Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible Infection?

Started by Jaysea29 , May 27 2018 05:29 PM

Please log in to reply

#1
Jaysea29

Posted 27 May 2018 - 05:29 PM

New Member

Member
2 posts

Hey all, lately I've been having some minor issues with my PC. When I put it in sleep mode the computer just hangs and the fans keep spinning. The screen goes black but the PC never powers down. Also just experiencing some overall slow performance, but that could very well be my SSD going out as recent benchmarks have put it near the bottom of other benchmarks of the same same ssd. Just want to make sure I don't have anything lurking in the background, as MBAM, Kaspersky, and other free tools have come up clean.

Thanks,

Logs below

"Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01

Ran by Josh (administrator) on JOSH-PC (27-05-2018 16:20:29)

Running from C:\Users\Josh\Desktop

Loaded Profiles: Josh (Available Profiles: Josh)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe

(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe

(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)

HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\...\MountPoints2: {481ad12a-3abd-11e7-ba53-485b3975fb89} - F:\setup.exe

GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip\..\Interfaces\{58612CDC-FF52-4FE6-87FB-3F886BCA267D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:

==================

HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-16] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-16] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: wrdobvwy.default

FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\wrdobvwy.default [2018-05-22]

FF user.js: detected! => C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\wrdobvwy.default\user.js [2018-02-17]

FF Extension: (Adblock Plus) - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\wrdobvwy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-22]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-16] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-16] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:

=======

CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default [2018-05-27]

CHR Extension: (BetterTTV) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-02-04]

CHR Extension: (Docs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]

CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-24]

CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-24]

CHR Extension: (Honey) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-05-21]

CHR Extension: (Adblock Plus) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]

CHR Extension: (Google Docs Offline) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-24]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]

CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-24]

CHR Extension: (Chrome Media Router) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 acCAMService; C:\Program Files (x86)\NZXT\CAM\Service\CAMService.exe [31344 2017-03-16] ()

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-03-26] ()

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-18] (EasyAntiCheat Ltd)

S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-04-20] (Futuremark)

R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120032 2017-10-08] (Electronic Arts)

S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3000168 2017-10-08] (Electronic Arts)

S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2017-05-12] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S2 HiPatchService; J:\Downloasdz\HiPatchService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [92536 2018-04-25] (Advanced Micro Devices, Inc.)

S3 cpuz141; C:\Users\Josh\AppData\Local\Temp\cpuz141\cpuz141_x64.sys [46400 2018-04-30] (CPUID) <==== ATTENTION

R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)

R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

S3 niks4m2audio; C:\Windows\System32\Drivers\niks4m2audio.sys [382920 2015-09-04] (Native Instruments GmbH)

S3 niks4m2usb; C:\Windows\System32\DRIVERS\niks4m2usb.sys [104304 2015-09-04] (Native Instruments GmbH)

S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()

R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [467368 2017-04-25] (IDRIX)

S3 ALSysIO; \??\C:\Users\Josh\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION

S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-27 16:20 - 2018-05-27 16:20 - 000011057 _____ C:\Users\Josh\Desktop\FRST.txt

2018-05-27 16:17 - 2018-04-25 07:36 - 000092536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys

2018-05-27 16:16 - 2018-05-27 16:16 - 000043109 _____ C:\Users\Josh\Downloads\Addition.txt

2018-05-27 16:15 - 2018-05-27 16:16 - 000031334 _____ C:\Users\Josh\Downloads\FRST.txt

2018-05-27 16:15 - 2018-05-27 16:15 - 002413056 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe

2018-05-27 16:15 - 2018-05-27 16:15 - 000003146 _____ C:\Windows\System32\Tasks\StartCN

2018-05-27 16:15 - 2018-05-27 16:15 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR

2018-05-27 16:15 - 2018-05-27 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings

2018-05-27 16:15 - 2018-05-27 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard

2018-05-27 16:14 - 2018-05-27 16:14 - 000000000 ____D C:\Program Files (x86)\AMD

2018-05-27 16:13 - 2018-05-27 16:13 - 000000000 ____D C:\Program Files (x86)\VulkanRT

2018-05-27 15:56 - 2018-05-27 15:56 - 000000000 ____D C:\Users\Josh\AppData\Local\AdvinstAnalytics

2018-05-27 15:50 - 2018-05-27 15:50 - 000000000 ____D C:\Windows\system32\appmgmt

2018-05-22 19:29 - 2018-05-22 19:29 - 000000000 ____D C:\Users\Josh\Desktop\WebClient(4)

2018-05-22 17:47 - 2018-05-22 19:29 - 000000000 ____D C:\Windows\SysWOW64\webclient

2018-05-16 15:25 - 2018-05-16 15:25 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll

2018-05-16 15:25 - 2018-05-16 15:25 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll

2018-05-16 12:25 - 2018-05-16 12:25 - 001232264 _____ (AMD) C:\Windows\system32\coinst_18.10.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 012517800 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 009990664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 000200008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 000177312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 000164440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 000146960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll

2018-05-16 12:24 - 2018-05-16 12:24 - 000009936 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll

2018-05-16 12:23 - 2018-05-16 12:23 - 011894144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdvt.dll

2018-05-16 12:23 - 2018-05-16 12:23 - 000544136 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys

2018-05-16 12:23 - 2018-05-16 12:23 - 000476552 _____ (AMD) C:\Windows\system32\atitmm64.dll

2018-05-16 12:23 - 2018-05-16 12:23 - 000469896 _____ C:\Windows\system32\dgtrayicon.exe

2018-05-16 12:23 - 2018-05-16 12:23 - 000448392 _____ C:\Windows\system32\GameManager64.dll

2018-05-16 12:23 - 2018-05-16 12:23 - 000356744 _____ C:\Windows\SysWOW64\GameManager32.dll

2018-05-16 12:23 - 2018-05-16 12:23 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

2018-05-16 12:23 - 2018-05-16 12:23 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll

2018-05-16 12:23 - 2018-05-16 12:23 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 016363808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 013544168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 012427184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6t.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 012412240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 011882832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000704392 _____ (AMD) C:\Windows\system32\atieclxx.exe

2018-05-16 12:22 - 2018-05-16 12:22 - 000472968 _____ (AMD) C:\Windows\system32\atiesrxx.exe

2018-05-16 12:22 - 2018-05-16 12:22 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000405896 _____ C:\Windows\system32\atieah64.exe

2018-05-16 12:22 - 2018-05-16 12:22 - 000342920 _____ C:\Windows\system32\clinfo.exe

2018-05-16 12:22 - 2018-05-16 12:22 - 000326024 _____ C:\Windows\SysWOW64\atieah32.exe

2018-05-16 12:22 - 2018-05-16 12:22 - 000226184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000196488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000166280 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000146824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000142216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2018-05-16 12:22 - 2018-05-16 12:22 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 067909512 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 044673416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys

2018-05-16 12:21 - 2018-05-16 12:21 - 031604104 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 016489352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 003128200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 002726792 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 001997352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 001581720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 001059720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 001059720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000556936 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000467848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000437128 _____ C:\Windows\system32\amdgfxinfo64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000352648 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe

2018-05-16 12:21 - 2018-05-16 12:21 - 000305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys

2018-05-16 12:21 - 2018-05-16 12:21 - 000171400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000150920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe

2018-05-16 12:21 - 2018-05-16 12:21 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000036744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll

2018-05-16 12:21 - 2018-05-16 12:21 - 000033672 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 053600648 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 029714312 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 025181064 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 016095624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 014063496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 013600136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000694152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000157576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000135560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll

2018-05-16 12:20 - 2018-05-16 12:20 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll

2018-05-16 12:19 - 2018-05-16 12:19 - 035889032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll

2018-05-16 11:41 - 2018-05-16 11:41 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap

2018-05-16 11:41 - 2018-05-16 11:41 - 003437632 _____ C:\Windows\system32\atiumd6a.cap

2018-05-16 11:36 - 2018-05-16 11:36 - 000890728 _____ C:\Windows\SysWOW64\atiapfxx.blb

2018-05-16 11:36 - 2018-05-16 11:36 - 000890728 _____ C:\Windows\system32\atiapfxx.blb

2018-05-10 19:26 - 2018-05-27 16:18 - 000000000 ____D C:\Users\Josh\AppData\LocalLow\AMD

2018-05-10 19:26 - 2018-05-10 19:26 - 000000000 ____D C:\6749525315573233238

2018-05-09 20:29 - 2018-05-09 20:29 - 000000000 ____D C:\Users\Josh\AppData\Local\RadeonSettings

2018-05-09 18:56 - 2018-05-09 18:56 - 000003114 _____ C:\Windows\System32\Tasks\{39BBCDEF-86DD-4B54-8329-41B5550421B2}

2018-05-09 18:56 - 2018-05-09 18:56 - 000000000 ____D C:\Swsetup

2018-05-06 21:53 - 2018-05-06 21:53 - 000000000 ____D C:\Users\Josh\Desktop\fluxion-master

2018-05-06 21:37 - 2018-05-06 21:37 - 000967800 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Josh\Downloads\rufus-2.18.exe

2018-05-05 11:18 - 2018-05-05 11:18 - 000000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell

2018-05-05 11:18 - 2018-05-05 11:18 - 000000000 ____D C:\Program Files (x86)\Marvell

2018-05-05 11:14 - 2018-05-05 11:14 - 000000000 ____D C:\Users\Josh\Desktop\updatesata

2018-04-30 22:06 - 2018-04-30 22:06 - 000262144 ____N C:\Windows\Minidump\043018-11388-01.dmp

2018-04-30 22:04 - 2018-04-30 22:04 - 000262144 ____N C:\Windows\Minidump\043018-11856-01.dmp

2018-04-30 20:34 - 2018-04-30 20:34 - 000001090 _____ C:\Users\Josh\Desktop\MSI Afterburner.lnk

2018-04-30 20:34 - 2018-04-30 20:34 - 000000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2018-04-30 20:34 - 2018-04-30 20:34 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner

2018-04-30 20:31 - 2018-04-30 20:31 - 000000000 ____D C:\Users\Josh\Desktop\openhardwaremonitor-v0.8.0-beta

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-27 16:20 - 2017-02-25 18:25 - 000000000 ____D C:\FRST

2018-05-27 16:18 - 2018-03-18 12:23 - 000003244 _____ C:\Windows\System32\Tasks\IORRT

2018-05-27 16:18 - 2017-11-19 16:47 - 001315228 _____ C:\Windows\ntbtlog.txt

2018-05-27 16:17 - 2017-04-24 19:49 - 000000000 ____D C:\Program Files\AMD

2018-05-27 16:17 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-05-27 16:17 - 2009-07-13 21:45 - 000277040 _____ C:\Windows\system32\FNTCACHE.DAT

2018-05-27 16:17 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf

2018-05-27 16:16 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI

2018-05-27 16:16 - 2009-07-13 21:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2018-05-27 16:16 - 2009-07-13 21:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2018-05-27 16:10 - 2017-04-24 20:01 - 000000000 ____D C:\Users\Josh\AppData\Local\AMD

2018-05-27 16:04 - 2017-10-01 03:59 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml

2018-05-27 16:04 - 2015-06-07 21:42 - 000000000 ____D C:\AMD

2018-05-27 15:57 - 2017-04-24 19:59 - 000065536 _____ C:\Windows\system32\spu_storage.bin

2018-05-27 15:52 - 2018-04-09 00:29 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2018-05-27 15:51 - 2018-04-09 00:29 - 000000000 ____D C:\Program Files\Common Files\AV

2018-05-27 15:50 - 2018-02-17 19:37 - 000000000 ____D C:\Users\Josh\AppData\Local\AOL

2018-05-23 22:29 - 2017-04-24 22:01 - 000000000 ____D C:\Users\Josh\AppData\Local\Battle.net

2018-05-23 22:29 - 2017-04-24 20:01 - 000000000 ____D C:\Users\Josh\AppData\Roaming\TS3Client

2018-05-23 20:02 - 2017-05-10 23:29 - 000002158 _____ C:\Users\Josh\Desktop\Discord.lnk

2018-05-23 20:02 - 2017-05-10 23:29 - 000000000 ____D C:\Users\Josh\AppData\Roaming\discord

2018-05-23 20:02 - 2017-05-10 23:29 - 000000000 ____D C:\Users\Josh\AppData\Local\Discord

2018-05-23 19:01 - 2016-05-28 13:17 - 000000000 ____D C:\Program Files (x86)\Battle.net

2018-05-23 18:58 - 2016-05-28 13:26 - 000000000 ____D C:\Program Files (x86)\Overwatch

2018-05-22 19:29 - 2018-01-28 00:23 - 000000000 ____D C:\Users\Josh\AppData\LocalLow\Mozilla

2018-05-22 17:53 - 2018-01-28 00:23 - 000000000 ____D C:\Program Files\Mozilla Firefox

2018-05-22 17:53 - 2018-01-28 00:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2018-05-21 20:11 - 2017-04-26 00:23 - 000000024 _____ C:\Users\Josh\jagexappletviewer.preferences

2018-05-21 20:10 - 2017-04-26 00:24 - 000000043 _____ C:\Users\Josh\jagex_cl_oldschool_LIVE.dat

2018-05-17 20:42 - 2017-09-13 22:59 - 000000614 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk

2018-05-17 18:00 - 2017-04-24 19:46 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-05-17 18:00 - 2017-04-24 19:46 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2018-05-16 18:55 - 2017-04-24 19:46 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2018-05-16 18:55 - 2017-04-24 19:46 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2018-05-16 12:21 - 2017-04-10 10:31 - 001468808 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll

2018-05-13 21:03 - 2017-12-23 17:31 - 000000000 ____D C:\Program Files (x86)\StarCraft

2018-05-10 19:27 - 2017-04-24 19:46 - 000061208 _____ C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT

2018-05-09 19:33 - 2017-04-24 20:01 - 000000000 ____D C:\Users\Josh\Desktop\TeamSpeak 3 Client

2018-05-06 21:56 - 2018-03-22 17:44 - 000000400 __RSH C:\ProgramData\ntuser.pol

2018-05-06 21:41 - 2017-04-30 20:19 - 000000000 ____D C:\Users\Josh\AppData\Roaming\qBittorrent

2018-05-05 11:15 - 2017-08-17 01:44 - 000000000 ____D C:\Program Files (x86)\Intel

2018-05-05 11:14 - 2017-04-24 19:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2018-04-30 22:06 - 2017-05-01 01:16 - 000000000 ____D C:\Windows\Minidump

2018-04-30 21:58 - 2017-05-01 01:26 - 000000938 _____ C:\Users\Josh\Desktop\PerformanceTest.lnk

2018-04-30 21:58 - 2017-05-01 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest

2018-04-30 21:58 - 2017-05-01 01:25 - 000000000 ____D C:\Program Files\PerformanceTest

==================== Files in the root of some directories =======

2018-03-09 22:27 - 2018-03-09 22:27 - 000002689 _____ () C:\Users\Josh\AppData\Local\recently-used.xbel

Some files in TEMP:

====================

2018-02-20 18:23 - 2018-02-20 18:23 - 000000180 _____ () C:\Users\Josh\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll

2018-02-20 18:23 - 2018-05-23 21:17 - 000000016 _____ () C:\Users\Josh\AppData\Local\Temp\8a2878f6d1bf1e1adf67c44d53dee46b.dll

2018-03-18 12:03 - 2018-05-27 16:10 - 001179016 _____ () C:\Users\Josh\AppData\Local\Temp\AMDCleanupUtility.exe

2018-03-18 12:03 - 2018-05-27 16:10 - 000250248 _____ () C:\Users\Josh\AppData\Local\Temp\Cleanup.dll

2018-03-18 12:03 - 2018-05-27 16:10 - 000065536 _____ (Windows ® Server 2003 DDK provider) C:\Users\Josh\AppData\Local\Temp\ddu.exe

2018-03-18 12:03 - 2018-05-27 16:10 - 000414152 _____ (Microsoft Corporation) C:\Users\Josh\AppData\Local\Temp\difxapi.dll

2018-05-17 20:42 - 2018-05-17 20:42 - 032912552 _____ (ArenaNet) C:\Users\Josh\AppData\Local\Temp\Gw2.exe

2018-03-18 12:03 - 2018-05-27 16:10 - 000516096 _____ (Microsoft Corporation) C:\Users\Josh\AppData\Local\Temp\msvcm80.dll

2018-03-18 12:03 - 2018-05-27 16:10 - 001061376 _____ (Microsoft Corporation) C:\Users\Josh\AppData\Local\Temp\msvcp80.dll

2018-03-18 12:03 - 2018-05-27 16:10 - 000796672 _____ (Microsoft Corporation) C:\Users\Josh\AppData\Local\Temp\msvcr80.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll

[2017-05-12 23:44] - [2017-12-23 17:32] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll

[2017-05-12 23:44] - [2017-12-23 17:32] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-19 18:02

==================== End of FRST.txt ============================"

"Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by Josh (27-05-2018 16:20:46)

Running from C:\Users\Josh\Desktop

Windows 7 Ultimate Service Pack 1 (X64) (2017-04-25 02:28:19)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3267846572-1136073672-2533522779-500 - Administrator - Disabled)

Guest (S-1-5-21-3267846572-1136073672-2533522779-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3267846572-1136073672-2533522779-1002 - Limited - Enabled)

Josh (S-1-5-21-3267846572-1136073672-2533522779-1000 - Administrator - Enabled) => C:\Users\Josh

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM\...\{62A3D06F-97B8-4CD0-9B7F-3B06C4DF377B}) (Version: 2.4.4264.0 - Futuremark) Hidden

3DMark (HKLM-x32\...\{0034a3c4-a299-491d-b683-791a538a7db4}) (Version: 2.4.4264.0 - Futuremark)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.5.1 - Advanced Micro Devices, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)

Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)

Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CAM (HKLM-x32\...\{92C0C6D2-8ACA-42D7-9B87-B2AEC579223E}) (Version: 3.3.1 - NZXT)

CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)

Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)

CPUID ROG CPU-Z 1.78 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.78 - CPUID, Inc.)

Discord (HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)

Epic Games Launcher (HKLM-x32\...\{6F15D7C1-3079-4135-B8E9-8D3EA033EE3A}) (Version: 1.1.129.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )

Futuremark SystemInfo (HKLM-x32\...\{DF98C3ED-A8C6-40B6-9EDC-D6D37FA0A461}) (Version: 5.8.663.0 - Futuremark)

GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden

Guild Wars (HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\...\Guild Wars) (Version: - )

Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)

Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)

Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)

marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)

Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)

Microsoft Excel 2010 (HKLM\...\Office14.EXCEL) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)

MSI Afterburner 4.5.0 (HKLM-x32\...\Afterburner) (Version: 4.5.0 - MSI Co., LTD)

Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments)

Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)

Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.9.0.1257 - Native Instruments)

Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version: - Native Instruments)

Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version: - Native Instruments)

NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden

NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)

NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)

OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Origin (HKLM-x32\...\Origin) (Version: 10.5.3.59240 - Electronic Arts, Inc.)

Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)

Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)

PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1025.0 - Passmark Software)

Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)

qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project)

Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)

Rules of Survival version 1.140497.141609 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.140497.141609 - Hong Kong Netease Interactive Entertainment Limited)

RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)

RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0000-1000-0000000FF1CE}_Office14.EXCEL_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)

Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 5.1.4574.1 - Hi-Rez Studios)

Soda Player (HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\...\sodaplayer) (Version: 1.1.4 - Soda Player)

Spotify (HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)

StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)

TeamSpeak 3 Client (HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)

The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)

TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)

VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-3) (Version: 1.0.39.1 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-2) (Version: 1.1.70.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-3) (Version: 1.1.70.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-4) (Version: 1.1.70.0 - LunarG, Inc.) Hidden

WebClient (HKLM-x32\...\WebClient) (Version: - )

WhatsApp (HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\...\WhatsApp) (Version: 0.2.6426 - WhatsApp)

WinRAR 5.50 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.1 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-04-24] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-04-24] (Alexander Roshal)

ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-05-16] (Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-04-24] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-04-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11831A62-B050-4F73-ADC5-551423711B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)

Task: {2FCA3379-59CB-4AE1-8AE7-137C9458A87C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)

Task: {43760EE4-61F8-438C-ADA9-82333598D142} - System32\Tasks\{F23AF80F-E996-4A59-AD5E-380F134618B1} => J:\steam\Steam.exe

Task: {4B6DE76E-CDAF-495C-ADA5-2EA428C0791F} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2017-05-28] () <==== ATTENTION

Task: {574762D9-39D7-428B-9CDA-FD281955E7E8} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2017-05-12] ()

Task: {6AB6ED67-84A0-405B-980E-FB7DDF831D5E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2018-02-04] ()

Task: {7F97228E-BC3E-43D5-A174-13A328E5A29A} - System32\Tasks\{39BBCDEF-86DD-4B54-8329-41B5550421B2} => C:\Windows\system32\pcalua.exe -a C:\Users\Josh\Downloads\sp80253.exe -d C:\Users\Josh\Downloads

Task: {A0D3DB56-12C2-499D-950C-0C3538830CBC} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2017-05-28] () <==== ATTENTION

Task: {B772E247-B9B2-43A0-8A04-19B3A63FFD53} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-05-16] (Advanced Micro Devices, Inc.)

Task: {D1C39B84-6D91-4CE9-96B4-6A95EA242B99} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-04-09] (AO Kaspersky Lab)

Task: {E045098A-2A25-4EB7-B19E-CF1B6F6BFF6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-24] (Google Inc.)

Task: {E2F56AB9-901E-4532-9BF2-62AC29181583} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-03-17] ()

Task: {EF805B4D-9AFB-4144-9C2C-FF8A9631148E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-24] (Google Inc.)

Task: {F4150CDD-AAC6-4C02-810B-8C98AB897298} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)

Task: {F7450EC7-4DC5-4E9D-9891-1CA9ACB61090} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-05-16] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Josh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl

==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

2018-02-11 23:38 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

2018-05-17 17:59 - 2018-05-14 20:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll

2018-05-17 17:59 - 2018-05-14 20:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3267846572-1136073672-2533522779-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 68.105.28.11 - 68.105.29.11

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: acCAMService => 2

MSCONFIG\startupreg: AIM for Windows => "C:\Users\Josh\AppData\Local\AOL\AIM\aim.exe"

MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Spotify => C:\Users\Josh\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized

MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Josh\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2CB155ED-9CF1-4409-AECF-75A2EFA5D5BA}] => (Allow) J:\steam\Steam.exe

FirewallRules: [{EF5C0CB9-B2C6-442A-A447-FDD0FFC3F383}] => (Allow) J:\steam\Steam.exe

FirewallRules: [{CF9FAA17-7361-4C86-808A-B3E2C3D76696}] => (Allow) J:\steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{E49971D8-8335-4024-B6ED-6BC628BB81AC}] => (Allow) J:\steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [TCP Query User{89DE51B3-3490-4905-B096-03B66EB9661B}C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe

FirewallRules: [UDP Query User{C7BA0CF4-67B3-4869-9FD9-764147AFA5D3}C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe

FirewallRules: [{E61154EF-5632-4026-8129-B4D361A56FA8}] => (Allow) LPort=9143

FirewallRules: [{B6C41653-CC1B-42F3-84A6-A97110B84604}] => (Allow) LPort=2333

FirewallRules: [TCP Query User{E4404B33-2C1E-4A99-8B67-6A18D618FA45}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{9782537E-BFFE-49AD-A50B-ED157E768ECC}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [TCP Query User{E296D067-DA23-4F5A-89B5-13CC900929E0}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [UDP Query User{79BC22CA-8D59-469D-B72A-8101CE38D7A5}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [{FA4466E8-9526-4BC9-9256-FDAE88940080}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe

FirewallRules: [{0B0EBA54-DED2-497B-AD0C-8612548C2D6E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe

FirewallRules: [TCP Query User{171A7DE0-88F4-40F9-8C55-BD235D6968A9}C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe

FirewallRules: [UDP Query User{C9E497F3-F1E8-4E28-8C0B-5913C58E9F99}C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\player\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe

FirewallRules: [TCP Query User{26C27BB8-C2B3-449B-8BF7-1765F867D61E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [UDP Query User{51C3951D-E81C-46F2-96BF-27B85A669039}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [TCP Query User{3EDC717C-BE23-4DE7-B5A7-796A205821CA}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{FF9E124B-4266-4771-B961-0B3F3D35962B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [TCP Query User{9F3CC43B-D735-4259-A6C8-87A09A3287CB}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe

FirewallRules: [UDP Query User{16E126D3-9B5C-47DF-8E31-B85BC607FFB6}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe

FirewallRules: [{ED51E7F2-765C-44A0-B7F8-346562F72A9E}] => (Allow) J:\steam\SteamApps\common\3DMark\bin\x86\3DMark.exe

FirewallRules: [{7C8D545B-7F1B-4711-BA95-FE989B2ECB9F}] => (Allow) J:\steam\SteamApps\common\3DMark\bin\x86\3DMark.exe

FirewallRules: [{CCF257E7-4EEE-496D-ADE5-EFBE8BE1C9F6}] => (Allow) J:\steam\SteamApps\common\3DMark\bin\x64\3DMark.exe

FirewallRules: [{3D07D12B-5566-4779-BC5B-F786E4FAEB78}] => (Allow) J:\steam\SteamApps\common\3DMark\bin\x64\3DMark.exe

FirewallRules: [{3D94A835-E449-4807-922D-94604A2ADD09}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D2261AC8-6726-4EA0-8E9B-E258FAB93C45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{DB229391-0BC6-43CA-B5BA-48A6F4650D8A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{636C6807-4161-48CB-BF66-1F5B4DEEF10E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{84336D94-C194-4624-BDAF-6C70898BBB9C}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{A6988305-58D8-4C78-90FE-A3D3FB93444B}C:\users\josh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{1511768F-4052-4594-82E4-403D3453BE8E}C:\users\josh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{1F463166-95D8-44E7-AFE4-FFF3A947EA45}C:\users\josh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{8283331B-860D-4F14-BCA5-D83C569CAA20}C:\users\josh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{40310BC2-11A4-44BF-8D78-54CF1AD9CB1E}C:\users\josh\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\josh\appdata\local\sodaplayer\app-1.1.4\soda player.exe

FirewallRules: [UDP Query User{DF0B9178-AA81-42CF-B2D8-25AB009738BA}C:\users\josh\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\josh\appdata\local\sodaplayer\app-1.1.4\soda player.exe

FirewallRules: [{E4AB46F6-CC48-4567-B764-3E9468A78DDB}] => (Allow) C:\Player\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe

FirewallRules: [{19F28593-2D3F-484F-9E52-B05AAFD501AA}] => (Allow) C:\Player\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe

FirewallRules: [TCP Query User{E2CA0C44-6B89-402D-9A70-5F5E290CF0CD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe

FirewallRules: [UDP Query User{67570184-703C-451D-91F6-460D7EC047D5}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe

FirewallRules: [TCP Query User{17DBFBBA-57AD-4FE6-B8F2-2574031377A2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe

FirewallRules: [UDP Query User{767C91DB-773C-4E03-B84B-D33CDD78FE17}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe

FirewallRules: [TCP Query User{8A8ABD69-66DD-4648-AE4B-23183463C5A5}J:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) J:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe

FirewallRules: [UDP Query User{07E86D75-2FF5-46E6-8FAC-416B38CF72E8}J:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) J:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe

FirewallRules: [TCP Query User{7FBA4DB4-1988-4C33-BB3D-AEF5CA03B389}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [UDP Query User{40C23527-A7D5-4FE7-8A5F-45339CC25814}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [{7669B6AC-D024-435C-9D5C-3BA1DEB2940A}] => (Allow) C:\Program Files (x86)\ArcheRage NA\Launcher.exe

FirewallRules: [{BE1D667B-0964-4A98-B83D-DBD0563FFFD0}] => (Allow) J:\steam\SteamApps\common\Rust\Rust.exe

FirewallRules: [{9AB61627-F124-413A-8A56-46E15F4A61C6}] => (Allow) J:\steam\SteamApps\common\Rust\Rust.exe

FirewallRules: [TCP Query User{E45EAE14-30D0-4492-90F0-5CEE7CBCBD5E}J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe

FirewallRules: [UDP Query User{978EBEF1-E2EE-4B63-9B79-74C70F57CCDE}J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe

FirewallRules: [TCP Query User{4D2B10F3-D955-4623-B3B5-97A97FCBB61B}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe

FirewallRules: [UDP Query User{8A1F065E-0380-40C4-906D-434F4656F8B7}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe

FirewallRules: [TCP Query User{1686825D-B54A-498B-AE52-F0590B07953A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [UDP Query User{77BB4454-FC92-4BE9-A04B-4A4E7A7A3F05}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [{1789738F-F677-4DFD-BE64-0B8DD57E2E0B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{DCF9683F-6265-40C2-860B-7C68B22D9F87}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{C60CB6DD-A08E-47D1-BE87-A424E4E4DCF1}J:\downloasdz\hirezgames\smite\binaries\win32\smite.exe] => (Allow) J:\downloasdz\hirezgames\smite\binaries\win32\smite.exe

FirewallRules: [UDP Query User{C2531943-C10B-40CD-937C-64DC9A982E71}J:\downloasdz\hirezgames\smite\binaries\win32\smite.exe] => (Allow) J:\downloasdz\hirezgames\smite\binaries\win32\smite.exe

FirewallRules: [TCP Query User{7908EBF1-41C0-4DE8-A70B-D67C5EA3E479}J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe] => (Allow) J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe

FirewallRules: [UDP Query User{15DE096E-A11D-4F81-BE13-F6B61A6AB20B}J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe] => (Allow) J:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe

FirewallRules: [TCP Query User{95CEC2A2-8A63-4DF6-8A78-1C0465964EFB}J:\downloasdz\overwatch test\overwatch.exe] => (Allow) J:\downloasdz\overwatch test\overwatch.exe

FirewallRules: [UDP Query User{F846D487-FD25-46CA-9325-21171E8C50A2}J:\downloasdz\overwatch test\overwatch.exe] => (Allow) J:\downloasdz\overwatch test\overwatch.exe

FirewallRules: [{02D49E82-BAD8-4374-9F8E-7A21B30E47B8}] => (Allow) C:\Player\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{9BB17C6F-E696-4643-9806-903947C71F9A}] => (Allow) C:\Player\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{0AE0508F-E3E6-42D6-AF6C-695A0542BB96}] => (Allow) J:\steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe

FirewallRules: [{92B648A7-6528-449F-A46D-668676D3BE97}] => (Allow) J:\steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe

FirewallRules: [TCP Query User{2A97D970-8F2A-4A34-B0B2-3F74291CE6CC}J:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) J:\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [UDP Query User{E4DA7E5C-F236-4816-B7DF-F88EB50C0035}J:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) J:\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [TCP Query User{59BD6C34-F458-42EB-9FF9-336B35D92D21}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe

FirewallRules: [UDP Query User{E3572862-C778-41E2-97A2-E2529581EAD9}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe

FirewallRules: [TCP Query User{20D5BEFA-5DA1-4454-8B0A-1D1793AE3BE8}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe

FirewallRules: [UDP Query User{FBDD1055-08F9-4394-82FC-EBF426795604}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe

FirewallRules: [{FED4172A-B8BF-4D7F-BE95-8D7F96611127}] => (Allow) J:\steam\SteamApps\common\Horizon Source\GameClient.exe

FirewallRules: [{7ECCA89A-90E8-4F02-AE52-E46F43606BF8}] => (Allow) J:\steam\SteamApps\common\Horizon Source\GameClient.exe

FirewallRules: [{397C5CF1-DB7C-4522-8393-C407B6302EA4}] => (Allow) J:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [{AA8551AA-C515-4881-9613-BBD3999FA130}] => (Allow) J:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [TCP Query User{AD10754F-824D-4C3B-9370-90FAE2508E06}J:\steam\steamapps\common\pubg_closed_experimental\tslgame\binaries\win64\tslgame.exe] => (Allow) J:\steam\steamapps\common\pubg_closed_experimental\tslgame\binaries\win64\tslgame.exe

FirewallRules: [UDP Query User{CAE5FED5-A59F-467D-A6E0-9122B2B92B79}J:\steam\steamapps\common\pubg_closed_experimental\tslgame\binaries\win64\tslgame.exe] => (Allow) J:\steam\steamapps\common\pubg_closed_experimental\tslgame\binaries\win64\tslgame.exe

FirewallRules: [{3C355AA5-A365-405B-BB0F-DE36FBD66450}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-05-2018 15:50:05 Removed 4K Video Downloader 4.3

27-05-2018 15:55:35 Removed Reddit Wallpaper Changer

27-05-2018 16:07:14 Windows Update

27-05-2018 16:10:30 AMDCleanupUtility Restore Point

==================== Faulty Device Manager Devices =============

Name: MBAMSwissArmy

Description: MBAMSwissArmy

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: MBAMSwissArmy

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/27/2018 04:19:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/27/2018 04:17:55 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (05/27/2018 04:13:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (05/27/2018 04:11:59 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (05/27/2018 04:10:41 PM) (Source: ATIeRecord) (EventID: 16387) (User: )

Description: ATI EEU Service event error

Error: (05/27/2018 03:59:59 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (05/27/2018 03:58:16 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (05/27/2018 03:49:38 PM) (Source: WinMgmt) (EventID: 10) (User: )

System errors:

=============

Error: (05/27/2018 04:18:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMSwissArmy service failed to start due to the following error:

The system cannot find the file specified.

Error: (05/27/2018 04:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMSwissArmy service failed to start due to the following error:

The system cannot find the file specified.

Error: (05/27/2018 04:18:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

MBAMSwissArmy

Error: (05/27/2018 04:18:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Origin Web Helper Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Error: (05/27/2018 04:18:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (05/27/2018 04:13:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMSwissArmy service failed to start due to the following error:

The system cannot find the file specified.

Error: (05/27/2018 04:12:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMSwissArmy service failed to start due to the following error:

The system cannot find the file specified.

Error: (05/27/2018 04:12:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

MBAMSwissArmy

Windows Defender:

===================================

Date: 2017-06-25 11:19:17.117

Description:

Windows Defender scan has been stopped before completion.

Scan ID:{523C1C9E-C2C4-4798-9460-8BEA1502E8DE}

Scan Type:AntiSpyware

Scan Parameters:Quick Scan

CodeIntegrity:

===================================

Date: 2018-03-13 23:33:21.856

Description:

Code Integrity is unable to verify the image integrity of the file \Device\VeraCryptVolumeJ\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-13 23:33:21.817

Description:

Date: 2018-03-13 23:33:21.779

Description:

Date: 2018-03-13 23:33:21.735

Description:

Date: 2018-03-13 23:33:21.682

Description:

Code Integrity is unable to verify the image integrity of the file \Device\VeraCryptVolumeJ\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-13 23:33:21.643

Description:

Date: 2018-03-13 23:33:21.605

Description:

Date: 2018-03-13 23:33:21.563

Description:

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz

Percentage of memory in use: 23%

Total physical RAM: 12279.11 MB

Available physical RAM: 9391.73 MB

Total Virtual: 24556.41 MB

Available Virtual: 20806.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:31.99 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: () (Fixed) (Total:59.62 GB) (Free:10.17 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 499D8926)

Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E18E4B42)

Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: B89E27FD)

Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================"

#2
RKinner

Posted 28 May 2018 - 04:05 AM

Malware Expert

Expert
24,735 posts

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

#3
Jaysea29

Posted 28 May 2018 - 01:09 PM

New Member

Topic Starter
Member
2 posts

Finished SFC and corrected some errors.

Here's the rest:

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 28/05/2018 12:00:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 28/05/2018 7:00:05 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The SPP Notification Service service terminated with the following error: Access is denied.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 28/05/2018 12:02:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 82.75 0 K 24 K 0

procexp (1)64.exe 1.33 34,932 K 54,532 K 692 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

Interrupts 0.56 0 K 0 K n/a Hardware Interrupts and DPCs

ts3client_win64.exe 0.50 67,748 K 76,276 K 4032 TeamSpeak 3 Client TeamSpeak Systems GmbH (Verified) TeamSpeak Systems GmbH

audiodg.exe 0.41 18,312 K 18,660 K 3972 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

dwm.exe 0.28 31,308 K 60,528 K 2076 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

csrss.exe 0.21 12,392 K 19,536 K 592 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows

Steam.exe 0.13 131,036 K 167,100 K 2400 Steam Client Bootstrapper Valve Corporation (Verified) Valve

System 0.13 124 K 308 K 4

steamwebhelper.exe 0.10 70,808 K 382,136 K 2948 Steam Client WebHelper Valve Corporation (Verified) Valve

chrome.exe 0.10 473,808 K 515,580 K 624 Google Chrome Google Inc. (Verified) Google Inc

SndVol.exe 0.06 9,932 K 12,088 K 2304 Volume Mixer Microsoft Corporation (Verified) Microsoft Windows

steamwebhelper.exe 0.06 42,400 K 85,396 K 2816 Steam Client WebHelper Valve Corporation (Verified) Valve

AwesomiumProxy.exe 0.04 6,252 K 28,284 K 1324 (Verified) NEOWIZ GAMES CORP.

atieclxx.exe 0.04 3,448 K 9,424 K 1608 AMD External Events Client Module AMD (Verified) Advanced Micro Devices

LCore.exe 0.04 31,552 K 46,740 K 2388 Logitech Gaming Framework Logitech Inc. (Verified) Logitech Inc

svchost.exe 0.04 28,668 K 32,368 K 340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 0.03 14,280 K 29,428 K 5272 Google Chrome Google Inc. (Verified) Google Inc

GameOverlayUI.exe 0.02 28,960 K 27,292 K 6520 gameoverlayui.exe Valve Corporation (Verified) Valve

explorer.exe 0.02 57,716 K 82,112 K 2104 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 0.01 32,340 K 47,312 K 596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

amddvr.exe 0.01 164,588 K 22,432 K 3488 AMD ReLive: Host Application Advanced Micro Devices, Inc. (Verified) Advanced Micro Devices

chrome.exe 0.01 205,332 K 236,996 K 5520 Google Chrome Google Inc. (Verified) Google Inc

AppleMobileDeviceService.exe < 0.01 4,500 K 11,764 K 1644 MobileDeviceService Apple Inc. (Verified) Apple Inc.

svchost.exe < 0.01 15,072 K 27,144 K 500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

chrome.exe < 0.01 147,592 K 199,736 K 3420 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe < 0.01 106,200 K 136,016 K 4732 Google Chrome Google Inc. (Verified) Google Inc

wmpnetwk.exe < 0.01 12,972 K 11,804 K 3384 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows

SteamService.exe < 0.01 7,112 K 12,292 K 3168 Steam Client Service Valve Corporation (Verified) Valve

taskhost.exe < 0.01 10,156 K 14,104 K 2040 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

chrome.exe < 0.01 133,948 K 149,060 K 1780 Google Chrome Google Inc. (Verified) Google Inc

svchost.exe < 0.01 10,820 K 19,196 K 492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 17,688 K 19,072 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

RadeonSettings.exe < 0.01 152,768 K 14,120 K 2380 Radeon Settings: Host Application Advanced Micro Devices, Inc. (Verified) Advanced Micro Devices

SearchIndexer.exe < 0.01 55,400 K 35,248 K 3132 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

csrss.exe < 0.01 2,828 K 5,156 K 508 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 8,392 K 14,896 K 3636 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

TrayTipAgentE.exe < 0.01 6,336 K 7,552 K 2704 (Certificate expired)

WmiPrvSE.exe 4,724 K 9,052 K 6740 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

WmiPrvSE.exe 3,460 K 7,412 K 7736 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 3,836 K 8,436 K 956 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows

wininit.exe 2,112 K 5,176 K 584 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows

TrustedInstaller.exe 8,208 K 15,280 K 3312 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows

taskhost.exe 4,724 K 6,912 K 5920 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

taskeng.exe 2,644 K 6,376 K 7312 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 6,248 K 11,828 K 764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 55,248 K 38,320 K 3820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 14,068 K 17,192 K 4036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 16,600 K 20,092 K 1532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 5,764 K 9,792 K 848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 2,360 K 6,336 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 5,048 K 8,544 K 1768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 3,120 K 6,804 K 3844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

steamwebhelper.exe 14,284 K 19,932 K 5260 Steam Client WebHelper Valve Corporation (Verified) Valve

steamwebhelper.exe 12,240 K 13,852 K 2828 Steam Client WebHelper Valve Corporation (Verified) Valve

sppsvc.exe 3,004 K 8,932 K 3096 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows

spoolsv.exe 7,636 K 13,080 K 1496 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 764 K 1,456 K 328 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows

services.exe 7,044 K 10,856 K 632 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows

procexp (1).exe 2,552 K 7,776 K 5440 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

OSPPSVC.EXE 5,304 K 12,584 K 1392 Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation

nusb3mon.exe 2,224 K 5,880 K 2688 USB 3.0 Monitor NEC Electronics Corporation (No signature was present in the subject) NEC Electronics Corporation

notepad.exe 2,024 K 6,956 K 7028 Notepad Microsoft Corporation (Verified) Microsoft Windows

NIHardwareService.exe 30,272 K 38,272 K 1868 NIHardwareService Native Instruments GmbH (Verified) NATIVE INSTRUMENTS GmbH

mDNSResponder.exe 3,328 K 7,016 K 1740 Bonjour Service Apple Inc. (Verified) Apple Inc.

lsm.exe 3,216 K 4,972 K 660 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows

lsass.exe 5,708 K 13,440 K 652 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows

LogiRegistryService.exe 1,984 K 5,296 K 1816 Logitech Surround Sound Service Logitech Inc. (Verified) Logitech Inc

dllhost.exe 3,164 K 7,232 K 7196 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 2,060 K 4,524 K 6600 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 135,620 K 168,920 K 6432 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 35,916 K 45,540 K 7604 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 63,604 K 87,124 K 5508 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 179,212 K 191,132 K 5624 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 58,444 K 74,416 K 5816 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 113,152 K 156,536 K 1716 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 108,964 K 134,792 K 5312 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 78,996 K 112,784 K 4184 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 109,952 K 143,284 K 5868 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 61,840 K 83,460 K 4856 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 72,420 K 104,516 K 6280 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 98,776 K 126,948 K 2560 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 87,788 K 115,920 K 3568 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 3,476 K 7,216 K 860 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 3,808 K 7,984 K 4196 Google Chrome Google Inc. (Verified) Google Inc

atiesrxx.exe 2,164 K 5,788 K 908 AMD External Events Service Module AMD (Verified) Advanced Micro Devices

amdow.exe 3,416 K 6,672 K 4400 AMD ReLive: Desktop Overlay Advanced Micro Devices, Inc. (Verified) Advanced Micro Devices

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

smss.exe 328 N/A

csrss.exe 508 N/A

wininit.exe 584 N/A

csrss.exe 592 N/A

services.exe 632 N/A

lsass.exe 652 KeyIso, SamSs

lsm.exe 660 N/A

svchost.exe 764 DcomLaunch, PlugPlay, Power

svchost.exe 848 RpcEptMapper, RpcSs

atiesrxx.exe 908 AMD External Events Utility

winlogon.exe 956 N/A

svchost.exe 340 AudioSrv, Dhcp, eventlog,

HomeGroupProvider, lmhosts, wscsvc

svchost.exe 500 AudioEndpointBuilder, CscService, hidserv,

HomeGroupListener, Netman, PcaSvc, TrkWks,

UxSms, Wlansvc, wudfsvc

svchost.exe 492 EventSystem, fdPHost, FontCache, netprofm,

nsi, WdiServiceHost

svchost.exe 596 AeLookupSvc, Appinfo, BITS, Browser,

EapHost, gpsvc, IKEEXT, iphlpsvc,

LanmanServer, MMCSS, ProfSvc, Schedule,

SENS, ShellHWDetection, Themes, Winmgmt,

wuauserv

svchost.exe 1268 CryptSvc, Dnscache, LanmanWorkstation,

NlaSvc

spoolsv.exe 1496 Spooler

svchost.exe 1532 BFE, DPS, MpsSvc

atieclxx.exe 1608 N/A

AppleMobileDeviceService. 1644 Apple Mobile Device Service

mDNSResponder.exe 1740 Bonjour Service

svchost.exe 1768 DiagTrack

LogiRegistryService.exe 1816 LogiRegistryService

NIHardwareService.exe 1868 NIHardwareService

taskhost.exe 2040 N/A

dwm.exe 2076 N/A

explorer.exe 2104 N/A

RadeonSettings.exe 2380 N/A

LCore.exe 2388 N/A

Steam.exe 2400 N/A

nusb3mon.exe 2688 N/A

TrayTipAgentE.exe 2704 N/A

steamwebhelper.exe 2816 N/A

steamwebhelper.exe 2828 N/A

svchost.exe 1400 stisvc

OSPPSVC.EXE 1392 osppsvc

SearchIndexer.exe 3132 WSearch

SteamService.exe 3168 Steam Client Service

wmpnetwk.exe 3384 WMPNetworkSvc

amddvr.exe 3488 N/A

svchost.exe 3636 FDResPub, SSDPSRV, upnphost

svchost.exe 3820 WinDefend

svchost.exe 3844 PolicyAgent

svchost.exe 4036 p2pimsvc, p2psvc, PNRPsvc

amdow.exe 4400 N/A

steamwebhelper.exe 5260 N/A

sppsvc.exe 3096 sppsvc

audiodg.exe 3972 N/A

ts3client_win64.exe 4032 N/A

chrome.exe 3420 N/A

chrome.exe 860 N/A

chrome.exe 4196 N/A

chrome.exe 1780 N/A

chrome.exe 5816 N/A

chrome.exe 5624 N/A

chrome.exe 1716 N/A

chrome.exe 4732 N/A

chrome.exe 2560 N/A

chrome.exe 5312 N/A

chrome.exe 4856 N/A

chrome.exe 3568 N/A

chrome.exe 5508 N/A

chrome.exe 5520 N/A

chrome.exe 624 N/A

chrome.exe 5272 N/A

chrome.exe 6280 N/A

SndVol.exe 2304 N/A

taskhost.exe 5920 N/A

chrome.exe 5868 N/A

steamwebhelper.exe 2948 N/A

chrome.exe 6432 N/A

chrome.exe 4184 N/A

TrustedInstaller.exe 3312 TrustedInstaller

Bless.exe 5340 N/A

AwesomiumProxy.exe 1324 N/A

conhost.exe 6600 N/A

GameOverlayUI.exe 6520 N/A

chrome.exe 7604 N/A

notepad.exe 7028 N/A

WmiPrvSE.exe 7736 N/A

SearchProtocolHost.exe 5328 N/A

SearchFilterHost.exe 1724 N/A

notepad.exe 6544 N/A

dllhost.exe 7752 N/A

dllhost.exe 7372 N/A

cmd.exe 5532 N/A

conhost.exe 1676 N/A

tasklist.exe 7980 N/A

WmiPrvSE.exe 7088 N/A

#4
RKinner

Posted 28 May 2018 - 09:14 PM

Malware Expert

Expert
24,735 posts

No Speccy file?

Process Explorer says you have something called bless running and it's using a lot of CPU time.

Bless.exe 13.16 2,557,104 K 2,306,712 K 5340 Bless Client ⓒNEOWIZ BLESS STUDIO Corp. (Verified) NEOWIZ GAMES CORP.

Other than that it should be fairly quick.

This error:

Log: 'System' Date/Time: 28/05/2018 7:00:05 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The SPP Notification Service service terminated with the following error: Access is denied.

Is your copy of Windows licensed?