03-09 15:17 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 15:17 - 2017-03-09 15:17 - 00000000 ____D C:\Program Files\Realtek
2017-03-09 14:53 - 2017-03-09 18:16 - 00000000 ___HD C:\$SysReset
2017-03-09 14:15 - 2017-03-09 14:15 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\BitTorrent
2017-03-09 00:38 - 2017-03-09 00:38 - 00000000 ____D C:\Users\Alex\Downloads\Intel Components
2017-03-09 00:36 - 2017-03-09 00:36 - 09937576 _____ (Intel) C:\Users\Alex\Desktop\Intel Driver Update Utility Installer.exe
2017-03-09 00:33 - 2017-03-09 00:34 - 214899516 _____ C:\Users\Alex\Desktop\win64_154028.4501.zip
2017-03-09 00:25 - 2017-03-09 00:25 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\AMD
2017-03-08 23:59 - 2017-03-08 23:59 - 35000000 _____ (AMD Inc.) C:\Users\Alex\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170228_64bit.exe
2017-03-08 16:25 - 2017-03-08 16:25 - 00049838 _____ C:\Users\Alex\Desktop\FreshAddition.txt
2017-03-08 16:25 - 2017-03-08 16:25 - 00035185 _____ C:\Users\Alex\Desktop\FreshFRST.txt
2017-03-08 16:21 - 2017-03-08 16:23 - 00049835 _____ C:\Users\Alex\Desktop\Addition.txt
2017-03-08 16:17 - 2017-03-08 16:17 - 00004613 _____ C:\Users\Alex\Desktop\AdwCleaner[C0].txt
2017-03-08 16:08 - 2017-03-08 16:16 - 00000000 ____D C:\AdwCleaner
2017-03-08 16:08 - 2017-03-08 16:08 - 04031440 _____ C:\Users\Alex\Desktop\AdwCleaner.exe
2017-03-02 01:27 - 2017-03-02 01:27 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Mastfire Studios
2017-02-25 02:51 - 2017-02-25 02:51 - 00000537 _____ C:\Users\Public\Desktop\Overwatch Test.lnk
2017-02-24 10:42 - 2017-02-24 10:45 - 00000688 _____ C:\Users\Alex\Desktop\JRT.txt
2017-02-24 10:37 - 2017-03-09 23:50 - 00004023 _____ C:\Users\Alex\Desktop\Fixlog.txt
2017-02-24 02:59 - 2017-03-09 23:56 - 00013617 _____ C:\Users\Alex\Desktop\FRST.txt
2017-02-23 23:05 - 2017-03-08 16:19 - 02423808 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2017-02-22 20:39 - 2017-02-22 20:39 - 00000044 _____ C:\Users\Alex\Documents\TS recovery key.txt
2017-02-22 20:38 - 2017-02-22 20:38 - 00000000 ____D C:\Users\Alex\.TeamSpeak 3
2017-02-17 23:56 - 2017-03-09 23:56 - 00000000 ____D C:\FRST
2017-02-08 21:23 - 2017-02-08 21:23 - 00000000 ____D C:\Users\Alex\.Plays.tv
2017-02-07 16:25 - 2017-02-07 16:28 - 34390000 _____ (AMD Inc.) C:\Users\Alex\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170130_64bit.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 23:54 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-09 18:12 - 2016-07-16 01:04 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-03-09 18:11 - 2016-07-16 01:04 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-03-09 15:27 - 2015-12-15 05:42 - 00000000 ___RD C:\Users\Alex\OneDrive
2017-03-09 15:24 - 2015-12-15 05:53 - 00000000 ____D C:\AMD
2017-03-09 14:05 - 2015-12-15 09:32 - 00000000 ____D C:\Games
2017-02-23 13:10 - 2015-12-15 04:32 - 00000000 ____D C:\Users\Alex\Documents\My Games
2017-02-22 01:52 - 2016-01-29 10:41 - 00000000 ____D C:\Users\Alex\Documents\Darkest
2017-02-20 11:53 - 2016-09-16 15:17 - 00000000 ____D C:\Users\Alex\.tmcbeans-installer
2017-02-07 00:35 - 2016-08-22 22:50 - 00000000 ____D C:\Users\Alex\Documents\CPY_SAVES
 
==================== Files in the root of some directories =======
 
2017-03-09 15:17 - 2017-03-09 15:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-09 15:17
 
==================== End of FRST.txt ============================

  • 0

#23
pystryker
Posted 10 March 2017 - 04:34 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,899 posts
Hello :)

Please post the fixlog.txt log on your Desktop for my review. :thumbsup:
  • 0

#24
agamer7809
Posted 10 March 2017 - 01:57 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Oops! Thought I had done that, anyway here it is!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Alex (09-03-2017 23:50:33) Run:2
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
RemoveProxy:
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
 
========= RemoveProxy: =========
 
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11650884 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1564485 B
Edge => 11894554 B
Chrome => 43491337 B
Firefox => 0 B
Opera => 17091655 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9322 B
Alex => 99909049 B
 
RecycleBin => 0 B
EmptyTemp: => 177.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:50:46 ====

  • 0

#25
pystryker
Posted 10 March 2017 - 05:30 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,899 posts
Hello :)
 

Oops! Thought I had done that, anyway here it is!


No worries, :). The log looks good, so let's run some scans for remnants and check for out of date programs. :thumbsup:



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Please note: If you already have Malwarebytes Anti-Malware installed, do not download it again. Skip to the next line.
  • Download Malwarebytes Anti-Malware by clicking here.
  • Start the program and select Update
  • Once it has updated select Settings > Detection and Protection
  • Tick Scan for rootkits
MBAMsettings_zpsb6b9ada0.jpg
  • Go back to the Dashboard and select Scan Now
mbam21-console_zpslhr5hawa.jpg
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg
  • On completion of the scan (or after the reboot), start MBAM,
  • Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.
  • Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.
Step 2: Emisoft Emergency Kit
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
Egla2gt_zps9rvyqyyd.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
IgfWDr3_zpsnumgwse6.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Step 3: Security Check
  • Please download Security Check by screen317 to your Desktop by clicking here.
  • Once downloaded, double click the program and follow the prompts.
  • Once finished, the program will produce a log called checkup.txt
  • Please post that log in your next reply.
Things I need to see in your next post:
  • MBAM Log
  • Emisoft Emergency Kit Log
  • SecurityCheck Log

  • 0

Advertisements

#26
agamer7809
Posted 12 March 2017 - 09:46 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here is the checkup log 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (57.0.2987.98) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 mbamtray.exe    
 Windows Defender MSASCuiL.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0

#27
agamer7809
Posted 12 March 2017 - 09:47 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

This is the MBAM log 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/12/17
Scan Time: 11:25 PM
Logfile: MBAM.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1488
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: ALEXSPC\Alex
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275744
Time Elapsed: 1 min, 53 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.Reimage, HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Delete-on-Reboot, [1324], [327203],1.0.1488
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Reimage, C:\USERS\ALEX\APPDATA\LOCAL\TEMP\REIMAGE.LOG, Delete-on-Reboot, [1324], [334717],1.0.1488
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#28
agamer7809
Posted 12 March 2017 - 09:50 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

And this is actually the EEK log, which shows absolutely nothing even though I am in the right tab.

http://prntscr.com/ej93no Sorrt it is a link, there was nothing to export and this was the next best thing.


  • 0

#29
pystryker
Posted 13 March 2017 - 05:30 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,899 posts
Hello :)

Sorrt it is a link, there was nothing to export and this was the next best thing.


No worries on the link. The logs look great, and no programs need updating. :thumbsup: How is the machine running?
  • 0

#30
agamer7809
Posted 13 March 2017 - 07:44 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

The machine is running great! I have not had the error message pop up at all over the past few days, although I did have to do a fresh install of windows because my machine was running insanely slow.  


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP