Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! MBAMSwissArmy.sys missing


  • Please log in to reply

#1
yewest77899

yewest77899

    Member

  • Member
  • PipPip
  • 13 posts
Please Help! i dont know what to do! I already installed farbar recovery tool and i got the FRSt.txt
  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,525 posts
Hi yewest77899,

Welcome to GeeksToGo! :)

Could you please copy and paste the FRST.txt log into your next reply for my viewing pleasure? If you have the Addition.txt log, please post that as well. If your system is Windows 10, the logs are pretty long, so if you like, go ahead and copy/paste each log in separate replies.

Thank you,
Donna :)
  • 0

#3
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi yewest77899,

Welcome to GeeksToGo! :)

Could you please copy and paste the FRST.txt log into your next reply for my viewing pleasure? If you have the Addition.txt log, please post that as well. If your system is Windows 10, the logs are pretty long, so if you like, go ahead and copy/paste each log in separate replies.

Thank you,
Donna :)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by SYSTEM on MININT-KG50Q9D (13-05-2017 21:36:03)
Running from f:\
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-01-19] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3366616 2016-11-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [705208 2016-08-29] ()
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [PWRISOVM.EXE] => D:\Program Files\PowerISO\PWRISOVM.EXE [455816 2017-02-02] (Power Software Ltd)
Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2017-03-30]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 AntiRansom; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom.exe [693720 2016-07-19] (AO Kaspersky Lab)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-04-19] (Byte Technologies LLC)
S2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [431088 2016-10-20] (Intel Corporation)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [144088 2016-11-15] (ELAN Microelectronics Corp.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-01-19] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-10-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-04-05] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-04-15] (Rivet Networks)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-12-27] (Micro-Star INT'L CO., LTD.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-05-01] ()
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-03-20] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
S2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe --s [X]
S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 automap; C:\Windows\system32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [135800 2016-03-23] (Rivet Networks, LLC.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31816 2016-11-15] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [736000 2016-12-12] (Intel Corporation)
S3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
S3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
S1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [413008 2016-06-28] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012048 2016-06-26] (AO Kaspersky Lab)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
S1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [126864 2016-06-02] (AO Kaspersky Lab)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-05-13] () <==== ATTENTION (zero byte File/Folder)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
S3 nhi; C:\Windows\system32\DRIVERS\tbt81x.sys [127040 2016-10-20] (Intel Corporation)
S3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\Dragon Center\NTIOLib_X64.sys [13776 2016-12-27] (MSI)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvnUsbAudio; C:\Windows\system32\DRIVERS\nvnusbaudio.sys [54000 2015-06-10] (Novation DMS Ltd.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [28344 2016-10-20] (Windows ® Win 7 DDK provider)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [416472 2016-10-20] (Realsil Semiconductor Corporation)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
S3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-05] (SteelSeries ApS)
S3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2016-09-21] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-13 21:17 - 2017-05-13 21:22 - 00000000 ____D C:\FRST
2017-05-13 20:50 - 2017-05-13 20:50 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-05-12 10:42 - 2017-05-12 12:10 - 00000000 ____D C:\Users\Bryan\Documents\Studio One
2017-05-11 21:12 - 2017-05-11 21:12 - 00000000 ____D C:\Users\Bryan\Desktop\hours
2017-05-09 20:06 - 2017-05-10 13:13 - 00000181 _____ C:\Users\Bryan\Desktop\dsf.txt
2017-05-09 15:20 - 2017-05-09 15:20 - 00574613 _____ C:\Users\Bryan\Desktop\thatdwegs.flp
2017-05-08 18:43 - 2017-05-08 18:43 - 00296754 _____ C:\Users\Bryan\Desktop\ssss.flp
2017-05-02 13:03 - 2017-05-08 16:57 - 01183983 _____ C:\Users\Bryan\Desktop\dreaming.flp
2017-05-01 19:42 - 2017-05-01 19:42 - 00003530 _____ C:\Windows\System32\Tasks\ByteFence Scan
2017-05-01 19:19 - 2017-05-01 19:19 - 00000000 __HDC C:\ProgramData\{1CD12762-BF1D-4B74-954B-7F3A9F0CDE9E}
2017-05-01 19:18 - 2017-05-01 19:18 - 00000000 __HDC C:\ProgramData\{7FFC8429-59AA-4310-831D-BDA0FDF42089}
2017-05-01 19:14 - 2017-05-01 19:14 - 00000000 __HDC C:\ProgramData\{46016C81-6B2A-48A6-9AD7-5E4749FFDC18}
2017-05-01 19:11 - 2017-05-01 19:11 - 00000000 __HDC C:\ProgramData\{41B21E75-5B57-4865-83FF-351E7F437BB0}
2017-05-01 19:06 - 2017-05-01 19:06 - 00000000 __HDC C:\ProgramData\{087E1953-389C-4129-84BB-41E86CBEDF56}
2017-05-01 19:02 - 2017-05-01 19:03 - 00000000 __HDC C:\ProgramData\{68B5E2B9-11B5-4D26-BD32-61F322FA4B1D}
2017-05-01 19:00 - 2017-05-01 19:00 - 00000000 __HDC C:\ProgramData\{B219DF15-4D19-412B-8C2C-CA83D4B20892}
2017-05-01 18:56 - 2017-05-01 18:56 - 00000000 __HDC C:\ProgramData\{F62BC84F-664B-45B9-9612-E2C212FB8558}
2017-05-01 18:51 - 2017-05-01 18:51 - 00000000 __HDC C:\ProgramData\{32B3C432-4EE3-49AA-8B84-092817BAAC6D}
2017-05-01 18:50 - 2017-05-01 18:50 - 00000000 ____D C:\ProgramData\ByteFence
2017-05-01 18:48 - 2017-05-01 18:48 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\PPC-software
2017-05-01 18:43 - 2017-05-01 18:43 - 00000000 __HDC C:\ProgramData\{1A87B1C0-895A-4081-B186-D1CDD2346CEB}
2017-05-01 18:40 - 2017-05-13 13:50 - 00000000 ____D C:\Program Files\ByteFence
2017-05-01 18:40 - 2017-05-01 18:49 - 00000000 ____D C:\Users\Bryan\Documents\PPC-software
2017-05-01 18:40 - 2017-05-01 18:40 - 00003404 _____ C:\Windows\System32\Tasks\ByteFence
2017-05-01 18:40 - 2017-05-01 18:40 - 00000731 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-04-30 22:41 - 2017-04-28 00:00 - 05461581 _____ (Noise Makers ) C:\Users\Bryan\Desktop\Setup Binauralizer v1.4.0.exe
2017-04-19 12:57 - 2017-04-19 12:57 - 00000818 _____ C:\Users\Bryan\Documents\Creative Cloud Files - Shortcut.lnk
2017-04-18 16:41 - 2017-04-18 16:41 - 00000016 ____H C:\Users\Bryan\Desktop\untitled.nfo
2017-04-13 09:22 - 2017-04-13 09:22 - 00000000 ____D C:\Users\Bryan\AppData\Local\UNP
2017-04-13 08:21 - 2017-04-13 08:22 - 00000000 ____D C:\Program Files\UNP
2017-04-13 08:21 - 2017-04-13 08:21 - 00000000 ____D C:\Windows\System32\UNP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2064-01-01 17:02 - 2016-12-07 21:45 - 00000258 __RSH C:\Users\Bryan\ntuser.pol
2064-01-01 17:00 - 2017-03-14 16:57 - 00000000 ____D C:\ProgramData\eLicenser
2017-05-13 20:50 - 2016-12-10 10:44 - 00000000 ____D C:\ProgramData\PACE
2017-05-13 20:50 - 2016-12-07 16:55 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-13 20:50 - 2016-10-21 14:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-13 20:50 - 2016-08-02 09:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-13 14:02 - 2017-01-23 11:02 - 00000000 ____D C:\Users\Bryan\AppData\Local\Adobe
2017-05-13 14:02 - 2016-12-07 16:55 - 00000000 ____D C:\users\Bryan
2017-05-13 13:57 - 2016-12-07 17:27 - 00000000 ____D C:\Users\Bryan\AppData\Local\CrashDumps
2017-05-13 13:49 - 2016-12-07 16:55 - 00000000 __SHD C:\Users\Bryan\IntelGraphicsProfiles
2017-05-13 13:49 - 2016-10-21 14:15 - 00000000 ____D C:\Program Files (x86)\MSI
2017-05-13 01:13 - 2016-07-15 22:04 - 00524288 _____ C:\Windows\System32\config\BBI
2017-05-12 23:06 - 2016-08-02 09:51 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-05-12 12:51 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-05-12 11:58 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-05-12 11:51 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-05-12 09:56 - 2016-12-20 14:22 - 00000000 ____D C:\Program Files\Steinberg
2017-05-12 09:54 - 2016-12-07 16:55 - 00000000 ____D C:\Users\Bryan\AppData\Local\Packages
2017-05-12 09:54 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-12 09:50 - 2016-08-02 12:26 - 01679494 _____ C:\Windows\System32\prfh0404.dat
2017-05-12 09:50 - 2016-08-02 12:26 - 00508218 _____ C:\Windows\System32\prfc0404.dat
2017-05-12 09:50 - 2016-08-02 12:22 - 01689486 _____ C:\Windows\System32\prfh0804.dat
2017-05-12 09:50 - 2016-08-02 12:22 - 00512514 _____ C:\Windows\System32\prfc0804.dat
2017-05-12 09:50 - 2016-08-02 12:15 - 01981590 _____ C:\Windows\System32\prfh0416.dat
2017-05-12 09:50 - 2016-08-02 12:15 - 00523636 _____ C:\Windows\System32\prfc0416.dat
2017-05-12 09:50 - 2016-08-02 12:12 - 02019226 _____ C:\Windows\System32\perfh013.dat
2017-05-12 09:50 - 2016-08-02 12:12 - 00534174 _____ C:\Windows\System32\perfc013.dat
2017-05-12 09:50 - 2016-08-02 12:09 - 01753736 _____ C:\Windows\System32\perfh012.dat
2017-05-12 09:50 - 2016-08-02 12:09 - 00513658 _____ C:\Windows\System32\perfc012.dat
2017-05-12 09:50 - 2016-08-02 12:05 - 01744394 _____ C:\Windows\System32\perfh011.dat
2017-05-12 09:50 - 2016-08-02 12:05 - 00515608 _____ C:\Windows\System32\perfc011.dat
2017-05-12 09:50 - 2016-08-02 12:02 - 02017470 _____ C:\Windows\System32\perfh00C.dat
2017-05-12 09:50 - 2016-08-02 12:02 - 00528096 _____ C:\Windows\System32\perfc00C.dat
2017-05-12 09:50 - 2016-08-02 12:00 - 02011674 _____ C:\Windows\System32\perfh00A.dat
2017-05-12 09:50 - 2016-08-02 12:00 - 00532148 _____ C:\Windows\System32\perfc00A.dat
2017-05-12 09:50 - 2016-08-02 11:57 - 01971566 _____ C:\Windows\System32\perfh007.dat
2017-05-12 09:50 - 2016-08-02 11:57 - 00528638 _____ C:\Windows\System32\perfc007.dat
2017-05-12 09:50 - 2016-08-02 09:57 - 24640214 _____ C:\Windows\System32\PerfStringBackup.INI
2017-05-10 14:16 - 2016-12-07 18:25 - 00000000 ____D C:\Users\Bryan\AppData\Local\Spectrasonics
2017-05-10 11:40 - 2016-12-07 22:09 - 00000000 ____D C:\Windows\System32\MRT
2017-05-10 11:38 - 2016-12-07 22:09 - 156335152 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-05-08 15:05 - 2016-12-07 20:04 - 00000000 ____D C:\Users\Bryan\Documents\Native Instruments
2017-05-05 11:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\appraiser
2017-05-02 17:07 - 2016-12-07 20:23 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Azureus
2017-05-01 19:19 - 2016-12-07 20:01 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-05-01 19:16 - 2016-12-07 20:01 - 00000000 ____D C:\Program Files\Native Instruments
2017-04-30 20:32 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Audio Ease
2017-04-30 20:31 - 2016-12-07 18:51 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2017-04-29 22:49 - 2016-10-21 14:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-04-29 14:22 - 2016-12-29 16:47 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 14:22 - 2016-12-29 16:47 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 16:59 - 2016-12-14 16:55 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-28 16:59 - 2016-12-14 16:55 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-26 23:00 - 2017-03-14 16:58 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Steinberg
2017-04-25 14:21 - 2017-03-25 11:00 - 00000000 ____D C:\Users\Bryan\AppData\Local\ElevatedDiagnostics
2017-04-23 18:52 - 2017-01-28 01:55 - 00000000 ____D C:\ProgramData\Wondershare
2017-04-23 18:52 - 2017-01-28 01:55 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-04-23 18:41 - 2016-12-18 18:05 - 00000000 ____D C:\Users\Bryan\AppData\Local\JDownloader v2.0
2017-04-20 13:51 - 2016-12-18 17:42 - 00000000 ____D C:\Windows\Minidump
2017-04-19 10:12 - 2016-12-09 23:29 - 00003266 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-19 10:12 - 2016-12-07 17:01 - 00000000 ___RD C:\Users\Bryan\OneDrive
2017-04-18 12:18 - 2016-12-07 23:43 - 00000000 ____D C:\Users\Bryan\Desktop\KeyFinder-WIN
2017-04-18 12:06 - 2016-12-18 17:54 - 00000000 ____D C:\ProgramData\TEMP
2017-04-14 14:36 - 2016-10-21 14:15 - 00000000 ____D C:\ProgramData\MSI
2017-04-14 12:05 - 2017-03-24 22:16 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys
Files to move or delete:
====================
C:\ProgramData\@000001.dat

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe
[2017-01-12 11:50] - [2016-12-13 20:24] - 0673792 _____ (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE
C:\Windows\System32\wininit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 _____ (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70
C:\Windows\explorer.exe
[2017-03-15 04:03] - [2017-03-03 23:03] - 4674360 _____ (Microsoft Corporation) F2D58A2E27C2CD486F8F0A123A3F34C3
C:\Windows\SysWOW64\explorer.exe
[2017-03-15 04:04] - [2017-03-03 22:46] - 4312248 _____ (Microsoft Corporation) 805E293E2A440F7464B10D58988818F2
C:\Windows\System32\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 _____ (Microsoft Corporation) 36F670D89040709013F6A460176767EC
C:\Windows\SysWOW64\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 _____ (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B
C:\Windows\System32\services.exe
[2016-12-10 09:58] - [2016-11-11 01:51] - 0454592 _____ (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31
C:\Windows\System32\User32.dll
[2016-12-14 09:06] - [2016-12-09 02:10] - 1461200 _____ (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26
C:\Windows\SysWOW64\User32.dll
[2016-12-14 09:06] - [2016-12-09 01:52] - 1435896 _____ (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B
C:\Windows\System32\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69
C:\Windows\SysWOW64\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B
C:\Windows\System32\rpcss.dll
[2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 _____ (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6
C:\Windows\System32\dnsapi.dll
[2017-03-15 04:03] - [2017-03-03 23:24] - 0646688 _____ (Microsoft Corporation) 2813C62F5BE7FAF0A1C5CC37E5C2F25D
C:\Windows\SysWOW64\dnsapi.dll
[2017-03-15 04:04] - [2017-03-03 23:09] - 0497416 _____ (Microsoft Corporation) AA86DC342B4ED1C1F839C3BC8AEA64B1
C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 _____ (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230

==================== Association (Whitelisted) =============

==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 5%
Total physical RAM: 16269.29 MB
Available physical RAM: 15309.5 MB
Total Virtual: 16269.29 MB
Available Virtual: 15353.27 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:117.94 GB) (Free:0 GB) NTFS
Drive d: (Data) (Fixed) (Total:914.25 GB) (Free:585.56 GB) NTFS
Drive e: (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.57 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:902.05 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B3A39DC2)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B3A39D9C)
Partition: GPT.
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: E6116896)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
LastRegBack: 2017-05-09 20:49
==================== End of FRST.txt ============================

 

 

 

 

 

 

Thank you so much and I only have the FRST.txt I don't know how to get the additional.txt log


  • 0

#4
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,525 posts

Thank you so much and I only have the FRST.txt I don't know how to get the additional.txt log


You're welcome, yewest77899 :) No big deal about the Addition.txt log. I totally forgot this driver usually prevents the computer from booting into normal mode.

Download the attached fixlist1 file below;

>> Attached File  fixlist1.txt   218bytes   131 downloads <<

Save it in the same location FRST64 is saved.
  • Start FRST64
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.


Attempt to boot in Normal Mode.
  • 0

#5
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by SYSTEM (14-05-2017 11:58:36) Run:1
Running from F:\
Boot Mode: Recovery
==============================================
fixlist content:
*****************
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-05-13] () <==== ATTENTION (zero byte File/Folder)
*****************
C:\Windows\System32\GroupPolicy\Machine => moved successfully
C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\System32\GroupPolicy\User => moved successfully
HKLM\System\ControlSet001\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
==== End of Fixlog 11:58:36 ====

 

and is working but my computer is kinda slow.. btw thank you so much


  • 0

#6
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,525 posts

and is working but my computer is kinda slow.. btw thank you so much


Excellent, and you're welcome. :) Yes, we still have some work to do here so stay with me till I give you the all clear.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Next:
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Next:

Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Make sure that FRST is on the desktop of the infected system
  • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#7
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

 

and is working but my computer is kinda slow.. btw thank you so much


Excellent, and you're welcome. :) Yes, we still have some work to do here so stay with me till I give you the all clear.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Next:
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window? window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)}); h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)}); var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f; if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c= 0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})(); pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=6741a1a08f0c6c3fcf7c5b351dbfab56&app=forums&module=ajax§ion=topics&do=quote&t=367854&p=2597942&md5check=8c2c9b24da8c9c57ebd179e07a150cb1&isRte=1,mKmPV3o1Px,true,true,Szm62O_zzXQ');//]]></script> iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Next:

Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Make sure that FRST is on the desktop of the infected system
  • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

&&0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Bryan (14-05-2017 21:42:16)
Running from C:\Users\Bryan\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-08 00:55:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-146548888-33923456-274662428-500 - Administrator - Disabled)
Bryan (S-1-5-21-146548888-33923456-274662428-1001 - Administrator - Enabled) => C:\Users\Bryan
DefaultAccount (S-1-5-21-146548888-33923456-274662428-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-146548888-33923456-274662428-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-146548888-33923456-274662428-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AAS - Ultra Analog VA-2 (HKLM-x32\...\Ultra Analog VA-2) (Version:  - Applied Acoustics Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Altiverb 7 Uninstaller (HKLM\...\{367662CA-394A-4095-9549-973FC3807B9B}_is1) (Version: 7.2 - Audio Ease BV)
AmpliTube 4 version 4.0.1 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.1 - IK Multimedia)
AnalogX TapTempo (HKLM-x32\...\AnalogX TapTempo) (Version:  - AnalogX)
Antresol 1.0.1 (32bit) (HKLM-x32\...\{BF5FBA8C-EA7D-4B79-9F91-C427A4B7A7ED}) (Version: 1.0.1.0 - D16 Group Audio Software)
Antresol 1.0.1 (64bit) (HKLM\...\{83F568D3-C952-4584-AA5E-5E5EDBF0A9EC}) (Version: 1.0.1.0 - D16 Group Audio Software)
ApoDispatchConfigurator (Version: 2.3.401 - Nahimic) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.8.7.7 (HKLM\...\ARIA Engine_is1) (Version: v1.8.7.7 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AudioLaunchpadConfigurator (Version: 2.3.401 - Nahimic) Hidden
Automap ReWire 1.0 (HKLM-x32\...\Automap Universal ReWire_is1) (Version: 4.10 - Focusrite Audio Engineering Ltd.)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.18.170105 - )
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application)
BurnRecovery (x32 Version: 5.0.1608.1201 - Application) Hidden
Cableguys PanCake 2.2.1 (HKLM\...\PanCake_is1) (Version: 2.2.1 - Cableguys)
Cableguys ShaperBox 1.0 (HKLM\...\ShaperBox_is1) (Version: 1.0 - Cableguys)
Camel Audio CamelCrusher (HKLM-x32\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
CheckDevicesConfigurator (Version: 2.3.401 - Nahimic) Hidden
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
D16 Group Repeater (HKLM\...\Repeater_is1) (Version: 1.0.0 - D16 Group)
Decimort 2 (32bit) (HKLM-x32\...\{13FFD819-E40F-45D7-AC65-A1A14CE67AD0}) (Version: 2.0.0.0 - D16 Group Audio Software)
Decimort 2 (64bit) (HKLM\...\{FA721E72-3DAE-41E1-BAF2-168902FF0D51}) (Version: 2.0.0.0 - D16 Group Audio Software)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1701.1101 - Micro-Star International Co., Ltd.)
Dragon Center (x32 Version: 1.2.1701.1101 - Micro-Star International Co., Ltd.) Hidden
DrMS v4.0 VST/RTAS for Windows 64-bit (HKLM-x32\...\{0682EFA0-82CA-48AF-AFDB-5073EAFEA699}_is1) (Version:  - Mathew Lane)
EarTest for Windows ver. 1.12 (HKLM-x32\...\EarTest for Windows ver. 1.12_is1) (Version:  - )
ELAN Touchpad 15.13.5.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.5.2 - ELAN Microelectronic Corp.)
Electra2 full (HKLM\...\Tone2 Electra2 full_is1) (Version: 2.1.0 - Tone2)
ElectraX full (HKLM-x32\...\Tone2 ElectraX full_is1) (Version:  - Tone2)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.5.1203 - Steinberg Media Technologies GmbH)
FabFilter Total Bundle (64-bit) (HKLM-x32\...\FabFilter Total Bundle (64-bit)) (Version:  - )
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2016.11.10 - FabFilter)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
FXpansion Strobe2 (HKLM-x32\...\FXpansion Strobe2) (Version: 2.0.0.3 - FXpansion Audio UK Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GrindMachine version 1.0.4 (HKLM\...\GrindMachine_is1) (Version: 1.0.4 - )
Harmony Engine Evo VST (HKLM-x32\...\{8CC3E646-468B-4B96-B13C-AC99FFDD1844}) (Version: 3.0.2.1 - Antares Audio Technologies)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.)
Help Desk (x32 Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.) Hidden
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Infected Mushroom - Manipulator version 0.904 (HKLM\...\{25772CF9-4EEE-4D1A-9FE7-29A4B91B3422}_is1) (Version: 0.904 - Polyverse Music, Inc.)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.5.1192 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.4.1046 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® Wireless Bluetooth® (HKLM-x32\...\{601DFCAC-FCC1-4779-9095-D69D82904A5A}) (Version: 18.1.1607.3129 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy)
iZotope Iris 2 (HKLM-x32\...\iZotope Iris 2_is1) (Version: 2.01 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.02 - iZotope, Inc.)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.)
iZotope VocalSynth (HKLM-x32\...\VocalSynth 1.0) (Version: 1.0 - iZotope, Inc.)
Kaspersky Anti-Ransomware Tool for Business (HKU\S-1-5-21-146548888-33923456-274662428-1001\...\{0F30C04E-E20E-4A5D-95AE-BF041D6CF673}) (Version: 1.1.24.0 - Kaspersky Lab)
Kaspersky Anti-Ransomware Tool for Business (x32 Version: 1.1.24.0 - Kaspersky Lab) Hidden
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Bandwidth Control Filter Driver (Version: 1.1.59.1128 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.59.1128 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.59.1128 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.59.1128 - Rivet Networks)
KORG Legacy Collection - WAVESTATION (HKLM-x32\...\{AAF7FB79-9E9F-4BC8-B858-E66AAEABDA3B}) (Version: 1.7.0 - KORG Inc.)
LauncherSetup (Version: 2.3.401 - Nahimic) Hidden
Longcat H3D Binaural Spatializer VST v1.0.0 (HKLM-x32\...\Longcat H3D Binaural Spatializer VST v1.0.0_is1) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM-x32\...\MX.{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH)
MAGIX Photo Manager 16 (Version: 12.0.0.26 - MAGIX Software GmbH) Hidden
Microsoft OneDrive (HKU\S-1-5-21-146548888-33923456-274662428-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 (HKLM-x32\...\{c08f0f33-d922-410b-b674-281f192d4052}) (Version: 2.3.4 - Nahimic)
Nahimic2UISetup (Version: 2.3.401 - Nahimic) Hidden
NahimicSettingsConfigurator (Version: 2.3.401 - Nahimic) Hidden
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments B4 II (HKLM-x32\...\Native Instruments B4 II) (Version:  - )
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.5.254 - Native Instruments)
Native Instruments Driver (HKLM-x32\...\Native Instruments Driver) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Enhanced EQ (HKLM-x32\...\Native Instruments Enhanced EQ) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Flesh (HKLM-x32\...\Native Instruments Flesh) (Version: 1.0.0.2 - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.0.1498 - Native Instruments)
Native Instruments Form (HKLM-x32\...\Native Instruments Form) (Version: 1.0.0.7 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.0.46 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.1.637 - Native Instruments)
Native Instruments Molekular (HKLM-x32\...\Native Instruments Molekular) (Version: 1.0.0.2 - Native Instruments)
Native Instruments Passive EQ (HKLM-x32\...\Native Instruments Passive EQ) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Polyplex (HKLM-x32\...\Native Instruments Polyplex) (Version: 1.0.0.5 - Native Instruments)
Native Instruments RC 24 (HKLM-x32\...\Native Instruments RC 24) (Version: 1.1.1.427 - Native Instruments)
Native Instruments RC 48 (HKLM-x32\...\Native Instruments RC 48) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.0.0.1501 - Native Instruments)
Native Instruments Reaktor 6 Bundle (HKLM-x32\...\Native Instruments Reaktor 6 Bundle) (Version: 6.0.0.0 - Native Instruments)
Native Instruments Replika XT (HKLM-x32\...\Native Instruments Replika XT) (Version: 1.0.3.50 - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version:  - Native Instruments)
Native Instruments Rounds (HKLM-x32\...\Native Instruments Rounds) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Supercharger GT (HKLM-x32\...\Native Instruments Supercharger GT) (Version: 1.1.3.450 - Native Instruments)
Native Instruments Transient Master FX (HKLM-x32\...\Native Instruments Transient Master FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Vari Comp (HKLM-x32\...\Native Instruments Vari Comp) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 160 FX (HKLM-x32\...\Native Instruments VC 160 FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 2A FX (HKLM-x32\...\Native Instruments VC 2A FX) (Version: 1.1.1.427 - Native Instruments)
Neutron Advanced (HKLM-x32\...\Neutron Advanced 1.0) (Version: 1.0 - iZotope, Inc.)
Noise Makers Binauralizer (HKLM\...\Binauralizer_is1) (Version: 1.4.0 - Noise Makers)
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.6.0.12 - Symantec Corporation) Hidden
Novation USB Audio Driver 2.7 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.7 - Novation DMS Ltd.)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version:  - )
PACE License Support Win64 (HKLM-x32\...\InstallShield_{83E92696-D92D-4c7e-B094-0BE853B191FE}) (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Plogue chipcrusher v1.877 (HKLM\...\__ARIA_1015___is1) (Version: v1.877 - Plogue)
PreSonus Studio One 3 x64 (HKLM\...\PreSonus Studio One 3) (Version: 3.0.2.34331 - PreSonus Audio Electronics)
ProductDaemonSetup (Version: 2.3.401 - Nahimic) Hidden
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.)
ReFX Nexus 2.3.4 Update (HKLM-x32\...\{1BB0C126-7F97-4438-B9CD-8954660474CD}) (Version: 2.3.4 - MAX Team)
ReFX Nexus 2.3.4 USB-eLicenser Emulator (HKLM-x32\...\{B1F5E26D-F22E-4DE4-994E-50F51BB3327F}) (Version: 2.3.4 - MAX Team)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
Saurus v2.0 (HKLM\...\Tone2 Saurus_is1) (Version: 2.0.0 - Tone2)
Saurus v2.0 (HKLM-x32\...\Tone2 Saurus_is1) (Version: 2.0.0 - Tone2)
SCM (HKLM\...\{4D36BF08-839B-47C5-BEDF-79D54ED8D14B}) (Version: 13.016.08191 - Application)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Sigmund 1.0.0 (32bit) (HKLM-x32\...\{31899731-802D-4EEB-9964-09A74C0AFA6F}) (Version: 1.0.0.0 - D16 Group Audio Software)
Sigmund 1.0.0 (64bit) (HKLM\...\{15A0FDBC-EC1A-4963-B74C-011EEF20F649}) (Version: 1.0.0.0 - D16 Group Audio Software)
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Sizing Options (x32 Version: 3.0.1607.2201 - Application) Hidden
SonicMapperConfigurator (Version: 2.3.401 - Nahimic) Hidden
Splice Windows Client (HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Splice) (Version: 1.2.28 - Splice)
SteelSeries Engine 3.8.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.1 - SteelSeries ApS)
Steinberg Generic Lower Latency ASIO Driver 64bit (HKLM\...\{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}) (Version: 1.0.10 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Streaming Audio Recorder V4.1.4 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 4.1.4 - APOWERSOFT LIMITED)
Sugar Bytes Looperator 1.0 (HKLM\...\Looperator_is1) (Version: 1.0 - Sugar Bytes)
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Sylenth1 version 2.2.1 (HKLM-x32\...\{149CBB8A-19FE-4574-99BE-657926BBE08B}_is1) (Version: 2.2.1 - Lennar Digital)
Thunderbolt™ Software (HKLM-x32\...\{BE0D4095-95CC-43FD-82E5-25562BCD5892}) (Version: 16.1.45.250 - Intel Corporation)
Trapcode Suite v13.1.1 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.1.1 - Red Giant, LLC)
UIInstallUpgrade (Version: 2.3.401 - Nahimic) Hidden
Unity Web Player (HKU\S-1-5-21-146548888-33923456-274662428-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics (HKLM\...\Slate Digital VerbSuite Classics_is1) (Version: 1.0.3.2 - Slate Digital)
Video Converter Assist 2.0 (HKLM-x32\...\Video Converter Assist_is1) (Version:  - Top Password Software, Inc.)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VocALign Pro 4 VST (HKLM-x32\...\{EB77C666-B349-4046-8BD3-E4941119E1EF}) (Version: 4.00.0000 - Synchro Arts Ltd)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
Wave Arts Power Suite (HKLM-x32\...\PowerSuite) (Version:  - )
Wave Arts Power Suite (HKLM-x32\...\Wave Arts Power Suite) (Version:  - )
Wave Arts Power Suite 64 (HKLM\...\Wave Arts Power Suite 64) (Version:  - )
Waves Central V1.0.3.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}) (Version: 1.0.4 - Waves)
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.11.22 - Waves)
WIDI Recognition System Pro 3.32 (remove only) (HKLM-x32\...\WIDI Recognition System Pro 3.32) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinHTTrack Website Copier 3.48-22 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Xfer Serum 1.07b3 (HKLM\...\Xfer Serum_is1) (Version:  - )
Xpand!2 (HKLM-x32\...\{dadbcc76-2a7e-4f53-a77a-3868c51bdd80}) (Version: 2.2.7.19000 - AIR Music Tech GmbH)
Xpand!2 Content (x32 Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 Factory Content (x32 Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST32 (x32 Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST64 (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-146548888-33923456-274662428-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-627B281D406E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-146548888-33923456-274662428-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {059FF7AB-7591-485B-A55F-4E2DAC6E3231} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2016-08-29] ()
Task: {089585AE-7C9A-404E-906A-C9AE4B06DAA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-29] (Google Inc.)
Task: {0AE0CDE4-5270-46AD-A480-33EA504C0371} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 
Task: {0AF659AE-1A4A-4654-90DF-88002438BB8C} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-03-27] (Adobe Systems Incorporated)
Task: {1DA42007-090F-4755-B3E3-D02023054648} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {3B6AF13A-297B-43E6-8EAE-A81A8DC012AA} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe 
Task: {3D3574C8-5FF1-4040-AF0A-95E05D16A2D2} - System32\Tasks\{A1F5C4F4-7751-414B-BC3B-719CDC929234} => pcalua.exe -a "D:\D16 Group Sigmund v1.0.0 WIN R2R-iPirateU\ReFX Nexus 2 Pack VSTi, Presets, Expansions and Skins\ReFX Nexus v2.2-AiR WiN\ReFX.Nexus.v2.2.VSTi.RTAS.DVDR-AiRISO\Autorun.exe" -d "D:\D16 Group Sigmund v1.0.0 WIN R2R-iPirateU\ReFX Nexus 2 Pack VSTi, Presets, Expansions and Skins\ReFX Nexus v2.2-AiR (the data entry has 43 more characters).
Task: {3E4EDE40-E0CE-4FED-82AE-EEB9458D3DAC} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {409E9E8F-8992-424D-9977-C4BFDAAC932E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe 
Task: {4785FF56-24E0-4ECC-B9B1-D00E378C122A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {54A636AD-45F1-4C88-9EC5-C8D1FB9752C9} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-09-05] (Micro-Star International Co., Ltd.)
Task: {660A9ACF-67E1-48A9-B6F0-1D656B65D469} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe 
Task: {72CCB14D-70CC-4243-8141-6E06D2B5569F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-29] (Google Inc.)
Task: {7A3082A4-15C2-4D81-A067-C2C1D3F3D986} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {7D0062EC-F291-44BB-87AC-EE5336AABF8D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {8059C3F8-2ED9-4177-82CD-5357D34223B8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {8444A484-DA17-4527-9C6E-4640DEC0CA50} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2016-08-29] ()
Task: {900B9AA5-5423-4902-B9F9-5E5802BAD6ED} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {929174FF-7A37-41C8-AA54-611CF3A59FBC} - System32\Tasks\Microsoft\Windows\PLA\CPU => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "CPU" "$(Arg0)"
Task: {B61B03D6-9F10-4450-A831-047C2FA43729} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.6.0.12\\Ara.exe [2015-07-10] (Symantec Corporation)
Task: {CB6C3908-88C4-424B-B412-88460DE4AAEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {CC70F5E9-9F82-4318-932A-B9221DBE213A} - System32\Tasks\{EAD45B37-BD74-4B14-9C7E-0AE3FB969A89} => pcalua.exe -a "D:\Program Files (x86)\DAP\DAPREMOVE.EXE"
Task: {CCDCACE1-08FD-4164-A3FC-93CAB827657F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe 
Task: {D306987F-0950-4E40-BA75-19424E7C10D4} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-01-11] (Micro-Star International Co., Ltd.)
Task: {D84BD183-BD50-44CB-A5AE-4D47D81A66BD} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2016-08-29] ()
Task: {DAEDF731-090E-4BBA-A58B-832F9DC4CE05} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {DBF291AF-BDA8-4D72-9A07-E6E2EBBF30B5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {E29D9D88-EB9C-4CEF-A4A9-B157505C4DA3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {E3983428-168B-4023-8EBE-4A56FA15A0B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {FD0F8F72-FEAE-474D-847E-3831C28FA787} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-04-12 11:27 - 2017-03-27 22:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-02 08:42 - 2017-02-23 10:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-02 08:42 - 2017-02-23 10:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-21 14:06 - 2016-12-29 05:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-12 11:27 - 2017-03-27 22:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-29 16:04 - 2016-08-29 16:04 - 00216760 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-08-29 16:04 - 2016-08-29 16:04 - 00289464 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-10-20 22:24 - 2016-10-20 22:24 - 00384496 _____ () C:\Windows\system32\igfxTray.exe
2016-12-07 21:58 - 2016-09-06 20:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 04:02 - 2017-03-03 22:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 04:03 - 2017-03-03 22:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 04:03 - 2017-03-03 22:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 04:03 - 2017-03-03 22:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 11:27 - 2017-03-27 21:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-12 11:27 - 2017-03-27 21:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 11:27 - 2017-03-27 21:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-27 18:58 - 2016-10-27 18:58 - 00018712 _____ () C:\Program Files (x86)\MSI\Dragon Center\GInf.dll
2016-08-29 16:01 - 2016-08-29 16:01 - 00705208 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-08-29 16:01 - 2016-08-29 16:01 - 02040504 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-08-29 16:04 - 2016-08-29 16:04 - 00512184 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-05-14 21:18 - 2017-05-09 01:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-14 21:18 - 2017-05-09 01:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-01-02 08:42 - 2017-02-23 10:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-02 08:42 - 2017-02-23 10:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-02 08:42 - 2017-02-23 10:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-29 15:59 - 2016-08-29 15:59 - 00187576 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-08-29 15:57 - 2016-08-29 15:57 - 00262328 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2017-03-14 08:31 - 2017-03-14 08:31 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-28 01:56 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-01-28 01:56 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-01-02 08:42 - 2017-02-23 10:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-02 08:42 - 2017-02-23 06:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-01-02 08:42 - 2017-02-23 06:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-01-02 08:42 - 2017-02-23 06:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-01-02 08:42 - 2017-02-23 06:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-01-02 08:42 - 2017-02-23 06:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-01-02 08:42 - 2017-02-23 06:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-03-14 08:29 - 2017-03-14 08:29 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-02-23 18:13 - 2017-02-23 18:13 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-04-05 20:15 - 2016-04-05 20:15 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:66ECC62E06F77B56 [217]
AlternateDataStreams: C:\Users\All Users:66ECC62E06F77B56 [217]
AlternateDataStreams: C:\ProgramData\Application Data:66ECC62E06F77B56 [217]
AlternateDataStreams: C:\ProgramData\PACE:2121B49848C51B7A [217]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
AlternateDataStreams: C:\ProgramData\TEMP:7FAE3E0D [131]
AlternateDataStreams: C:\Users\Bryan\Cookies:fmoneKdkQwBl9XGQ [2246]
AlternateDataStreams: C:\Users\Bryan\Cookies:OCCbwZYCKlRGnqPWLzksqaqaOyHJW [1930]
AlternateDataStreams: C:\Users\Bryan\Cookies:Q1JWYeZSjKF98ilRgIWOcqRJcR [2272]
AlternateDataStreams: C:\Users\Bryan\AppData\Local\vGTeXqCKERv:iYwe7QaIXP9DK6wGabCo9aApmxr [2700]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-02-06 15:03 - 2017-05-14 21:12 - 00002078 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 userarea.d16.pl
0.0.0.0 serius.mwbsys.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
There are 5 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-146548888-33923456-274662428-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CCAE931E-703B-418C-A3D7-682D89FAA17F}] => (Allow) D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{E2271F0B-62F4-4695-9D20-5A898B045732}] => (Allow) D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{70F073FB-4040-4F4B-8A99-A0C8544834C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00B4529D-0C22-448D-9D53-5B76911816CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DBFE459E-5282-4B33-8621-9D1599D90525}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19E0BCBE-1CA3-43DA-A6DE-ABF8DC7B22B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{65C40C5E-4CEF-4995-A877-BB7DE1A2C2B2}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [UDP Query User{6C591C52-4CF2-40D9-9B5E-C3516269A997}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [TCP Query User{2B6309C1-E08A-492F-9217-A35772885459}D:\program files (x86)\image-line\fl studio 12\fl.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [UDP Query User{C9E847CE-EE04-4171-9043-6B3B442BDCC0}D:\program files (x86)\image-line\fl studio 12\fl.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [{01F7E741-821A-474A-ABCD-B1112B5E3C3C}] => (Allow) d:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{348B63DD-341D-40DF-AB3D-1C5E85BD3238}] => (Allow) d:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{52FFC53E-B964-4BD3-B1DA-B6ACCFE37007}] => (Allow) d:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{4C452DFC-33CB-4F7C-A5CD-1EEDD67E19E0}] => (Allow) d:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [TCP Query User{1C5309F4-7971-4174-BF10-B98047BFF9E7}D:\program files (x86)\image-line\fl studio 12\fl64.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\fl64.exe
FirewallRules: [UDP Query User{A9A79F8B-D60E-4EDF-9842-D66DF873228D}D:\program files (x86)\image-line\fl studio 12\fl64.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\fl64.exe
FirewallRules: [{30D0D3DE-D1F7-40DA-A150-71F59BAD7343}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{99099469-4B40-4119-BF6F-21C512080D95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B7F6BE66-B245-4E80-A8FE-51A4DD14C9FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D19F0034-10C3-453D-BB63-6D3BB40A502D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BACA8F57-B39B-4B4C-BA88-2FF953AD0961}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5C14D26-14DA-40C7-8558-83CCB805FAF2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{3DECB1B6-D442-49D6-9511-A2A225C344E6}D:\program files\adobe premiere pro cc 2015.3\adobe premiere pro.exe] => (Allow) D:\program files\adobe premiere pro cc 2015.3\adobe premiere pro.exe
FirewallRules: [UDP Query User{2C4CD0D8-E6EA-40AD-95B6-49F49587C24E}D:\program files\adobe premiere pro cc 2015.3\adobe premiere pro.exe] => (Allow) D:\program files\adobe premiere pro cc 2015.3\adobe premiere pro.exe
FirewallRules: [TCP Query User{BBD34226-4FB5-479F-A913-ADD8700EBE3C}D:\program files\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) D:\program files\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [UDP Query User{A3396417-C126-4F3E-8237-EF44A6C6550D}D:\program files\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) D:\program files\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [TCP Query User{F4F55C07-CD22-4152-8779-3BA0555C64F0}C:\program files\adobe\adobe media encoder cc 2017\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cc 2017\adobe media encoder.exe
FirewallRules: [UDP Query User{A7AC4074-0DD3-4F76-AAD9-239E8E1C3CDE}C:\program files\adobe\adobe media encoder cc 2017\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cc 2017\adobe media encoder.exe
FirewallRules: [TCP Query User{C45383E8-4C0F-4599-A38C-12D4D677E0FD}D:\program files\adobe premiere pro cs6\adobe premiere pro.exe] => (Allow) D:\program files\adobe premiere pro cs6\adobe premiere pro.exe
FirewallRules: [UDP Query User{72387BE0-3401-4DC1-9CDF-062520A5EC9B}D:\program files\adobe premiere pro cs6\adobe premiere pro.exe] => (Allow) D:\program files\adobe premiere pro cs6\adobe premiere pro.exe
FirewallRules: [{44B2886E-69FC-4CCB-991A-52AFA9802539}] => (Allow) C:\Users\Bryan\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [TCP Query User{E690C2D5-51F2-485A-B366-5749E9FA5754}D:\program files\presonus\studio one 3\studio one.exe] => (Allow) D:\program files\presonus\studio one 3\studio one.exe
FirewallRules: [UDP Query User{2D538D57-1460-4576-A5F3-CE75E3F27496}D:\program files\presonus\studio one 3\studio one.exe] => (Allow) D:\program files\presonus\studio one 3\studio one.exe
FirewallRules: [TCP Query User{7A5E2F7D-D50E-4913-85A1-37D7E598711A}D:\program files (x86)\presonus\studio one 3\studio one.exe] => (Allow) D:\program files (x86)\presonus\studio one 3\studio one.exe
FirewallRules: [UDP Query User{F00F14B0-328A-4338-9463-130D55C377AF}D:\program files (x86)\presonus\studio one 3\studio one.exe] => (Allow) D:\program files (x86)\presonus\studio one 3\studio one.exe
FirewallRules: [TCP Query User{EA203A4E-E1B5-4F45-A3EB-E6394D392687}D:\program files (x86)\image-line\fl studio 12\fl (compatible memory).exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\fl (compatible memory).exe
FirewallRules: [UDP Query User{5AFCB31A-F31B-4241-9AE3-FD25B507DB5C}D:\program files (x86)\image-line\fl studio 12\fl (compatible memory).exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\fl (compatible memory).exe
FirewallRules: [{4B46E16D-FA33-4C87-9C78-B6EF30ED899A}] => (Block) D:\program files (x86)\image-line\fl studio 12\fl (compatible memory).exe
FirewallRules: [{B4322444-8E55-42EF-AF21-A87A6B027A34}] => (Block) D:\program files (x86)\image-line\fl studio 12\fl (compatible memory).exe
FirewallRules: [{AA6159CF-1D1A-47C9-AADF-D636F2400196}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{EE613409-EFAE-46DA-AFB4-1C7E27478460}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{AC761C95-8354-40C3-8B2B-9692C335F99E}D:\program files (x86)\novation\automap\automapserver.exe] => (Allow) D:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [UDP Query User{902107BE-DB58-4514-8319-97D22AEC0F20}D:\program files (x86)\novation\automap\automapserver.exe] => (Allow) D:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [TCP Query User{EB94E37E-ABB5-45EA-AD5F-63CC0F0C8DF0}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{79080474-77B8-4F4F-93AE-82ECB73C883A}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{326439BA-FDBE-41DC-B903-C8C5565A9BE6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{1A4128B5-2B86-483C-904A-6EF453E506A0}C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe
FirewallRules: [UDP Query User{AF539FAA-CAD0-4E3F-9594-4EC371589157}C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe
FirewallRules: [{80EFCC9F-D479-4577-B5F2-F2A02817563C}] => (Block) C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe
FirewallRules: [{2693ECE5-4D77-4682-AC2F-FA8E4FD91860}] => (Block) C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe
FirewallRules: [TCP Query User{01E42FFD-7490-4BD2-8A8B-03B0B1DB3C3E}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe
FirewallRules: [UDP Query User{26479C6D-DA75-48C9-B77D-C743D56FCD90}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe
FirewallRules: [{425CE0DF-F402-4ADF-B325-81E063D357B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/14/2017 09:37:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/14/2017 09:36:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0xa40
Faulting application start time: 0x01d2cd3d37c2fcec
Faulting application path: C:\Windows\system32\IntelCpHDCPSvc.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: f14f6017-8e48-4a52-8c3e-2681a9416078
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2017 09:18:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/14/2017 09:18:33 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/14/2017 09:18:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/14/2017 09:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x974
Faulting application start time: 0x01d2cd39e386b65f
Faulting application path: C:\Windows\system32\IntelCpHDCPSvc.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 8d8bf999-c5f7-4d58-89f1-7e956ce8ca0d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2017 12:29:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: MSI)
Description: Product: Kaspersky Anti-Ransomware Tool for Business -- EULA not agreed.
 
Error: (05/14/2017 12:25:52 PM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (1176) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1092).
 
 
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
Error: (05/14/2017 12:23:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/14/2017 12:22:06 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/14/2017 09:37:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/14/2017 09:36:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Content Protection HDCP Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/14/2017 09:36:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (05/14/2017 09:36:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (05/14/2017 09:36:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (05/14/2017 09:35:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/14/2017 09:33:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (05/14/2017 09:33:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the NVIDIA LocalSystem Container service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (05/14/2017 09:33:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/14/2017 09:33:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdobeUpdateService service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-05-14 21:19:21.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-14 21:19:21.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-14 21:19:21.016
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-14 21:19:21.013
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-14 12:22:05.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-14 12:22:05.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-14 12:12:07.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-13 10:44:35.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-12 15:33:02.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-12 09:53:09.152
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16269.29 MB
Available physical RAM: 12362.77 MB
Total Virtual: 18701.29 MB
Available Virtual: 14964.33 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:117.94 GB) (Free:0.2 GB) NTFS
Drive d: (Data) (Fixed) (Total:914.25 GB) (Free:585.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B3A39DC2)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B3A39D9C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#8
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by Bryan (administrator) on MSI (14-05-2017 21:41:08)
Running from C:\Users\Bryan\Desktop
Loaded Profiles: Bryan (Available Profiles: defaultuser0 & Bryan)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom_gui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-01-19] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3366616 2016-11-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [705208 2016-08-29] ()
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [51475f32] => C:\Users\Bryan\AppData\Roaming\Microsoft\ntwsys.exe
HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [DownloadAccelerator] => "D:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [Chromium] => c:\users\bryan\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-10-21]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-21]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2017-03-30]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b4c9a913-a931-49d0-aec0-d18d08af985d}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-146548888-33923456-274662428-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-146548888-33923456-274662428-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 55657064\extensions\{[email protected]} => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - d:\Program Files (x86)\DAP\daplinkchecker => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-17] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-146548888-33923456-274662428-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default [2017-05-14]
CHR Extension: (Google Slides) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-29]
CHR Extension: (Google Docs) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-29]
CHR Extension: (Google Drive) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-29]
CHR Extension: (YouTube) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-29]
CHR Extension: (Google Sheets) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-29]
CHR Extension: (Google Docs Offline) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-29]
CHR Extension: (Chrome Media Router) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AntiRansom; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom.exe [693720 2016-07-19] (AO Kaspersky Lab)
S2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [431088 2016-10-20] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144088 2016-11-15] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-01-19] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-10-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-04-05] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-04-15] (Rivet Networks)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-12-27] (Micro-Star INT'L CO., LTD.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-03-20] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 automap; C:\Windows\system32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [135800 2016-03-23] (Rivet Networks, LLC.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31816 2016-11-15] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [736000 2016-12-12] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [413008 2016-06-28] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012048 2016-06-26] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [126864 2016-06-02] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
S3 nhi; C:\Windows\system32\DRIVERS\tbt81x.sys [127040 2016-10-20] (Intel Corporation)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\Dragon Center\NTIOLib_X64.sys [13776 2016-12-27] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvnUsbAudio; C:\Windows\system32\DRIVERS\nvnusbaudio.sys [54000 2015-06-10] (Novation DMS Ltd.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [28344 2016-10-20] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [416472 2016-10-20] (Realsil Semiconductor Corporation)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-05] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2016-09-21] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-14 21:41 - 2017-05-14 21:41 - 00023251 _____ C:\Users\Bryan\Desktop\FRST.txt
2017-05-14 21:38 - 2017-05-14 21:38 - 00018487 _____ C:\Users\Bryan\Desktop\AdwCleaner[C0].txt
2017-05-14 21:28 - 2017-05-14 21:35 - 00000000 ____D C:\AdwCleaner
2017-05-14 21:27 - 2017-05-14 21:40 - 02429952 _____ (Farbar) C:\Users\Bryan\Desktop\FRST64.exe
2017-05-14 21:27 - 2017-05-14 21:28 - 04102600 _____ C:\Users\Bryan\Desktop\adwcleaner_6.046.exe
2017-05-14 21:25 - 2017-05-14 21:25 - 00001716 _____ C:\Users\Bryan\Desktop\JRT.txt
2017-05-14 21:18 - 2017-05-14 21:37 - 00000000 ___RD C:\Users\Bryan\Creative Cloud Files
2017-05-14 21:18 - 2017-05-14 21:18 - 00001233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-05-14 21:18 - 2017-05-14 21:18 - 00001221 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-05-14 12:20 - 2017-05-14 12:26 - 00003272 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
2017-05-13 21:17 - 2017-05-14 21:41 - 00000000 ____D C:\FRST
2017-05-12 10:42 - 2017-05-12 12:10 - 00000000 ____D C:\Users\Bryan\Documents\Studio One
2017-05-11 21:12 - 2017-05-11 21:12 - 00000000 ____D C:\Users\Bryan\Desktop\hours
2017-05-09 20:06 - 2017-05-10 13:13 - 00000181 _____ C:\Users\Bryan\Desktop\dsf.txt
2017-05-09 15:20 - 2017-05-09 15:20 - 00574613 _____ C:\Users\Bryan\Desktop\thatdwegs.flp
2017-05-08 18:43 - 2017-05-08 18:43 - 00296754 _____ C:\Users\Bryan\Desktop\ssss.flp
2017-05-02 13:03 - 2017-05-08 16:57 - 01183983 _____ C:\Users\Bryan\Desktop\dreaming.flp
2017-05-01 19:19 - 2017-05-01 19:19 - 00000000 __HDC C:\ProgramData\{1CD12762-BF1D-4B74-954B-7F3A9F0CDE9E}
2017-05-01 19:18 - 2017-05-01 19:18 - 00000000 __HDC C:\ProgramData\{7FFC8429-59AA-4310-831D-BDA0FDF42089}
2017-05-01 19:14 - 2017-05-01 19:14 - 00000000 __HDC C:\ProgramData\{46016C81-6B2A-48A6-9AD7-5E4749FFDC18}
2017-05-01 19:11 - 2017-05-01 19:11 - 00000000 __HDC C:\ProgramData\{41B21E75-5B57-4865-83FF-351E7F437BB0}
2017-05-01 19:06 - 2017-05-01 19:06 - 00000000 __HDC C:\ProgramData\{087E1953-389C-4129-84BB-41E86CBEDF56}
2017-05-01 19:02 - 2017-05-01 19:03 - 00000000 __HDC C:\ProgramData\{68B5E2B9-11B5-4D26-BD32-61F322FA4B1D}
2017-05-01 19:00 - 2017-05-01 19:00 - 00000000 __HDC C:\ProgramData\{B219DF15-4D19-412B-8C2C-CA83D4B20892}
2017-05-01 18:56 - 2017-05-01 18:56 - 00000000 __HDC C:\ProgramData\{F62BC84F-664B-45B9-9612-E2C212FB8558}
2017-05-01 18:51 - 2017-05-01 18:51 - 00000000 __HDC C:\ProgramData\{32B3C432-4EE3-49AA-8B84-092817BAAC6D}
2017-05-01 18:43 - 2017-05-01 18:43 - 00000000 __HDC C:\ProgramData\{1A87B1C0-895A-4081-B186-D1CDD2346CEB}
2017-04-30 22:43 - 2017-04-30 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Noise Makers
2017-04-30 22:41 - 2017-04-28 00:00 - 05461581 _____ (Noise Makers ) C:\Users\Bryan\Desktop\Setup Binauralizer v1.4.0.exe
2017-04-19 12:57 - 2017-04-19 12:57 - 00000818 _____ C:\Users\Bryan\Documents\Creative Cloud Files - Shortcut.lnk
2017-04-18 16:41 - 2017-04-18 16:41 - 00000016 ____H C:\Users\Bryan\Desktop\untitled.nfo
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2064-01-01 17:00 - 2017-03-14 16:57 - 00000000 ____D C:\ProgramData\eLicenser
2017-05-14 21:37 - 2017-01-23 11:02 - 00000000 ____D C:\Users\Bryan\AppData\Local\Adobe
2017-05-14 21:37 - 2016-12-07 16:55 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-14 21:37 - 2016-12-07 16:55 - 00000000 __SHD C:\Users\Bryan\IntelGraphicsProfiles
2017-05-14 21:37 - 2016-10-21 14:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-14 21:37 - 2016-10-21 14:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-14 21:36 - 2016-12-10 10:44 - 00000000 ____D C:\ProgramData\PACE
2017-05-14 21:36 - 2016-08-02 09:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-14 21:36 - 2016-07-15 22:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-05-14 21:25 - 2016-08-02 09:51 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-05-14 21:25 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-05-14 21:19 - 2016-12-07 16:55 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Adobe
2017-05-14 21:19 - 2016-08-02 12:26 - 01694276 _____ C:\Windows\system32\prfh0404.dat
2017-05-14 21:19 - 2016-08-02 12:26 - 00512622 _____ C:\Windows\system32\prfc0404.dat
2017-05-14 21:19 - 2016-08-02 12:22 - 01704268 _____ C:\Windows\system32\prfh0804.dat
2017-05-14 21:19 - 2016-08-02 12:22 - 00516918 _____ C:\Windows\system32\prfc0804.dat
2017-05-14 21:19 - 2016-08-02 12:15 - 01996372 _____ C:\Windows\system32\prfh0416.dat
2017-05-14 21:19 - 2016-08-02 12:15 - 00528040 _____ C:\Windows\system32\prfc0416.dat
2017-05-14 21:19 - 2016-08-02 12:12 - 02034008 _____ C:\Windows\system32\perfh013.dat
2017-05-14 21:19 - 2016-08-02 12:12 - 00538578 _____ C:\Windows\system32\perfc013.dat
2017-05-14 21:19 - 2016-08-02 12:09 - 01768518 _____ C:\Windows\system32\perfh012.dat
2017-05-14 21:19 - 2016-08-02 12:09 - 00518062 _____ C:\Windows\system32\perfc012.dat
2017-05-14 21:19 - 2016-08-02 12:05 - 01759176 _____ C:\Windows\system32\perfh011.dat
2017-05-14 21:19 - 2016-08-02 12:05 - 00520012 _____ C:\Windows\system32\perfc011.dat
2017-05-14 21:19 - 2016-08-02 12:02 - 02032252 _____ C:\Windows\system32\perfh00C.dat
2017-05-14 21:19 - 2016-08-02 12:02 - 00532500 _____ C:\Windows\system32\perfc00C.dat
2017-05-14 21:19 - 2016-08-02 12:00 - 02026456 _____ C:\Windows\system32\perfh00A.dat
2017-05-14 21:19 - 2016-08-02 12:00 - 00536552 _____ C:\Windows\system32\perfc00A.dat
2017-05-14 21:19 - 2016-08-02 11:57 - 01986348 _____ C:\Windows\system32\perfh007.dat
2017-05-14 21:19 - 2016-08-02 11:57 - 00533042 _____ C:\Windows\system32\perfc007.dat
2017-05-14 21:19 - 2016-08-02 09:57 - 24835674 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-14 21:18 - 2017-01-27 02:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-14 21:18 - 2016-12-29 16:47 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-14 21:18 - 2016-12-07 16:55 - 00000000 ____D C:\Users\Bryan
2017-05-14 21:13 - 2016-10-21 14:15 - 00000000 ____D C:\Program Files (x86)\MSI
2017-05-14 12:25 - 2017-01-23 11:03 - 00000000 ____D C:\ProgramData\Adobe
2017-05-14 12:22 - 2017-03-24 22:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-14 12:22 - 2017-03-24 22:16 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-14 12:07 - 2016-12-07 17:27 - 00000000 ____D C:\Users\Bryan\AppData\Local\CrashDumps
2017-05-14 12:01 - 2016-12-07 21:45 - 00000008 __RSH C:\Users\Bryan\ntuser.pol
2017-05-14 11:58 - 2016-07-16 03:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-14 11:58 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-05-12 12:51 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-05-12 11:51 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-05-12 09:56 - 2016-12-20 14:22 - 00000000 ____D C:\Program Files\Steinberg
2017-05-12 09:54 - 2016-12-07 16:55 - 00000000 ____D C:\Users\Bryan\AppData\Local\Packages
2017-05-12 09:54 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-10 14:16 - 2016-12-07 18:25 - 00000000 ____D C:\Users\Bryan\AppData\Local\Spectrasonics
2017-05-10 11:40 - 2016-12-07 22:09 - 00000000 ____D C:\Windows\system32\MRT
2017-05-10 11:38 - 2016-12-07 22:09 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-08 15:05 - 2016-12-07 20:04 - 00000000 ____D C:\Users\Bryan\Documents\Native Instruments
2017-05-05 11:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-02 17:07 - 2016-12-07 20:23 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Azureus
2017-05-01 19:19 - 2016-12-07 20:01 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-05-01 19:16 - 2016-12-07 20:01 - 00000000 ____D C:\Program Files\Native Instruments
2017-04-30 20:32 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Audio Ease
2017-04-30 20:31 - 2016-12-07 18:51 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2017-04-29 14:22 - 2016-12-29 16:47 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 14:22 - 2016-12-29 16:47 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 16:59 - 2016-12-14 16:55 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-28 16:59 - 2016-12-14 16:55 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-26 23:00 - 2017-03-14 16:58 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Steinberg
2017-04-25 14:21 - 2017-03-25 11:00 - 00000000 ____D C:\Users\Bryan\AppData\Local\ElevatedDiagnostics
2017-04-23 18:52 - 2017-01-28 01:55 - 00000000 ____D C:\ProgramData\Wondershare
2017-04-23 18:52 - 2017-01-28 01:55 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-04-23 18:52 - 2016-12-07 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2017-04-23 18:41 - 2016-12-18 18:05 - 00000000 ____D C:\Users\Bryan\AppData\Local\JDownloader v2.0
2017-04-20 13:51 - 2016-12-18 17:42 - 00000000 ____D C:\Windows\Minidump
2017-04-19 10:12 - 2016-12-09 23:29 - 00003266 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-19 10:12 - 2016-12-07 17:01 - 00002366 _____ C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-19 10:12 - 2016-12-07 17:01 - 00000000 ___RD C:\Users\Bryan\OneDrive
2017-04-18 12:18 - 2016-12-07 23:43 - 00000000 ____D C:\Users\Bryan\Desktop\KeyFinder-WIN
2017-04-18 12:06 - 2016-12-18 17:54 - 00000000 ____D C:\ProgramData\TEMP
2017-04-14 14:36 - 2016-10-21 14:15 - 00000000 ____D C:\ProgramData\MSI
 
==================== Files in the root of some directories =======
 
2017-03-06 01:06 - 2017-03-06 01:06 - 2722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2017-03-06 01:06 - 2017-03-06 01:06 - 0056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2017-02-09 22:19 - 2017-04-02 16:39 - 0000016 _____ () C:\Users\Bryan\AppData\Roaming\msregsvv.dll
2017-03-24 08:01 - 2017-03-24 08:01 - 0000480 ____H () C:\Users\Bryan\AppData\Roaming\½
2017-03-24 07:53 - 2017-03-24 07:53 - 2106863 _____ () C:\Users\Bryan\AppData\Roaming\Microsoft\en_files.txt
2017-03-24 07:53 - 2017-03-24 08:11 - 2106863 _____ () C:\Users\Bryan\AppData\Roaming\Microsoft\en_gfiles.txt
2017-03-24 08:11 - 2017-03-24 08:11 - 4320054 _____ () C:\Users\Bryan\AppData\Roaming\Microsoft\wp.jpg
2017-03-30 04:58 - 2017-03-30 04:58 - 0000017 _____ () C:\Users\Bryan\AppData\Local\resmon.resmoncfg
2017-03-07 22:47 - 2017-03-07 22:47 - 0000552 _____ () C:\Users\Bryan\AppData\Local\TroubleshooterConfig.json
2017-03-24 21:29 - 2017-03-24 21:29 - 0000008 ____H () C:\ProgramData\@000001.dat
2017-03-24 21:29 - 2017-03-24 22:12 - 0000904 ____H () C:\ProgramData\@system.temp
2017-02-09 22:19 - 2017-04-02 16:39 - 0000016 _____ () C:\ProgramData\autobk.inc
2016-10-21 14:07 - 2016-10-21 14:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-03-24 08:01 - 2017-03-24 22:13 - 0000640 ____H () C:\ProgramData\int.bin
2017-01-02 08:42 - 2017-03-25 14:02 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-02 08:42 - 2017-03-25 11:26 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-03-14 15:23 - 2017-03-14 15:23 - 0000946 _____ () C:\ProgramData\Spectrasonics - Shortcut.lnk
 
Files to move or delete:
====================
C:\ProgramData\@000001.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-09 20:49
 
==================== End of FRST.txt ============================

  • 0

#9
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

<script type="text/javascript"> //</script>

 

 

and is working but my computer is kinda slow.. btw thank you so much


Excellent, and you're welcome. :) Yes, we still have some work to do here so stay with me till I give you the all clear.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Next:
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Next:

Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Make sure that FRST is on the desktop of the infected system
  • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

# AdwCleaner v6.046 - Logfile created 14/05/2017 at 21:35:07
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-14.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Bryan - MSI
# Running from : C:\Users\Bryan\Desktop\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: rtop
[-] Service deleted: Updater.Mail.Ru
[-] Service deleted: wdsvc
[-] Service deleted: ByteFenceService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Mail.Ru
[-] Folder deleted: C:\Users\Bryan\AppData\LocalLow\Speedbit
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\Speedbit
[-] Folder deleted: C:\Users\Bryan\Documents\PPC-software
[-] Folder deleted: C:\Program Files\ByteFence
[-] Folder deleted: C:\ProgramData\ByteFence
[-] Folder deleted: C:\ProgramData\Mail.Ru
[-] Folder deleted: C:\ProgramData\Speedbit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Mail.Ru
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Speedbit
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
[-] Folder deleted: C:\Program Files (x86)\Mail.Ru
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Bryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] File deleted: C:\Users\Bryan\Favorites\Mail.Ru.url
[-] File deleted: C:\Users\Bryan\Favorites\Mail.Ru Агент - используй для общения!.url
[-] File deleted: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: MSISCMTsk
[-] Task deleted: ByteFence
[-] Task deleted: ByteFence Scan
[-] Task deleted: news-onlyorgtopgrowsm
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ByteFenceService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ByteFenceService
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKU\.DEFAULT\Software\Mail.Ru
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\ByteFence
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\SpeedBit
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Mail.Ru
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Amigo
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\PPC-softwareLanguage
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Xpom
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\AppDataLow\Software\Mail.Ru
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-146548888-33923456-274662428-1001\Software\SpeedBit
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Mail.Ru
[#] Key deleted on reboot: HKCU\Software\ByteFence
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\SpeedBit
[#] Key deleted on reboot: HKCU\Software\Mail.Ru
[#] Key deleted on reboot: HKCU\Software\Amigo
[#] Key deleted on reboot: HKCU\Software\PPC-softwareLanguage
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\Xpom
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Key deleted: HKLM\SOFTWARE\ByteFence
[-] Key deleted: HKLM\SOFTWARE\SpeedBit
[-] Key deleted: HKLM\SOFTWARE\Mail.Ru
[-] Key deleted: HKLM\SOFTWARE\PPC-software
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-146548888-33923456-274662428-1001\Software\SpeedBit
[#] Key deleted on reboot: [x64] HKCU\Software\ByteFence
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\SpeedBit
[#] Key deleted on reboot: [x64] HKCU\Software\Mail.Ru
[#] Key deleted on reboot: [x64] HKCU\Software\Amigo
[#] Key deleted on reboot: [x64] HKCU\Software\PPC-softwareLanguage
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\Xpom
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Key deleted: [x64] HKLM\SOFTWARE\ByteFence
[-] Data restored: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Key deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Internet Explorer\SearchScopes\{75C75EE7-7B57-4FA0-BB53-64D8B4E84DAC}
[-] Data restored: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{75C75EE7-7B57-4FA0-BB53-64D8B4E84DAC}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0FE1A9B-0449-4C76-A38E-88FE9C8D1774}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{75C75EE7-7B57-4FA0-BB53-64D8B4E84DAC}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0FE1A9B-0449-4C76-A38E-88FE9C8D1774}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\speedbit.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.metrolyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safesear.ch
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mixmeister-bpm-analyzer.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\safesear.ch
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.safesear.ch
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mixmeister-bpm-analyzer.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\safesear.ch
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\speedbit.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mixmeister-bpm-analyzer.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mixmeister-bpm-analyzer.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.safesear.ch
[-] Value deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [MailRuUpdater]
[-] Value deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WebDiscoverBrowser]
[-] Value deleted: HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [mailruhomesearch]
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ccfifbojenkenpkmnbnndeadpfdiffof
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://mail.ru/cnt/10445?gp=811040
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [18064 Bytes] - [14/05/2017 21:35:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [17552 Bytes] - [14/05/2017 21:31:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18212 Bytes] ##########

  • 0

#10
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,525 posts
Hi yewest77899,

Sorry for the delay. Mondays are not my best days at work. :(

There is no need to click on the Quote Reply button when you respond. Just scroll down to the open Reply to this topic box, click then paste in your reply. That will make the post shorter. easier to read and not repeat what I post.

I see the Addition.txt, the FRST.txt and the AdwCleaner.txt but I do not see the JRT.txt log that Junkware Removal Tool produces in your previous replies above. It should be found on your desktop. Could you look for it please and post in your next reply?

If you can not find, please follow my instructions in Post #6 to run it again then post the log. Thank you. :)

Next:

Your system restore is disabled. To check if your System Restore has been disabled or not, right-click on Start to open the WinX Menu. Click on System to open Control Panels System applet.

In the left pane, you will see System protection. Click on it to open System Properties. Under System Protection tab, you will see the Protection Settings.

Ensure that Protection is set to On for the System drive.

Next:
  • Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
  • Please copy the entire contents of the code box below from Start to End.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.

    [b]Start[/b]
    CreateRestorePoint:
    HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
    HKU\S-1-5-21-146548888-33923456-274662428-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
    HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-146548888-33923456-274662428-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\EX64.SYS [X]
    CustomCLSID: HKU\S-1-5-21-146548888-33923456-274662428-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-627B281D406E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    AlternateDataStreams: C:\ProgramData:66ECC62E06F77B56 [217]
    AlternateDataStreams: C:\Users\All Users:66ECC62E06F77B56 [217]
    AlternateDataStreams: C:\ProgramData\Application Data:66ECC62E06F77B56 [217]
    AlternateDataStreams: C:\ProgramData\PACE:2121B49848C51B7A [217]
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
    AlternateDataStreams: C:\ProgramData\TEMP:7FAE3E0D [131]
    AlternateDataStreams: C:\Users\Bryan\Cookies:fmoneKdkQwBl9XGQ [2246]
    AlternateDataStreams: C:\Users\Bryan\Cookies:OCCbwZYCKlRGnqPWLzksqaqaOyHJW [1930]
    AlternateDataStreams: C:\Users\Bryan\Cookies:Q1JWYeZSjKF98ilRgIWOcqRJcR [2272]
    AlternateDataStreams: C:\Users\Bryan\AppData\Local\vGTeXqCKERv:iYwe7QaIXP9DK6wGabCo9aApmxr [2700]
    HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
    C:\ProgramData\@000001.dat
    C:\ProgramData\@system.temp
    C:\ProgramData\DP45977C.lfl
    EmptyTemp:
    [b]end[/b]
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.

  • 0

Advertisements


#11
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I found it!!! 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Bryan (Administrator) on Sun 05/14/2017 at 21:18:55.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Bryan\AppData\Roaming\ppc-software (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\MailRuUpdater (Task)
 
 
 
Registry: 7 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A0FE1A9B-0449-4C76-A38E-88FE9C8D1774} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d94f51b0-ba26-454b-bf8d-7c495c5e3db6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d94f51b0-ba26-454b-bf8d-7c495c5e3db6} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/14/2017 at 21:25:27.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,525 posts
Excellent!

Go back and read my instructions above again. I didn't realize you were online and I had edited my post to include the instructions to check if your system restore was enabled. Then please follows the instructions with the fixlist to remove those files.

Getting late here. I will be up early (5am) to check on your topic before I head of to work.
  • 0

#13
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Bryan (16-05-2017 22:27:25) Run:2
Running from C:\Users\Bryan\Desktop
Loaded Profiles: Bryan (Available Profiles: defaultuser0 & Bryan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
HKU\S-1-5-21-146548888-33923456-274662428-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
HKU\S-1-5-21-146548888-33923456-274662428-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-146548888-33923456-274662428-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161207.009\EX64.SYS [X]
CustomCLSID: HKU\S-1-5-21-146548888-33923456-274662428-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-627B281D406E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
AlternateDataStreams: C:\ProgramData:66ECC62E06F77B56 [217]
AlternateDataStreams: C:\Users\All Users:66ECC62E06F77B56 [217]
AlternateDataStreams: C:\ProgramData\Application Data:66ECC62E06F77B56 [217]
AlternateDataStreams: C:\ProgramData\PACE:2121B49848C51B7A [217]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
AlternateDataStreams: C:\ProgramData\TEMP:7FAE3E0D [131]
AlternateDataStreams: C:\Users\Bryan\Cookies:fmoneKdkQwBl9XGQ [2246]
AlternateDataStreams: C:\Users\Bryan\Cookies:OCCbwZYCKlRGnqPWLzksqaqaOyHJW [1930]
AlternateDataStreams: C:\Users\Bryan\Cookies:Q1JWYeZSjKF98ilRgIWOcqRJcR [2272]
AlternateDataStreams: C:\Users\Bryan\AppData\Local\vGTeXqCKERv:iYwe7QaIXP9DK6wGabCo9aApmxr [2700]
HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
C:\ProgramData\@000001.dat
C:\ProgramData\@system.temp
C:\ProgramData\DP45977C.lfl
EmptyTemp:
end
*****************
 
Start => Error: No automatic fix found for this entry.
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0TheftProtectionDll => key removed successfully
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found. 
HKU\S-1-5-21-146548888-33923456-274662428-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-146548888-33923456-274662428-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
ibtsiva => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKLM\System\CurrentControlSet\Services\NVIDIA Wireless Controller Service => key removed successfully
NVIDIA Wireless Controller Service => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => key removed successfully
NAVEX15 => service removed successfully
HKU\S-1-5-21-146548888-33923456-274662428-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-627B281D406E} => key removed successfully
C:\ProgramData => ":66ECC62E06F77B56" ADS removed successfully.
"C:\Users\All Users" => ":66ECC62E06F77B56" ADS not found.
"C:\ProgramData\Application Data" => ":66ECC62E06F77B56" ADS not found.
C:\ProgramData\PACE => ":2121B49848C51B7A" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":7FAE3E0D" ADS removed successfully.
C:\Users\Bryan\Cookies => ":fmoneKdkQwBl9XGQ" ADS removed successfully.
C:\Users\Bryan\Cookies => ":OCCbwZYCKlRGnqPWLzksqaqaOyHJW" ADS removed successfully.
C:\Users\Bryan\Cookies => ":Q1JWYeZSjKF98ilRgIWOcqRJcR" ADS removed successfully.
C:\Users\Bryan\AppData\Local\vGTeXqCKERv => ":iYwe7QaIXP9DK6wGabCo9aApmxr" ADS removed successfully.
HKU\S-1-5-21-146548888-33923456-274662428-1001\Software\Classes\regfile => key removed successfully
C:\ProgramData\@000001.dat => moved successfully
C:\ProgramData\@system.temp => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
end => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35562962 B
Java, Flash, Steam htmlcache => 10354 B
Windows/system/drivers => 4577016 B
Edge => 13380384 B
Chrome => 128803413 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 8056 B
NetworkService => 128 B
defaultuser0 => 128 B
Bryan => 252695197 B
 
RecycleBin => 0 B
EmptyTemp: => 414.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:28:42 ====

  • 0

#14
yewest77899

yewest77899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I set the protection on!! thanks for your help!!


  • 0

#15
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,525 posts
You're welcome! :)

Did you set the protection on before or after you ran the fix? The fix log shows that creating a restore point has failed. Let's check the services to see what is going on there. Please do as follows:

Download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defenders
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP