Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Random Audio Adverts/iexplore.exe tasks running

Started by ItzSparkyy , Jan 17 2016 07:41 AM

Please log in to reply

#1
ItzSparkyy

Posted 17 January 2016 - 07:41 AM

New Member

Member
8 posts

Hi,

So I have this problem with my computer where I get random audio adverts playing in the background, at different intervals. This is incredibly annoying as it happens regardless of if I'm playing a PC game or just browsing online. I have had this for a while and tried looking into it, but haven't found any recently posted resolutions (Found one on this site but was answered in 2006).

I noticed that Internet Explorer tasks pop up along with the adverts, when I delete them in the task manager, the advert also stops playing, however is only a very temporary solution as they soon come back again.

I'm not the best with computers, and if it can be helped I wouldn't want to wipe my computer to resolve this, but if it is the only way I am willing to.

Thank you in advance for any help from anyone.

-Connor

#2
RKinner

Posted 17 January 2016 - 11:30 AM

Malware Expert

Expert
24,485 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

click on the Addition.txt box.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
ItzSparkyy

Posted 17 January 2016 - 02:23 PM

New Member

Topic Starter
Member
8 posts

I have already tried almost every program there is, including the likes of AdwCleaner and Malwarebytes, etc. It just doesn't seem to want to pick up any sign of the malware.

#4
RKinner

Posted 17 January 2016 - 02:59 PM

Malware Expert

Expert
24,485 posts

If you have already run the first two then no need to run them again but I need the FRST logs. Without the FRST logs I can't help you.

#5
ItzSparkyy

Posted 18 January 2016 - 10:26 AM

New Member

Topic Starter
Member
8 posts

Ah ok. Here is the FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-01-2015

Ran by Sparkyy (administrator) on THECOMPANION (18-01-2016 16:19:38)

Running from C:\Users\Sparkyy\Desktop

Loaded Profiles: Sparkyy (Available Profiles: Sparkyy)

Platform: Windows 8.1 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

() C:\Users\Sparkyy\AppData\Local\ocrprivacy32\ocrprivacy32.exe

() C:\Program Files (x86)\PopApp\advapimswsock64.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

() C:\Windows\SysWOW64\frozenprocessTask\frozenprocessTask.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe

(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe

(Akamai Technologies, Inc.) C:\Users\Sparkyy\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Akamai Technologies, Inc.) C:\Users\Sparkyy\AppData\Local\Akamai\netsession_win.exe

(BitTorrent Inc.) C:\Users\Sparkyy\AppData\Roaming\uTorrent\uTorrent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(BitTorrent Inc.) C:\Users\Sparkyy\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe

() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe

(Razer, Inc.) C:\Users\Sparkyy\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

() C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

(Razer, Inc.) C:\Users\Sparkyy\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe

(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1362152 2015-12-23] (Bogdan Sharkov)

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Sparkyy\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50603136 2016-01-11] (Skype Technologies S.A.)

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\Run: [uTorrent] => C:\Users\Sparkyy\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2016-01-14] (BitTorrent Inc.)

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\Run: [GoogleChromeAutoLaunch_771B480E2427D7A6F4A597FBFBD86BEA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-17]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{72A45FAC-61AD-4BDA-98EB-FD6B9204CD9F}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{80A11960-E3A9-4CC0-8C3C-F2B6900BF759}: [DhcpNameServer] 192.168.2.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1406492376-4246023801-147897859-1001 -> DefaultScope {E582B183-E866-4A52-9AB7-C22D986194B0} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB805D20151121&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1406492376-4246023801-147897859-1001 -> {E582B183-E866-4A52-9AB7-C22D986194B0} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB805D20151121&p={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-15] (Oracle Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-07] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-15] (Oracle Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-15] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-15] (Oracle Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:

========

FF ProfilePath: C:\Users\Sparkyy\AppData\Roaming\Mozilla\Firefox\Profiles\6qpplrba.default

FF DefaultSearchEngine: Secure Search

FF SearchEngineOrder.1: Secure Search

FF SelectedSearchEngine: Secure Search

FF Keyword.URL: hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C111GB805D20141221&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()

FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-15] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-15] (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-15] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-15] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-07] (Microsoft Corporation)

FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-12-15] (Nexon)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-12] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-12] (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

FF Plugin HKU\S-1-5-21-1406492376-4246023801-147897859-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sparkyy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)

FF SearchPlugin: C:\Users\Sparkyy\AppData\Roaming\Mozilla\Firefox\Profiles\6qpplrba.default\searchplugins\McSiteAdvisor.xml [2016-01-16]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-05-30]

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]

FF Extension: logvbicodecUI - C:\Users\Sparkyy\AppData\Roaming\Mozilla\Firefox\Profiles\6qpplrba.default\Extensions\logvbicodecUI.xpi [2015-02-26] [not signed]

FF Extension: Easy Youtube Video Downloader Express - C:\Users\Sparkyy\AppData\Roaming\Mozilla\Firefox\Profiles\6qpplrba.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-26]

FF Extension: Adblock Plus - C:\Users\Sparkyy\AppData\Roaming\Mozilla\Firefox\Profiles\6qpplrba.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-12]

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:

=======

CHR HomePage: Default -> hxxps://www.youtube.com/user/FindRecruits

CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C211GB805D20151121&p={searchTerms}

CHR DefaultSearchKeyword: Default -> mcafee

CHR Profile: C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (SiteAdvisor) - C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-02]

CHR Extension: (Google Docs Offline) - C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]

CHR Extension: (AdBlock) - C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-09]

CHR Extension: (Twitter Follower) - C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghlfjkhaigchnbbkbcgadlnckobaei [2015-10-16]

CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-01-15]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Sparkyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1281056 2015-12-23] ()

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)

R2 frozenprocessTask; C:\Windows\SysWOW64\frozenprocessTask\frozenprocessTask.exe [68608 2014-12-11] () [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)

R2 ocrprivacy32.exe; C:\Users\Sparkyy\AppData\Local\ocrprivacy32\ocrprivacy32.exe [169472 2015-09-21] () [File not signed]

R2 pappService; C:\Program Files (x86)\PopApp\advapimswsock64.exe [187904 2015-09-21] () [File not signed]

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

S2 compilerootx64.exe; C:\Users\Sparkyy\AppData\Local\compilerootx64\compilerootx64.exe [X]

S2 ehtracequartzBckp.exe; C:\Users\Sparkyy\AppData\Local\ehtracequartzBckp\ehtracequartzBckp.exe [X]

S2 fat32schannelapi.exe; C:\Users\Sparkyy\AppData\Local\fat32schannelapi\fat32schannelapi.exe [X]

S2 motionwizardx64.exe; C:\Users\Sparkyy\AppData\Local\motionwizardx64\motionwizardx64.exe [X]

S2 programcryptext_64.exe; C:\Users\Sparkyy\AppData\Local\programcryptext_64\programcryptext_64.exe [X]

S2 silversurfer; C:\Program Files (x86)\SilverSurfer\silversurfer.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-08-30] (UB658)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

S3 hitmanpro37; C:\Windows\SysWOW64\drivers\hitmanpro37.sys [30616 2016-01-16] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)

R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [233160 2013-01-03] (VIA Technologies, Inc.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 16:19 - 2016-01-18 16:20 - 00025449 _____ C:\Users\Sparkyy\Desktop\FRST.txt

2016-01-18 16:19 - 2016-01-18 16:19 - 00000000 ____D C:\FRST

2016-01-18 16:18 - 2016-01-18 16:18 - 02370560 _____ (Farbar) C:\Users\Sparkyy\Downloads\FRST64.exe

2016-01-18 16:18 - 2016-01-18 16:18 - 02370560 _____ (Farbar) C:\Users\Sparkyy\Desktop\FRST64.exe

2016-01-18 16:17 - 2016-01-18 16:17 - 01600184 _____ (Malwarebytes) C:\Users\Sparkyy\Downloads\JRT.exe

2016-01-18 11:03 - 2016-01-18 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2016-01-18 11:02 - 2016-01-18 11:02 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse

2016-01-18 03:13 - 2016-01-18 03:14 - 33304689 _____ C:\Users\Sparkyy\Desktop\Footage of Why Banks Left Faze (HUGE Argument) FaZe Rain _ FaZe Banks.mp4

2016-01-17 18:48 - 2016-01-17 18:48 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse

2016-01-17 11:13 - 2016-01-18 11:02 - 00000000 ____D C:\Users\Sparkyy\AppData\LocalLow\uTorrent

2016-01-16 23:52 - 2016-01-16 23:55 - 00253952 _____ C:\Users\Sparkyy\Desktop\GTASAsf2 (1).b

2016-01-16 23:52 - 2016-01-16 23:52 - 00080596 _____ C:\Users\Sparkyy\Downloads\gtasasf2-1.zip

2016-01-16 20:12 - 2016-01-16 21:20 - 00266240 _____ C:\Users\Sparkyy\Desktop\PROFILE_OPTIONS

2016-01-16 20:12 - 2016-01-16 20:12 - 00029128 _____ C:\Users\Sparkyy\Downloads\Army of two (1).rar

2016-01-16 17:52 - 2016-01-16 17:52 - 00029128 _____ C:\Users\Sparkyy\Downloads\Army of two.rar

2016-01-16 16:06 - 2016-01-16 16:06 - 03255353 _____ C:\Users\Sparkyy\Downloads\-God [bleep]-.mp4

2016-01-16 15:48 - 2016-01-16 15:48 - 113278161 _____ C:\Users\Sparkyy\Downloads\Aerial THE KINGDOM - A Multi-CoD Teamtage.mp4

2016-01-16 15:44 - 2016-01-16 15:44 - 23733589 _____ C:\Users\Sparkyy\Downloads\Storm (FIRST BO3 EDIT).mp4

2016-01-16 12:53 - 2016-01-16 13:17 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys

2016-01-16 12:53 - 2016-01-16 12:53 - 00000000 ____D C:\Program Files (x86)\HitmanPro

2016-01-16 12:49 - 2016-01-16 12:53 - 00001947 _____ C:\Users\Public\Desktop\HitmanPro.lnk

2016-01-16 12:49 - 2016-01-16 12:49 - 00000000 ____D C:\Program Files\HitmanPro

2016-01-16 11:32 - 2016-01-16 11:32 - 01600184 _____ (Malwarebytes) C:\Users\Sparkyy\Desktop\JRT.exe

2016-01-15 12:32 - 2016-01-15 12:32 - 00002319 _____ C:\Users\Sparkyy\Desktop\Chrome App Launcher.lnk

2016-01-15 12:32 - 2016-01-15 12:32 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2016-01-15 12:32 - 2016-01-15 12:32 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2016-01-14 23:00 - 2016-01-14 23:06 - 00791864 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_23.00.28_log.txt

2016-01-14 22:48 - 2016-01-14 22:57 - 00227252 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_22.48.17_log.txt

2016-01-14 22:47 - 2015-12-11 22:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sparkyy\Desktop\TDSSKiller.exe

2016-01-14 18:13 - 2016-01-14 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2016-01-14 18:13 - 2016-01-14 18:13 - 00000000 ____D C:\ProgramData\Apple Computer

2016-01-14 18:13 - 2016-01-14 18:13 - 00000000 ____D C:\Program Files (x86)\QuickTime

2016-01-13 21:29 - 2016-01-13 22:45 - 00000000 ____D C:\Users\Sparkyy\Desktop\alpha protocol

2016-01-13 10:17 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-01-13 10:17 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-01-13 10:17 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-01-13 10:17 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-01-13 10:17 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-01-13 10:17 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-01-13 10:17 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-01-13 10:17 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-01-13 10:17 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-01-13 10:17 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-01-13 10:17 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-01-13 10:17 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-01-13 10:17 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-01-13 10:17 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-01-13 10:17 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-01-13 10:17 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-01-13 10:17 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-01-13 10:17 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-01-13 10:17 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-01-13 10:17 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-01-13 10:17 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-01-13 10:16 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-01-13 10:16 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-01-13 10:16 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-01-13 10:16 - 2015-12-10 00:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-01-13 10:16 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 01798480 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL

2016-01-13 10:16 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2016-01-13 10:16 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll

2016-01-13 10:16 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-01-13 10:16 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-01-13 10:16 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2016-01-13 10:16 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-01-13 10:16 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2016-01-13 10:16 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-01-13 10:16 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2016-01-13 10:16 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-01-13 10:16 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2016-01-13 10:16 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-01-13 10:16 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-01-13 10:16 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-01-13 10:16 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-01-13 10:16 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2016-01-13 10:16 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2016-01-13 10:16 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2016-01-13 10:16 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-01-13 10:16 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-01-13 10:16 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-01-13 10:16 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2016-01-13 10:16 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-01-13 10:16 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2016-01-13 10:16 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL

2016-01-13 10:16 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL

2016-01-13 10:16 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL

2016-01-13 10:16 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-01-13 10:16 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-01-13 10:16 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-01-13 10:16 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-01-13 10:16 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL

2016-01-13 10:16 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-01-13 10:16 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-01-13 10:16 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-01-13 10:16 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2016-01-13 10:16 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2016-01-13 10:16 - 2015-11-17 21:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-01-13 10:16 - 2015-11-17 21:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-01-13 10:16 - 2015-11-17 21:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-01-13 10:16 - 2015-11-17 21:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-01-13 10:16 - 2015-11-17 21:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-01-13 10:16 - 2015-11-17 21:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-01-13 10:16 - 2015-11-17 21:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-01-13 10:15 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-01-13 10:15 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-01-12 13:54 - 2016-01-18 15:59 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-12 13:54 - 2016-01-18 13:59 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-12 13:54 - 2016-01-15 00:01 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-01-12 13:54 - 2016-01-12 13:54 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-01-12 13:54 - 2016-01-12 13:54 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-01-12 13:54 - 2016-01-12 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2016-01-04 19:38 - 2016-01-04 19:38 - 00000947 _____ C:\Users\Sparkyy\Desktop\Open Broadcaster Software.lnk

2016-01-04 19:38 - 2016-01-04 19:38 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2016-01-04 16:12 - 2016-01-04 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Multiplatform

2016-01-03 15:25 - 2016-01-03 15:25 - 00001913 _____ C:\Users\Public\Desktop\Clownfish.lnk

2016-01-01 20:16 - 2016-01-01 20:16 - 00000324 _____ C:\Users\Sparkyy\Desktop\IdleMaster.appref-ms

2016-01-01 20:16 - 2016-01-01 20:16 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IdleMaster

2015-12-29 04:00 - 2015-12-29 04:04 - 00000000 ____D C:\Users\Sparkyy\AppData\LocalLow\Daybreak Game Company

2015-12-29 04:00 - 2015-12-29 04:00 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\SCE

2015-12-29 04:00 - 2015-12-29 04:00 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\Daybreak Game Company

2015-12-29 02:47 - 2015-12-29 02:47 - 00000222 _____ C:\Users\Sparkyy\Desktop\H1Z1.url

2015-12-26 23:45 - 2015-12-26 23:45 - 00000220 _____ C:\Users\Sparkyy\Desktop\Garry's Mod.url

2015-12-26 21:52 - 2015-12-26 21:52 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-12-26 21:52 - 2015-12-26 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-12-23 22:39 - 2016-01-11 00:16 - 00000020 _____ C:\Users\Sparkyy\Desktop\UTERO PAYPAL.txt

2015-12-23 16:05 - 2016-01-12 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 16:19 - 2013-08-22 13:36 - 00000000 ____D C:\Windows

2016-01-18 16:18 - 2014-12-24 17:40 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\uTorrent

2016-01-18 16:17 - 2014-12-28 13:56 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\Skype

2016-01-18 16:06 - 2014-12-17 23:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-18 14:43 - 2015-02-23 17:47 - 00000000 ____D C:\Program Files (x86)\Steam

2016-01-18 11:15 - 2014-12-21 03:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1406492376-4246023801-147897859-1001

2016-01-18 11:10 - 2014-12-21 04:15 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{074841AE-F58E-4D91-B4CE-3F69E14B0A07}

2016-01-18 11:01 - 2014-12-21 07:13 - 00000000 __RDO C:\Users\Sparkyy\SkyDrive

2016-01-18 02:00 - 2014-12-24 22:55 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\Adobe

2016-01-17 00:37 - 2014-12-27 18:28 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\CrashDumps

2016-01-16 13:18 - 2014-12-17 23:41 - 00000000 ____D C:\ProgramData\NVIDIA

2016-01-16 13:18 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-16 13:18 - 2013-08-22 13:25 - 00524288 ___SH C:\Windows\system32\config\BBI

2016-01-16 13:10 - 2014-12-21 03:54 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\Packages

2016-01-16 12:08 - 2015-04-09 00:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-16 11:47 - 2015-04-09 00:14 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-01-16 11:47 - 2015-04-09 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-01-16 11:47 - 2015-04-09 00:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-01-16 11:26 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\Inf

2016-01-15 19:04 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache

2016-01-15 17:54 - 2015-01-16 17:21 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\OBS

2016-01-14 19:08 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-01-14 19:06 - 2015-11-02 13:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-01-14 18:41 - 2014-12-23 01:16 - 00000000 ____D C:\Windows\system32\MRT

2016-01-14 18:15 - 2014-12-24 17:42 - 00000861 _____ C:\Users\Sparkyy\Desktop\µTorrent.lnk

2016-01-14 18:15 - 2014-12-24 17:42 - 00000841 _____ C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2016-01-14 18:15 - 2014-12-23 01:16 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-01-14 18:14 - 2014-12-28 13:56 - 00000000 ____D C:\ProgramData\Skype

2016-01-14 18:14 - 2014-12-24 21:35 - 00001120 _____ C:\Users\Public\Desktop\WinRAR.lnk

2016-01-14 18:14 - 2014-12-24 21:35 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2016-01-14 18:14 - 2014-12-24 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2016-01-14 18:14 - 2014-12-24 21:35 - 00000000 ____D C:\Program Files\WinRAR

2016-01-14 18:01 - 2014-12-17 23:25 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-14 03:02 - 2014-12-26 02:02 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-01-14 03:02 - 2014-12-26 02:02 - 00000000 ____D C:\Windows\system32\appraiser

2016-01-13 18:54 - 2015-12-14 16:40 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\Package Cache

2016-01-13 10:20 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp

2016-01-13 02:11 - 2014-12-21 05:55 - 00000000 ____D C:\ProgramData\McAfee

2016-01-12 17:36 - 2014-12-25 12:13 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\Deployment

2016-01-12 15:04 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness

2016-01-12 15:04 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

2016-01-12 15:02 - 2015-05-21 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-12 15:02 - 2014-12-21 06:36 - 00000000 ____D C:\Program Files (x86)\McAfee

2016-01-12 13:54 - 2014-12-25 12:14 - 00000000 ____D C:\Program Files (x86)\Google

2016-01-11 02:20 - 2014-12-28 02:19 - 00000046 _____ C:\Users\Sparkyy\jagex_cl_runescape_LIVE.dat

2016-01-11 02:20 - 2014-12-28 02:19 - 00000024 _____ C:\Users\Sparkyy\random.dat

2016-01-07 02:04 - 2014-12-21 05:55 - 00000000 ____D C:\Program Files\Common Files\McAfee

2016-01-07 02:04 - 2013-08-22 15:36 - 00000000 ___HD C:\Windows\ELAMBKUP

2016-01-07 02:02 - 2015-08-10 20:52 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon

2016-01-07 02:02 - 2015-08-10 20:52 - 00000000 ____D C:\Windows\System32\Tasks\McAfee

2016-01-06 20:00 - 2015-08-10 20:44 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)

2016-01-05 20:04 - 2015-11-11 17:42 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-05 20:04 - 2015-11-11 17:42 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-01-04 19:38 - 2015-01-16 17:21 - 00000000 ____D C:\Program Files\OBS

2016-01-04 19:38 - 2015-01-16 17:21 - 00000000 ____D C:\Program Files (x86)\OBS

2016-01-04 14:29 - 2015-10-04 21:32 - 00002043 _____ C:\Users\Public\Desktop\AnkhBotR2.lnk

2015-12-29 02:47 - 2015-12-16 00:30 - 00000000 ____D C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-12-28 20:06 - 2014-12-17 23:35 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-12-26 21:52 - 2014-12-28 13:56 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk

2015-12-26 21:52 - 2014-12-28 13:56 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\Skype

2015-12-24 17:15 - 2014-12-21 03:53 - 00000000 ____D C:\Users\Sparkyy

2015-12-23 18:30 - 2015-12-15 17:18 - 00000000 ____D C:\Users\Sparkyy\AppData\Local\NXEPassportClient

2015-12-20 12:15 - 2015-04-06 12:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-12-20 12:15 - 2015-04-06 12:49 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2015-09-07 19:20 - 2015-09-07 19:20 - 0007602 _____ () C:\Users\Sparkyy\AppData\Local\Resmon.ResmonCfg

2015-03-25 15:55 - 2015-03-25 15:55 - 0041976 _____ () C:\ProgramData\24188e0da34438d7.dat

Files to move or delete:

====================

C:\ProgramData\24188e0da34438d7.dat

Some files in TEMP:

====================

C:\Users\Sparkyy\AppData\Local\Temp\A31199DD-6B54-EEAC-A382-F1BB7A20DD79.exe

C:\Users\Sparkyy\AppData\Local\Temp\B9177E99-4B5C-75F8-62DA-F8EC6C8E2FF7.dll

C:\Users\Sparkyy\AppData\Local\Temp\bdfilters.dll

C:\Users\Sparkyy\AppData\Local\Temp\HitmanPro.exe

C:\Users\Sparkyy\AppData\Local\Temp\HitmanPro_x64.exe

C:\Users\Sparkyy\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\Sparkyy\AppData\Local\Temp\jre-8u45-windows-au.exe

C:\Users\Sparkyy\AppData\Local\Temp\jre-8u65-windows-au.exe

C:\Users\Sparkyy\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\Sparkyy\AppData\Local\Temp\NGMDll.dll

C:\Users\Sparkyy\AppData\Local\Temp\NGMResource.dll

C:\Users\Sparkyy\AppData\Local\Temp\NGMSetup.exe

C:\Users\Sparkyy\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Sparkyy\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Sparkyy\AppData\Local\Temp\nvStInst.exe

C:\Users\Sparkyy\AppData\Local\Temp\Quarantine.exe

C:\Users\Sparkyy\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Sparkyy\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\Sparkyy\AppData\Local\Temp\System.Data.SQLite9971038c-a485-4edf-bf94-45ac79b0b0aa.dll

C:\Users\Sparkyy\AppData\Local\Temp\unicows.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-11 16:25

==================== End of FRST.txt ============================

And here is the Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-01-2015

Ran by Sparkyy (2016-01-18 16:21:02)

Running from C:\Users\Sparkyy\Desktop

Windows 8.1 (X64) (2014-12-21 03:53:56)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1406492376-4246023801-147897859-500 - Administrator - Disabled)

Guest (S-1-5-21-1406492376-4246023801-147897859-501 - Limited - Disabled)

Sparkyy (S-1-5-21-1406492376-4246023801-147897859-1001 - Administrator - Enabled) => C:\Users\Sparkyy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)

Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\Akamai) (Version: - Akamai Technologies, Inc)

Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.3.1 - Frictional Games)

Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)

AnkhBotR2 version 1.0.0.49 (HKLM-x32\...\{08D3C5BB-C492-4916-B111-725081845380}_is1) (Version: 1.0.0.49 - Marcin Swierzowski aka AnkhHeart)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )

Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )

Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

Elgato Game Capture HD (HKLM-x32\...\{FAC1D41C-C800-467B-8C8D-97FBF6F5BBF1}) (Version: 2.20.9.1066 - Elgato Systems GmbH)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)

Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)

H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Daybreak Games)

HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)

Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)

HitmanPro 3.7 (HKLM-x32\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)

Horizon (HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\{216bc845-5ede-443c-a81d-35baa507dac9}) (Version: 2.8.16 - Daring Development Inc.)

Horizon (x32 Version: 2.8.16 - Daring Development Inc.) Hidden

IdleMaster (HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)

Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2056 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)

Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version: - GameTuts)

Mozilla Firefox 43.0.4 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-GB)) (Version: 43.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)

NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.75 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

osu! (HKLM-x32\...\{66a8c9fa-0e1b-4fd7-8f50-954d60e13ead}) (Version: latest - ppy Pty Ltd)

Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden

Plusnet Protect (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)

ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - )

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

SeaTools for Windows 1.3.0.15 (HKLM-x32\...\SeaTools for Windows) (Version: 1.3.0.15 - Seagate Technology)

SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden

Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)

Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)

Unity (HKLM-x32\...\Unity) (Version: 5.0.0f4 - Unity Technologies ApS)

Unity Web Player (HKU\S-1-5-21-1406492376-4246023801-147897859-1001\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

Vindictus EU (HKLM-x32\...\Vindictus EU) (Version: - )

Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)

WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005CCCF4-663C-4162-9A16-B32C23A53E61} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-14] (Microsoft Corporation)

Task: {1612A85C-2606-41F8-A3EE-792E68216AC0} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-connormicallef@hotmail.co.uk => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

Task: {18EA54F7-4CD9-4D5F-A5CA-DF88AA724927} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

Task: {1BA17E69-6E51-418A-B246-63BDFFF31B18} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1406492376-4246023801-147897859-1001 => C:\Users\Sparkyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-15] (Microsoft Corporation)

Task: {1F5C7B5D-B778-4E3F-9262-3410DF22D609} - System32\Tasks\{F79503D1-084B-4C72-B746-F072FD9AF937} => Chrome.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/go/help.faq.installer?LastError=1603

Task: {23634A0D-F9B4-4A15-B7F5-8932162D5299} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2016-01-13] (McAfee, Inc.)

Task: {310C6B59-B78C-4DF5-823F-EC79B86384C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-12] (Google Inc.)

Task: {34BF8010-9787-499B-9C1A-E0CA7C5A9D10} - System32\Tasks\{51900187-7460-4ADB-8B74-4ADD7CB70352} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.64.101/en/go/help.faq.installer?LastError=1603

Task: {3AAA5987-2648-458B-991D-6539155D2A66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-12] (Google Inc.)

Task: {3F165904-F8C4-4FF1-966B-08D77DFC00C8} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()

Task: {484F20F6-4B1D-4196-8DAA-8A32C16CB61F} - System32\Tasks\{84A91F37-5816-4F90-918A-996EAAB736C1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.64.101/en/go/help.faq.installer?LastError=1603

Task: {5209635E-81F1-4446-BCB4-67F3C392A72D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {540B45D0-8FA5-43A0-9AE7-7EC2745FD90F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)

Task: {56B3F624-5279-4D58-A7FE-FC9BCC9CC3E1} - System32\Tasks\{E141F707-B0FF-4FA8-80B2-19546C3C4337} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/en/go/help.faq.installer?LastError=1603

Task: {7D692074-B631-414F-9BFC-B28399498E65} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)

Task: {7DE646F1-8014-4918-B4D5-3EFAF0652189} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-07-09] ()

Task: {8EE4D9D5-D65D-4D69-B26F-A95ACC915BCB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {99C31806-81A4-4A8E-A990-7FAEFF031B0F} - System32\Tasks\{9B721EF3-D583-4FB2-B3DE-8B26523D5D49} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.64.101/en/go/help.faq.installer?LastError=1603

Task: {9A127267-29A7-4CBF-8FCB-A7E4E5C8BD13} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-08] (Microsoft Corporation)

Task: {9B8116EE-E42F-4B39-8300-3499BC09075A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)

Task: {A5CA0EE3-2BA0-4F9A-9520-E55B3154B5EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B638214C-3EA3-4260-B918-31DA89394A4B} - System32\Tasks\{9751C832-5902-4BE3-B302-21CEFD5D114A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/go/help.faq.installer?LastError=1603

Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {BA4EB3F8-ACC6-4377-96A2-A419B52D48DD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)

Task: {BB1CBE20-9916-4952-85F1-CB3958DFA417} - System32\Tasks\McAfee\McAfee Idle Detection Task

Task: {CB110338-5267-4CDD-9E6C-D416BBAF2290} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()

Task: {DEA29620-1C78-43CB-ABE1-ADB2974C88A9} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)

Task: {E3ABE47B-916B-4E3D-A3D0-1EE7F40C4203} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)

Task: {F7AB105A-3A66-456F-A7BB-B346AF7BF899} - System32\Tasks\{67272EA8-F5F6-482B-AC9B-11B8C3559312} => Chrome.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/go/help.faq.installer?LastError=1603

Task: {FB114F2D-D03C-4271-AB14-70DB29A1C62A} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2016-01-13] (McAfee, Inc.)

Task: {FBB6F676-6E77-48BF-8763-5C054351092B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-02 13:38 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll

2015-09-21 21:40 - 2015-09-21 21:40 - 00169472 _____ () C:\Users\Sparkyy\AppData\Local\ocrprivacy32\ocrprivacy32.exe

2015-09-21 21:40 - 2015-09-21 10:23 - 00187904 _____ () C:\Program Files (x86)\PopApp\advapimswsock64.exe

2015-06-23 19:11 - 2015-06-23 19:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2014-12-24 21:47 - 2014-12-11 11:54 - 00068608 _____ () C:\Windows\SysWOW64\frozenprocessTask\frozenprocessTask.exe

2014-12-17 23:41 - 2014-11-12 21:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2016-01-14 19:05 - 2016-01-07 14:14 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2014-12-17 23:25 - 2012-08-09 10:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2014-12-17 23:25 - 2012-08-09 10:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2015-07-08 06:58 - 2015-07-08 06:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

2015-12-16 00:31 - 2015-12-16 00:31 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

2015-09-21 21:40 - 2014-07-08 09:22 - 00095232 _____ () C:\Users\Sparkyy\AppData\Local\ocrprivacy32\qjson0.dll

2015-03-13 16:43 - 2014-10-29 03:59 - 01029952 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll

2015-03-13 16:42 - 2014-10-29 00:46 - 00531456 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL

2015-12-21 13:52 - 2015-12-21 13:52 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll

2016-01-15 00:01 - 2016-01-12 16:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll

2016-01-15 00:01 - 2016-01-12 16:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll

2015-10-01 06:28 - 2015-10-01 06:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

2015-11-06 11:25 - 2014-11-26 01:12 - 40622592 _____ () C:\Users\Sparkyy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll

2015-11-06 11:25 - 2014-11-26 01:12 - 00911360 _____ () C:\Users\Sparkyy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll

2015-11-06 11:25 - 2014-11-26 01:12 - 00134144 _____ () C:\Users\Sparkyy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll

2015-02-23 17:49 - 2015-11-10 19:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-02-23 17:49 - 2015-07-03 16:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-02-23 17:49 - 2015-12-14 20:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll

2015-02-23 17:49 - 2015-07-03 16:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-02-23 17:49 - 2015-07-03 16:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2015-02-23 17:49 - 2015-09-24 00:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2015-02-23 17:49 - 2015-09-24 00:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2015-02-23 17:49 - 2015-09-24 00:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2015-02-23 17:49 - 2015-09-24 00:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2015-02-23 17:49 - 2015-09-24 00:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2015-02-23 17:49 - 2015-12-14 20:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2015-09-01 23:07 - 2015-11-03 22:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll

2015-02-23 17:49 - 2015-11-17 00:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-02-23 17:49 - 2015-09-24 23:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34382679.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34382679.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2015-12-17 22:39 - 00000903 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 d3oxij66pru1i3.cloudfront.net

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1406492376-4246023801-147897859-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sparkyy\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{B5E5A72E-05F7-4BD2-A6BE-789E003B37C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{6C4DFDE3-DFC5-4716-9262-FB13585E9728}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{B698C5DA-8B9C-4963-B4E6-BD523697F65F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{103C0591-70E4-4359-B4E2-8BCD2255EF54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{1E388B2E-B05D-4860-A2CF-C61231675BF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{75A0BC77-EB3F-4F99-8D2B-95B518EAC13A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{069549D9-3BF0-4378-9A2E-0EA16DD0962E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{EFED1BD1-B86E-4A90-BF5E-489158C96352}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{50702992-E26A-429A-8825-9BEEC96AB757}] => (Allow) C:\Users\Sparkyy\AppData\Local\Temp\nso8976.tmp\CnetInstaller-10662709.exe

FirewallRules: [{FE8EC9E1-A6DA-4BAD-BC75-F47B6907D297}] => (Allow) C:\Users\Sparkyy\AppData\Local\Temp\nso8976.tmp\CnetInstaller-10662709.exe

FirewallRules: [{1DB6573C-5FE2-4465-887A-A6AB601AD27D}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{D96C4A66-15DD-4086-9A6A-E401F1161A4E}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{E2EF9525-200A-4A3D-9D3A-C706CBC1DBAA}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe

FirewallRules: [{92605A5A-56A7-4699-AC99-2079E116A2D7}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe

FirewallRules: [{6273EB99-14BE-4ADA-AB4E-19929A39B6B1}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe

FirewallRules: [{69103810-8429-4804-871D-F5D0E38939C4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{BEEC7DBE-D6AB-42C5-832A-421A572352A7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{3D83BDBE-A0C9-46B8-B1CC-DCAB2F78E573}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{53150683-EA05-45CF-8511-117778042EA3}] => (Allow) C:\Windows\wauctla.exe

FirewallRules: [{23ADA93F-4ACC-435A-8572-B4B5807A1840}] => (Allow) C:\Windows\wauctla.exe

FirewallRules: [{4695776B-4EEB-457B-BF1E-094D64B53E75}] => (Allow) C:\Windows\taskmgr.exe

FirewallRules: [{13963B34-F345-4168-B2CD-41F7979A72DD}] => (Allow) C:\Windows\taskmgr.exe

FirewallRules: [TCP Query User{8F260528-9BFC-40E7-BF9B-E75EC3648DDF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{EE33ADB9-BD66-4FAD-B573-501E4E8070AF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{0473E607-5ED9-414A-B6F3-11622DE2DDD3}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe

FirewallRules: [UDP Query User{3FA78605-EC26-4EAD-807D-02FD632E8EF1}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe

FirewallRules: [{3B749F15-1D65-43A6-9684-04F920E149BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{B1F7DAB0-E40E-4BE4-AF40-1F39AED9D32A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{7F61AFAE-9CAF-4D3C-BDFE-41CD7B383D2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{9A50C78A-D4A0-4078-A323-E7F236165DCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{D75C5991-F355-4948-B055-7FEF4319B6F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{DE7EB517-0A93-444B-99A7-909867263D67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{85505DC2-415C-4D2B-8E22-99A5AC2D7439}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{3AC83C01-7A3D-4EFB-B2BE-196FE27FE911}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{69E9108F-0D6D-42CD-B8C3-F6600A924CB2}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{005257B6-99D6-42BE-8FE3-30F624453F53}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{CD2EAA23-D9D7-4471-A4EB-C566B5DEE613}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{90CD1239-BD21-42EA-805C-747E1136D632}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{C0672368-FBD2-4DC2-86F8-3BBBB47A015B}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{3945AB79-06F3-4769-A43C-8A7023DE94B1}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{B8DF204F-2FFE-41B8-82B2-CB73851344E4}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{6B961708-4506-4F5C-8FFD-B2970B2D92AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{F5475716-58A0-4B53-B659-8BAAAAD9B4DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{7CB4F7B6-38D5-41CA-868E-51BE08C03FCB}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe

FirewallRules: [{6C0134DF-B8BA-4E60-B7CB-FABE24E8B5AE}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe

FirewallRules: [{389509EC-9134-4B66-87AF-045D098C36BD}] => (Allow) C:\Nexon\Vindictus EU\en-EU\NMService.exe

FirewallRules: [{D004DD99-B54F-4A42-8A6A-A930078CC4D9}] => (Allow) C:\Nexon\Vindictus EU\en-EU\NMService.exe

FirewallRules: [{D30608E7-4C47-4AEE-97A0-A1DA8F41B5CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{06309DC9-2115-4E44-89F0-3E472AD3FC9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{64EE41E8-0FE6-4777-88C2-E12CC2BD5920}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{4509CB6B-2C5D-4028-9EF0-DC3EF16E53B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{9013FF32-B342-48BB-877C-AC010A7058CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [{28E458FA-E1C7-401F-A02A-F993C9003268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [{96559609-98A9-4F08-B9BC-1E91A7E7D0ED}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [{AD8D7639-9402-4BD1-AC29-8B7AFA898D26}] => (Allow) C:\Users\Sparkyy\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe

FirewallRules: [TCP Query User{121B1B4E-732D-4DE0-9379-0E9B6E4F7CEE}C:\users\sparkyy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sparkyy\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{55583E15-E385-4076-821A-23EDAC365ED5}C:\users\sparkyy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sparkyy\appdata\local\akamai\netsession_win.exe

FirewallRules: [{1AE1645C-1858-4495-94A1-849694708D5A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-01-2016 18:10:32 McAfee Vulnerability Scanner

16-01-2016 11:33:42 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/18/2016 11:12:10 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418220

Error: (01/18/2016 11:06:54 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12c88

Start Time: 01d151df9c3d6981

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 909aad66-bdd3-11e5-82a7-fcaa1483f321

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/18/2016 11:03:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THECOMPANION)

Description: Activation of application Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/18/2016 11:03:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THECOMPANION)

Description: Activation of application Microsoft.MicrosoftJigsaw_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/17/2016 11:24:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418220

Error: (01/17/2016 11:18:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THECOMPANION)

Description: Activation of application Microsoft.MicrosoftJigsaw_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/17/2016 12:37:28 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmprph.exe, version: 12.0.9600.17415, time stamp: 0x54504e5a

Faulting module name: ntdll.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5

Exception code: 0xc0000005

Fault offset: 0x000000000003dd0e

Faulting process ID: 0x9358

Faulting application start time: 0xwmprph.exe0

Faulting application path: wmprph.exe1

Faulting module path: wmprph.exe2

Report ID: wmprph.exe3

Faulting package full name: wmprph.exe4

Faulting package-relative application ID: wmprph.exe5

Error: (01/16/2016 01:51:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Clownfish.exe, version: 4.1.7.0, time stamp: 0x567ab604

Faulting module name: Clownfish.exe, version: 4.1.7.0, time stamp: 0x567ab604

Exception code: 0xc000041d

Fault offset: 0x00001065

Faulting process ID: 0x1490

Faulting application start time: 0xClownfish.exe0

Faulting application path: Clownfish.exe1

Faulting module path: Clownfish.exe2

Report ID: Clownfish.exe3

Faulting package full name: Clownfish.exe4

Faulting package-relative application ID: Clownfish.exe5

Error: (01/16/2016 11:45:42 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 67a0

Start Time: 01d15052b40d7568

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a7ee08ab-bc46-11e5-82a6-fcaa1483f321

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:

=============

Error: (01/18/2016 02:41:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/18/2016 02:41:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Error: (01/18/2016 11:15:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Interactive Services Detection service terminated with the following error:

%%1

Error: (01/18/2016 03:50:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Error: (01/18/2016 03:36:53 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

==================== Memory info ===========================

Processor: AMD FX™-6350 Six-Core Processor

Percentage of memory in use: 47%

Total physical RAM: 8173.55 MB

Available physical RAM: 4322.14 MB

Total Virtual: 13966.66 MB

Available Virtual: 9117.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:625.61 GB) NTFS

Drive e: (Gigabyte) (CDROM) (Total:3.59 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8E31432A)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hopefully they'll help out, thanks

#6
RKinner

Posted 18 January 2016 - 11:36 AM

Malware Expert

Expert
24,485 posts

Download the attached fixlist.txt to the same location as FRST

[attachment=80048:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that. Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

Any improvement?

#7
ItzSparkyy

Posted 19 January 2016 - 07:35 AM

New Member

Topic Starter
Member
8 posts

Should I replace the FRST.txt file with it? I saved FRST.exe to my desktop so what should I do there?

#8
RKinner

Posted 19 January 2016 - 08:00 AM

Malware Expert

Expert
24,485 posts

Click on the Fixlist.txt file, Save it to your desktop without changing the name since that's where FRST.exe is. Right click on FRST.exe and Run As Administrator. Hit the Fix button. FRST.exe will find the Fixlist.txt file and run with it.

#9
ItzSparkyy

Posted 19 January 2016 - 08:59 AM

New Member

Topic Starter
Member
8 posts

Ah ok got it. Here's the fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version:17-01-2015

Ran by Sparkyy (2016-01-19 13:37:10) Run:1

Running from C:\Users\Sparkyy\Desktop

Loaded Profiles: Sparkyy (Available Profiles: Sparkyy)

Boot Mode: Normal

==============================================

fixlist content:

*****************