• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Is my pc clean?

Status
Not open for further replies.
T

TwiXxiN

PCHF Member
Nov 30, 2016
7
3
29
#1
I ran anti malwarebytes, zemana, junkware removal tool, adwcleaner, zhpcleaner,rogue killer and eset online scanner. Nothing was found, but i am still curious if there is anything left, since i've had a trojan svchost.exe virus that i removed instantly after i got it.
Logs from FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by DuhBoy (administrator) on DUHBOYKX (24-05-2017 16:55:32)
Running from C:\Users\DuhBoy\Downloads
Loaded Profiles: DuhBoy (Available Profiles: defaultuser0 & DuhBoy)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-09-23] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 77.77.192.20 94.140.66.194
Tcpip\..\Interfaces\{f9f53f6f-3721-44da-a5be-1652421efa6f}: [DhcpNameServer] 77.77.192.20 94.140.66.194

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2590114280-3335225030-2770196223-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.ba/"
CHR Profile: C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default [2017-05-24]
CHR Extension: (BetterTTV) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-05-05]
CHR Extension: (uBlock Origin) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (uMatrix) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2017-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2162064 2017-05-11] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3136920 2017-05-11] (Electronic Arts)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0314337.inf_amd64_21ee54ffe6f42e4c\atikmdag.sys [36560376 2017-05-18] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0314337.inf_amd64_21ee54ffe6f42e4c\atikmpag.sys [529912 2017-05-18] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-24] (Malwarebytes)
S1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-11-18] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 16:45 - 2017-05-24 16:45 - 00008227 _____ C:\Users\DuhBoy\Downloads\fixlist.txt
2017-05-24 16:24 - 2017-05-24 16:24 - 00038771 _____ C:\Users\DuhBoy\Downloads\Addition.txt
2017-05-24 16:23 - 2017-05-24 16:55 - 00008329 _____ C:\Users\DuhBoy\Downloads\FRST.txt
2017-05-24 16:23 - 2017-05-24 16:55 - 00000000 ____D C:\FRST
2017-05-24 16:23 - 2017-05-24 16:23 - 02429952 _____ (Farbar) C:\Users\DuhBoy\Downloads\FRST64.exe
2017-05-24 16:23 - 2017-05-24 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\DuhBoy\Downloads\HijackThis.exe
2017-05-24 14:21 - 2017-05-24 15:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\System
2017-05-24 00:00 - 2017-05-24 00:00 - 00000000 ____D C:\Users\DuhBoy\Documents\SART
2017-05-23 18:34 - 2017-05-24 16:21 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\ESET
2017-05-22 23:34 - 2017-05-22 23:34 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\CAPCOM
2017-05-21 19:49 - 2017-05-21 19:49 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-05-21 16:09 - 2017-05-21 16:09 - 00000000 ____D C:\Users\DuhBoy\Documents\My Mods
2017-05-20 19:54 - 2017-05-20 19:54 - 00000761 _____ C:\Users\Public\Desktop\w3arena.lnk
2017-05-20 19:54 - 2017-05-20 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.9.10
2017-05-20 19:36 - 2017-05-20 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-05-20 19:14 - 2017-05-22 01:56 - 00000840 _____ C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2017-05-20 13:33 - 2017-05-20 18:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-18 23:32 - 2017-05-20 01:52 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\AMD
2017-05-18 23:31 - 2017-05-18 23:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-05-18 23:30 - 2017-05-18 23:30 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files (x86)\AMD
2017-05-18 23:29 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files\AMD
2017-05-18 23:29 - 2017-01-28 00:05 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-18 23:29 - 2017-01-28 00:04 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-18 23:29 - 2017-01-28 00:02 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-18 23:29 - 2017-01-28 00:01 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-18 23:28 - 2017-05-18 23:29 - 00000000 ____D C:\AMD
2017-05-18 23:27 - 2017-05-20 13:34 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-05-18 23:27 - 2017-05-18 23:27 - 00003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-05-18 20:55 - 2017-05-18 20:55 - 10322936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 08480248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-05-18 20:55 - 2017-05-18 20:55 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-05-18 20:55 - 2017-05-18 20:55 - 02536952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 02199032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01517048 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01041400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01041400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00925176 _____ (AMD) C:\WINDOWS\system32\coinst_17.10.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00794880 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-05-18 20:55 - 2017-05-18 20:55 - 00794880 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-05-18 20:55 - 2017-05-18 20:55 - 00777720 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00552440 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00552440 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00531960 _____ C:\WINDOWS\system32\GameManager64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00484344 _____ C:\WINDOWS\system32\atieah64.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00467960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00411640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00366072 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00334840 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00279032 _____ C:\WINDOWS\system32\clinfo.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00276984 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00245752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00242680 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00204280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00191992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00170488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00168440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00157336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00151544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00149072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00135672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00134136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00131912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00131912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00123384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00121848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00115704 _____ C:\WINDOWS\system32\atidxx64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00113144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00112632 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00103152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00103152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00102392 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00099832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00069624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00045560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00043000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00864760 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00696824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00574440 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00515064 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00360952 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00196816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00165040 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00139712 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00116704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00092152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00075768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-05-18 20:54 - 2017-05-18 20:54 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-05-18 20:54 - 2017-05-18 20:54 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-05-17 02:37 - 2017-05-17 02:37 - 00000000 ____D C:\Users\DuhBoy\Downloads\devicecleanup
2017-05-16 10:44 - 2017-05-16 10:44 - 00000851 _____ C:\Users\DuhBoy\Desktop\LEGO City Undercover.lnk
2017-05-16 00:36 - 2017-05-18 17:23 - 00007602 _____ C:\Users\DuhBoy\AppData\Local\Resmon.ResmonCfg
2017-05-15 18:49 - 2017-05-15 18:49 - 00000868 _____ C:\Users\Public\Desktop\Resident Evil Revelations 2.lnk
2017-05-15 14:03 - 2017-05-15 14:03 - 14725904 _____ (TeamViewer GmbH) C:\Users\DuhBoy\Downloads\TeamViewer_Setup.exe
2017-05-11 13:48 - 2017-05-24 16:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-11 13:48 - 2017-05-11 13:48 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-11 13:48 - 2017-05-11 13:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-11 13:48 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-11 01:10 - 2017-05-24 00:16 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\UnrealEngine
2017-05-09 20:04 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-09 20:04 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-09 20:04 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-09 20:04 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-09 20:04 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-09 20:04 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-09 20:04 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-09 20:04 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-09 20:04 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-09 20:04 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-09 20:04 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-09 20:04 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-09 20:04 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 20:04 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-09 20:04 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-09 20:04 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-09 20:04 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-09 20:04 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-09 20:04 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-09 20:04 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-09 20:04 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-09 20:04 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-09 20:04 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-09 20:04 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-09 20:04 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-09 20:04 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-09 20:04 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-09 20:04 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-09 20:04 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-09 20:04 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-09 20:04 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-09 20:04 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-09 20:04 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-09 20:04 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-09 20:04 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-09 20:04 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-09 20:04 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-09 20:04 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-09 20:04 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-09 20:04 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-09 20:04 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-09 20:04 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-09 20:04 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-09 20:04 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-09 20:04 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-09 20:04 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-09 20:04 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-09 20:04 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-09 20:04 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-09 20:04 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-09 20:04 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-09 20:04 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-09 20:04 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-09 20:04 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-09 20:04 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-09 20:04 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-09 20:04 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-09 20:04 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-09 20:04 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-09 20:04 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-09 20:04 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-09 20:04 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-09 20:04 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-09 20:04 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-09 20:04 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-09 20:04 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-09 20:04 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-09 20:04 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-09 20:04 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-09 20:04 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-09 20:04 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-09 20:04 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-09 20:04 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-09 20:04 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-09 13:56 - 2017-05-09 15:27 - 00000000 ____D C:\Users\DuhBoy\Documents\FIFA 17
2017-05-09 13:56 - 2017-05-09 13:56 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-05-09 13:56 - 2017-05-09 13:56 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-05-09 13:16 - 2017-05-23 18:32 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Origin
2017-05-09 13:16 - 2017-05-09 13:16 - 00000757 _____ C:\Users\Public\Desktop\Origin.lnk
2017-05-09 13:16 - 2017-05-09 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-05-09 13:14 - 2017-05-23 12:57 - 00000000 ____D C:\ProgramData\Origin
2017-05-09 13:14 - 2017-05-09 13:16 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Origin
2017-05-09 13:14 - 2017-05-09 13:14 - 00000000 ____D C:\Users\DuhBoy\.Origin
2017-05-08 22:59 - 2017-05-08 22:59 - 00000000 ____D C:\Users\DuhBoy\Documents\League of Legends
2017-05-07 16:25 - 2017-05-07 16:25 - 00000833 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-05-07 16:25 - 2017-05-07 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-05-03 01:21 - 2017-05-03 01:40 - 00000000 ____D C:\Users\DuhBoy\AppData\LocalLow\Playtonic Ltd
2017-05-01 22:28 - 2017-05-01 22:28 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\FILECACHE
2017-05-01 00:41 - 2017-04-19 09:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-01 00:41 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-01 00:41 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-01 00:41 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-01 00:41 - 2017-04-19 08:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-01 00:41 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-01 00:41 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-01 00:41 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-01 00:41 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-01 00:41 - 2017-04-19 08:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-01 00:41 - 2017-04-19 08:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-01 00:41 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-01 00:41 - 2017-04-19 08:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-01 00:41 - 2017-04-19 08:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-01 00:41 - 2017-04-19 08:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-01 00:41 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-01 00:41 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-01 00:41 - 2017-04-19 08:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-01 00:41 - 2017-04-19 08:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-01 00:41 - 2017-04-19 08:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-01 00:41 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-01 00:41 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-01 00:41 - 2017-04-19 07:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-01 00:41 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-01 00:41 - 2017-04-19 07:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-01 00:41 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-01 00:41 - 2017-04-19 07:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-01 00:41 - 2017-04-19 07:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-01 00:41 - 2017-04-19 07:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-01 00:41 - 2017-04-19 07:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-01 00:41 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-01 00:41 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-01 00:41 - 2017-04-19 07:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-01 00:41 - 2017-04-19 07:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-01 00:41 - 2017-04-14 02:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-01 00:41 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-01 00:41 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-01 00:41 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-01 00:41 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-01 00:41 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-01 00:41 - 2017-04-14 02:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-01 00:41 - 2017-04-14 02:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-01 00:41 - 2017-04-14 01:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-01 00:41 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-01 00:41 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-01 00:41 - 2017-04-14 01:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-01 00:41 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-01 00:41 - 2017-04-14 01:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-01 00:41 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-01 00:41 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-01 00:41 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-01 00:41 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-01 00:41 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-01 00:41 - 2017-04-14 01:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-01 00:41 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-01 00:41 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-01 00:41 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-01 00:41 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-01 00:41 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-01 00:41 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-01 00:41 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-01 00:41 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-01 00:41 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-01 00:41 - 2017-04-14 01:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-01 00:41 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-01 00:41 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-01 00:41 - 2017-04-14 01:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-01 00:41 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-01 00:41 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-01 00:41 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-01 00:41 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-01 00:41 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-01 00:41 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-01 00:41 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-01 00:41 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-04-30 23:23 - 2017-04-30 23:23 - 00000000 ____D C:\ProgramData\GOG.com
2017-04-29 18:05 - 2017-05-18 23:26 - 00000000 ____D C:\Users\DuhBoy\Downloads\DDU
2017-04-27 18:53 - 2017-05-18 23:30 - 00000000 ____D C:\Users\DuhBoy\AppData\LocalLow\AMD
2017-04-27 18:19 - 2017-05-05 23:57 - 00001015 _____ C:\Users\DuhBoy\Desktop\Outlast 2.lnk
2017-04-26 09:09 - 2017-04-26 09:09 - 00113392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2017-04-26 09:09 - 2017-04-26 09:09 - 00110088 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 16:55 - 2016-12-05 18:11 - 00629537 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-05-24 16:36 - 2016-08-09 19:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-24 16:33 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-24 16:28 - 2017-04-11 21:12 - 01492078 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-24 16:23 - 2017-04-11 21:04 - 00000000 ____D C:\Users\DuhBoy
2017-05-24 16:21 - 2017-04-11 21:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-24 16:21 - 2017-04-11 21:03 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-05-24 16:21 - 2017-03-18 13:40 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-05-24 16:19 - 2016-12-05 18:11 - 00027518 _____ C:\WINDOWS\ZAM.krnl.trace
2017-05-24 16:04 - 2017-04-11 21:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-24 15:37 - 2017-01-30 04:38 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-24 15:30 - 2016-08-22 19:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Sony
2017-05-24 13:50 - 2017-04-11 21:06 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{25DA4746-5AA4-44A5-9C19-E6E75C7A10A8}
2017-05-24 09:10 - 2016-08-09 18:05 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\qBittorrent
2017-05-24 01:31 - 2016-12-03 22:47 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\CrashDumps
2017-05-24 01:31 - 2016-08-09 18:10 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-24 00:18 - 2017-01-20 00:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-23 23:36 - 2016-08-19 19:42 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Riot Games
2017-05-23 13:21 - 2016-08-10 00:54 - 00000000 ____D C:\Users\DuhBoy\Documents\My Games
2017-05-23 10:01 - 2016-08-10 18:37 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 10:01 - 2016-08-10 18:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 07:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-23 01:58 - 2017-04-04 01:24 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Downloaded Installations
2017-05-22 00:40 - 2017-04-05 19:39 - 00000000 ____D C:\Users\DuhBoy\Documents\Warcraft III
2017-05-21 17:39 - 2016-12-01 03:42 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\obs-studio
2017-05-21 14:45 - 2017-03-08 16:28 - 00000000 ____D C:\Program Files\Rockstar Games
2017-05-21 14:45 - 2017-03-08 16:28 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-05-21 14:19 - 2016-12-01 03:42 - 00000946 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-05-21 02:53 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-20 19:45 - 2017-04-05 19:39 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Blizzard
2017-05-20 19:37 - 2016-08-09 19:10 - 00000000 ____D C:\ProgramData\Battle.net
2017-05-20 19:26 - 2017-04-05 19:40 - 00000000 ____D C:\Users\Public\Documents\Warcraft III
2017-05-20 13:59 - 2017-04-11 21:03 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-05-20 13:59 - 2017-01-20 18:29 - 00116476 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2017-05-20 02:08 - 2016-12-05 19:35 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\discord
2017-05-20 02:08 - 2016-11-22 00:07 - 00002280 _____ C:\Users\DuhBoy\Desktop\Discord.lnk
2017-05-20 02:08 - 2016-11-22 00:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-05-20 02:08 - 2016-11-22 00:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Discord
2017-05-19 02:23 - 2017-03-27 19:59 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\TeamViewer
2017-05-18 20:55 - 2017-04-03 19:52 - 00547320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-05-18 20:55 - 2017-04-03 19:52 - 00478712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-05-17 23:27 - 2016-08-09 19:19 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\vlc
2017-05-15 20:19 - 2016-09-16 16:20 - 00000909 _____ C:\Users\DuhBoy\Desktop\Handbrake.lnk
2017-05-11 14:16 - 2016-09-04 23:42 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 14:16 - 2016-09-04 23:42 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 14:05 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-11 14:05 - 2016-08-09 17:55 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Packages
2017-05-11 13:59 - 2017-04-11 21:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2590114280-3335225030-2770196223-1001
2017-05-11 13:48 - 2017-04-13 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-10 12:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-10 04:09 - 2017-04-11 21:02 - 00373920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 04:09 - 2016-08-09 17:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-09 20:06 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-01 00:43 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-01 00:23 - 2016-10-03 13:38 - 00000000 __RHD C:\ESD
2017-04-30 01:55 - 2017-04-11 21:06 - 00003466 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 01:55 - 2017-04-11 21:06 - 00003342 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-30 00:55 - 2016-08-27 11:25 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Battle.net
2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-05-16 00:36 - 2017-05-18 17:23 - 0007602 _____ () C:\Users\DuhBoy\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-17 13:44

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by DuhBoy (24-05-2017 16:55:51)
Running from C:\Users\DuhBoy\Downloads
Windows 10 Pro Version 1703 (X64) (2017-04-11 19:14:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2590114280-3335225030-2770196223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2590114280-3335225030-2770196223-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2590114280-3335225030-2770196223-1000 - Limited - Disabled) => C:\Users\defaultuser0
DuhBoy (S-1-5-21-2590114280-3335225030-2770196223-1001 - Administrator - Enabled) => C:\Users\DuhBoy
Guest (S-1-5-21-2590114280-3335225030-2770196223-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Boris Continuum Complete 10 OFX (64-Bit) (HKLM\...\{6EF8D3CA-AA7A-412D-9297-F949C2B49821}) (Version: 10.0.2279 - Boris FX, Inc.)
Castle Crashers (HKLM\...\Steam App 204360) (Version: - The Behemoth)
Catalyst Control Center Next Localization BR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.47.58349 - Electronic Arts)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
LEGO City Undercover (HKLM-x32\...\LEGO City Undercover_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NewBlue Vegas Pro Suite Complete (HKLM-x32\...\NewBlue Vegas Pro Suite Complete) (Version: 1.0 - NewBlue)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.1 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 10.4.10.46586 - Electronic Arts, Inc.)
Outlast 2 (HKLM-x32\...\Outlast 2_is1) (Version: - )
qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7940 - Realtek Semiconductor Corp.)
Resident Evil Revelations 2 version 5.0.0.0 (HKLM-x32\...\Resident Evil Revelations 2_is1) (Version: 5.0.0.0 - Mr DJ)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
Sonic & All-Stars Racing Transformed (HKLM\...\Steam App 212480) (Version: - Sumo Digital)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.1 - TeamSpeak Systems GmbH)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}) (Version: 1.05.157 - Ubisoft)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{F1756240-1A2A-11E7-92A1-C2A106E0D44C}) (Version: 14.0.252 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
w3arena.net Launcher 1.9.10 (HKLM-x32\...\{1197C38E-5F74-4141-A58B-FD6936D5D9F3}) (Version: 1.9.10 - w3arena)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WinRAR 5.50 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.1 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6C9A083B-3D40-435E-A04E-7C4C424ACFD9} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {718E3ADE-7B58-4CFF-9F01-0FCF4EE55F10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {AE5B41C1-47FE-415F-8032-FD0ADDD500B6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-05-17] (Advanced Micro Devices, Inc.)
Task: {E15693CF-403C-4D68-94D4-2F35803D934D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-11 13:48 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-19 04:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-11 14:16 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-11 14:16 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-18 12:29 - 2017-05-09 13:16 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2017-05-11 13:47 - 00003620 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 rad.msn.com
0.0.0.0 preview.msn.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 ads1.msn.com
0.0.0.0 ads.msn.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 adnxs.com
0.0.0.0 adnexus.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 a-0001.a-msedge.net

There are 73 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DuhBoy\Pictures\ms_windows-wallpaper-1680x1050.jpg
DNS Servers: 77.77.192.20 - 94.140.66.194
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5ED4C595-013E-4F89-B470-DA0A7BBA64FD}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{095297AF-9B32-4BC4-8335-B2CB920DF55E}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{714F5833-BE70-47E4-BD49-A4D97C888345}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [TCP Query User{33C15387-1BD2-4E07-BAAB-1845259A4A77}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{58CD17ED-EAA9-44C6-8DC2-381B3F7630B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C7CD707E-B0BD-4FBF-AC7E-DF4CF1E7D734}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{53D211E9-0804-4B35-BCE0-7BA6A18C5C76}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{24B634BA-9CEA-422F-B637-D1358C3833E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAF381E7-92AC-4E6B-B4E4-2CEDC9F188A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{301FCC0D-2387-4B1A-B50B-386122680F48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17E22BC1-02D8-4BDD-B4E3-14A9F91BE0B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09D0372F-A844-4EC8-A9DE-EA12F068AB20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2CB4439A-460B-473F-B127-418DFAE2AE84}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{6E9E2F6D-3C68-4144-A813-EA8F50EE1030}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{48D37D40-76AD-492B-9D52-546791886A6D}D:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe] => (Allow) D:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [UDP Query User{9C0B5C4F-ED7A-45E4-8651-D8B5EF861309}D:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe] => (Allow) D:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{DF99CD0F-B049-4A9E-88BF-9D91AF87272E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE522D96-7741-43CF-8BF6-FA0563FC2739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F94749C-E186-4F4B-9D15-DE1488924449}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4CE1686E-7B6C-493B-88BD-1F6FA9E6F31D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{C24268C7-C112-4DCE-8EE4-5C7068941942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3115130B-2588-48C4-86F7-0F2D6F35D134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B78BAF1-CBA9-43B8-BB99-9CA0D1CA833C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AF67D029-8333-4F9F-ABE5-444FB730805A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{69BA2B0F-8AB3-4EA8-ADA1-CEC5FE763251}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D28ED5E7-F578-4DC5-AC4A-DC18BF2D9AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B516B35-2C81-4B6A-B02D-44B7DACFFF52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5B7CBF9A-2367-46D8-9E8C-9159F6D52B36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{86ED9362-1944-423C-B4A8-DD13E20A3B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDFE9B0E-72EA-4780-8C85-5503C616B596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95A035D4-263E-4FDD-90F1-606D5A8B8B27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E1AB2477-74BC-486E-9B16-3FC63C09B5A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C2B707FA-4FFB-46B8-A6DF-7EF538957FC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50FC30F8-BF73-418B-BCA0-12A6E2C0ED81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1BC9DE9-C69D-4CC1-9167-4106EB5957C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF91EB3E-DC42-4A65-8F76-557E67CFBB6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{461FF452-0C14-457F-BCAF-9C97A6A6D771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CC387C6-64FA-4E20-9B80-17CAF85DE59C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{D28484F8-C417-44F6-A753-28426A08CFF8}D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Block) D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [UDP Query User{2341AA36-53B8-475D-8453-D2332C4D810A}D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Block) D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [{FD7A622C-BCB0-448B-AC97-5C66E566B4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D4F08C5-45D9-45EE-AC8F-ED8E28A2B1A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14E9815B-952C-4197-86F8-D25ECE5D1D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1B6E7D5-1955-403E-8CE9-76570ECAC823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{5C4ECD95-089E-4885-8048-39BC91BB7E09}D:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) D:\program files (x86)\origin games\fifa 17\fifa17.exe
FirewallRules: [UDP Query User{A0B935E9-4A31-4E46-9723-338CAE7E415E}D:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) D:\program files (x86)\origin games\fifa 17\fifa17.exe
FirewallRules: [{71B2FF19-A597-41CC-BC25-951A23900200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A5F7651-9418-4EB9-B1B7-2ACA00D8CDE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6393CD30-973E-4650-8532-789F2CC14E7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2EAF1A7F-12A6-4574-8436-D55FEA7D616D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3553140C-76AE-44C6-9139-5CB7F96B9B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F019850D-1DD2-4640-BB46-65758C1371D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{ED510579-BCF2-49BA-BCAE-E38ABFBC8D7A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{6A91A993-BC59-4928-863C-E710C944D6E6}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{0B056C44-0643-4A0B-BE53-61F7D76F785C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B3D8177-168A-4D80-B631-E48C5D320697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E8F2B4B-2A35-41D4-98BB-DED392D1D7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B50998F-1DA9-4853-B135-CC2D8471B254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A6F9E727-872C-4339-BCF7-B7BBD3ABA3D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5508AF85-0925-4867-9FCF-A9CD81B85727}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF522AC1-FE0D-4236-8BA9-C47E6D23E20D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F579A642-1DFF-4710-BCDA-84F342F98954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50B12832-FDD2-47DB-9522-157328A3B8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7047D2A5-1BC1-45B5-9B10-39CA350F46AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{558B6F35-649E-42B8-9571-58E4146BD7C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE879407-02D3-4865-98CF-E9B83DA07DAE}] => (Allow) D:\Games\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{BFE6EE12-7374-45BE-BBD6-6AB23A0DE5F2}] => (Allow) D:\Games\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{B8105E31-3635-4A90-8CA3-32A52E4BA76A}] => (Block) LPort=445
FirewallRules: [{4DE4C44F-A5EA-4AF4-BCEE-CD3C342AF51E}] => (Allow) D:\Program Files (x86)\Resident Evil Revelations 2\rerev2.exe
FirewallRules: [{EF7656F8-6E53-4A8C-9062-74787F4604BC}] => (Allow) D:\Program Files (x86)\Resident Evil Revelations 2\rerev2.exe
FirewallRules: [TCP Query User{40460BB4-5F1A-4C15-BD46-170D6A7091C9}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{0063E442-AF7B-4B4B-A9A4-B9C004D6B2CE}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{DBD4FA02-84D0-4B34-95D5-9E9F5A512166}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{738F4FF3-6A6E-4AA7-92CE-45689DD90E75}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1165FD4B-B016-455A-8D5E-B010CF046E7F}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3233E533-CA0D-4ABF-898F-168BCE8BD883}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{7E99160D-4DDC-465B-A78D-FAA898B88B18}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{D23B007D-DBFC-4EA8-A638-83191FA1A41F}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{40C17BA3-F631-44AB-A8BA-EC6EB7907303}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{8ADB11CC-98B2-4A6C-BA8A-AF8688660762}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2017 04:51:20 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/24/2017 04:51:04 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/24/2017 04:49:47 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/24/2017 04:48:21 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/24/2017 04:47:33 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/24/2017 04:47:26 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/24/2017 04:47:20 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:


System errors:
=============

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8135.39 MB
Available physical RAM: 5989.59 MB
Total Virtual: 8647.39 MB
Available Virtual: 6537.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.24 GB) (Free:36.94 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:795.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 09836306)

Partition: GPT.

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 46192262)

Partition: GPT.

==================== End of Addition.txt ============================



Also this rKILL log looks suspicious:

aRkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/24/2017 04:57:38 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\DuhBoy\Downloads\FRST64.exe (PID: 2044) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* agp440 [Missing Service]
* DcpSvc [Missing Service]
* Fax [Missing Service]
* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* tunnel [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* workfolderssvc [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]

* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [Incorrect ImagePath]
* RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 rad.msn.com
0.0.0.0 preview.msn.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com

20 out of 106 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 05/24/2017 04:57:45 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)


I ran system file integrity scan, but everything is fine, no corruptions. Maybe rkill is incorrect on few of these services?
Also i am really good keeping my pc safe and clean, didn't had a virus in few years. Just wanna make sure, also i checked the logs, they seem pretty clean to me, except those from rKill. IF you need logs from anything else, just ask.
 
Last edited:
#2
FRST Fix.

Click Here To Download Fixlist.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Eliminate restrictive settings with this tool.
  • Temporarily disable your antivirus --- Your antivirus may flag this tool as malware, it is safe to run I assure you.
  • Download SupRestric.exe save to your desktop.
  • Close all running programs.
  • Double click the file to launch it.
  • Windows: 7/8/10 Vista and run as administrator
  • Click Yes at any prompt.
  • The analysis takes only a few moments.
  • The report is on the desktop ( CTR.txt )
  • Copy paste report in next reply.
  • A reboot is needed to complete the repairs.

HijackThis.


1- Please Click HERE to download HijackThis. -- Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.
2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.

upload_2017-4-26_17-16-39-png.2074





3. Click the Scanner button.

upload_2017-2-23_3-32-26-png.1647



When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 

Attachments

  • fixlist.txt
    1.5 KB · Views: 21
#3
I removed some files from fixlist, since i know they are legit and hosts file, since i most of the hosts blocks are from o&o Shut10 for privacy settings.
Here is the fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by DuhBoy (24-05-2017 17:42:04) Run:1
Running from C:\Users\DuhBoy\Downloads
Loaded Profiles: DuhBoy (Available Profiles: defaultuser0 & DuhBoy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
emptytemp:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2590114280-3335225030-2770196223-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
C:\WINDOWS\System32\Tasks\StartCN
Task: {6C9A083B-3D40-435E-A04E-7C4C424ACFD9} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {AE5B41C1-47FE-415F-8032-FD0ADDD500B6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-05-17] (Advanced Micro Devices, Inc.)
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
end

*****************

Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
C:\WINDOWS\System32\Tasks\StartCN => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C9A083B-3D40-435E-A04E-7C4C424ACFD9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C9A083B-3D40-435E-A04E-7C4C424ACFD9} => key removed successfully
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE5B41C1-47FE-415F-8032-FD0ADDD500B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE5B41C1-47FE-415F-8032-FD0ADDD500B6} => key removed successfully
C:\WINDOWS\System32\Tasks\StartCN => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartCN => key removed successfully

========= RemoveProxy: =========

HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 46116360 B
Java, Flash, Steam htmlcache => 710986534 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 44352647 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
DuhBoy => 661434 B

RecycleBin => 0 B
EmptyTemp: => 771.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:42:07 ====

We also removed service from my amd graphic driver, hopefully that won't do anything bad which is StartCN.


CTR LOGS:

Rapport de Contrôle restrictions Pierre13 (CTR version 2.5.0.0 ) du 24\05\2017 à 17:40:29
PC de DuhBoy
Microsoft Windows 10 Pro (64 bits) [10.0.15063]

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.
[BKDR_BLACKEN.A] clé WarnOnClose corrigée.
Autorisation installation sponsor Java(x86) supprimée.
Autorisation installation sponsor Java(x64) supprimée.
Restriction diffusion en ligne supprimée.
Restriction Affichage Documents récents supprimée.
Restriction Affichage Documents supprimée.
Restriction synchronisation en arrière-plan des flux d'informations et des Web Slices supprimée.
Restriction découverte des flux RSS et des Web Slices supprimée.
Restriction affichage mot de passe en clair supprimée.
Pavé numérique activé.
Restriction sur l'inventaire des programmes supprimée.
Restriction utilisateur pour Windows Installer supprimée.
Configuration Windows Update rétablie.
Configuration Windows Update rétablie.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activés.

240 restrictions contrôlées.

16 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.


Le rapport est sur le bureau (C:\Users\DuhBoy\Desktop\CTR.txt)



Hijackthis:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:47:18, on 24.5.2017.
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\DuhBoy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Usluga Google ažuriranje (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usluga Google ažuriranje (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 4730 bytes

ZHPDIAG:

~ ZHPDiag v2017.5.21.84 By Nicolas Coolman (2017/05/21)
~ Run by DuhBoy (Administrator) (2017/05/24 17:47:03)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\DuhBoy\Desktop\ZHPDiag.txt
~ Report: C:\Users\DuhBoy\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 15063) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v58.0.3029.110
~ MSIE: Internet Explorer v11.296.15063.0

---\\ Windows Product Information (3) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

---\\ System protection software (1) - 1s
Windows Defender (Deactivate)

---\\ Sharing software PeerToPeer (1) - 1s
~ qBittorrent 3.3.12 v3.3.12 (P2P)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 94 Stepping 3, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8330.64 MB (76% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 38 GB (33%) free of 113 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DUHBOYKX
~ User Name: DuhBoy
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 38 GB free of 113 GB (System)
~ Drive D: has 777 GB free of 953 GB

---\\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 1s
[MD5.6314A1E16B2B6D2E0E3FE65C9BA7BD73] - 14/04/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4848440] =>.Microsoft Windows®
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
[MD5.9A4BA96E87A1FD69381249557BDE2BF0] - 18/03/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
[MD5.2B1361AFBF330AF9A652A336EE77CBCB] - 28/04/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
[MD5.D0F1FB0E90BFBD14865B770E2567BE1D] - 19/04/2017 - (.Microsoft Corporation - Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [707072] =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
[MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
[MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
[MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
[MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - 18/03/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
[MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
[MD5.731FD52461C8107E5B19B9AEDBB82BFB] - 18/03/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2328480] =>.Microsoft Windows®
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 19/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
[MD5.2540384EF2EEE5BE930E3FB1061395DC] - 18/03/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [120224] =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (4) - 0s
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\WINDOWS\system32\atiesrxx.exe =>.AMD
O23 - Service: Usluga Google ažuriranje (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: Origin Web Helper Service (Origin Web Helper Service) . (.Electronic Arts - OriginWebHelperService.) - D:\Program Files (x86)\Origin\OriginWebHelperService.exe =>.Electronic Arts, Inc.®

---\\ Services not Microsoft (SR=Run, SS=Stop) (7) - 13s
SR - Auto [18/05/2017] [ 552440] (AMD External Events Utility) . (.AMD.) - C:\WINDOWS\system32\atiesrxx.exe =>.Advanced Micro Devices, Inc.®
SS - Auto [04/09/2016] [ 153752] Usluga Google ažuriranje (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [04/09/2016] [ 153752] Usluga Google ažuriranje (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SR - Auto [09/05/2017] [ 4470736] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SS - Demand [11/05/2017] [ 2162064] Origin Client Service (Origin Client Service) . (.Electronic Arts.) - D:\Program Files (x86)\Origin\OriginClientService.exe =>.Electronic Arts, Inc.®
SR - Auto [11/05/2017] [ 3136920] Origin Web Helper Service (Origin Web Helper Service) . (.Electronic Arts.) - D:\Program Files (x86)\Origin\OriginWebHelperService.exe =>.Electronic Arts, Inc.®
SS - Demand [26/04/2017] [ 1590048] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®

---\\ Task Planned Automatically (5) - 10s
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
O39 - APT: Unknown - (.Legitimate.) -- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [214]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3342] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3466] =>.Google Inc®

---\\ Auto loading programs from Registry and folders (2) - 0s
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp.®
O4 - HKLM\..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) -- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®

---\\ Process running (18) - 1s
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Service Module.) -- C:\WINDOWS\system32\atiesrxx.exe [0] [PID.1412] =>.AMD
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Client Module.) -- C:\WINDOWS\system32\atieclxx.exe [0] [PID.1960] =>.AMD
[MD5.D76E56108E6482905D3FAEA0649919E4] - (.Malwarebytes - Malwarebytes Service.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736] [PID.2724] =>.Malwarebytes Corporation®
[MD5.4966CBBEA41A8F5F83A50D616E98D44C] - (.Electronic Arts - OriginWebHelperService.) -- D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3136920] [PID.3120] =>.Electronic Arts, Inc.®
[MD5.5602FF42444B4991E69C62E493BDAEC4] - (.Malwarebytes - Malwarebytes Tray Application.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704] [PID.5456] =>.Malwarebytes Corporation®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6512] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6548] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6580] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6704] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6808] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6824] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6844] =>.Google Inc®
[MD5.05A0CA9D87D53E83F10C1224B26694B6] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176] [PID.4660] =>.Realtek Semiconductor Corp.®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.5372] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.5488] =>.Google Inc®
[MD5.0FFC55BD7C6A0BC17072D2EC7D9FB341] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.6876] =>.Google Inc®
[MD5.6C88188108262E1C54DBECBF1D82C710] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\DuhBoy\AppData\Roaming\ZHP\ZHPDiag3.exe [2731520] [PID.3216] =>.Nicolas Coolman
[MD5.47811D50390A86A17102D7496E6EABB9] - (.Trend Micro Inc. - HijackThis.) -- C:\Users\DuhBoy\Downloads\HijackThis.exe [388608] [PID.6628] =>.Trend Micro Inc.

---\\ Google Chrome, Start,Search,Extensions (6) - 0s
G2 - GCE: Preference [User Data\Default] [ajopnjidmegmdimjlfnijceegpefgped] BetterTTV
G2 - GCE: Preference [User Data\Default] [bkkbcggnhapdmkeljlodobbkopceiche] Poper Blocker =>.DingoSolutions
G2 - GCE: Preference [User Data\Default] [cjpalhdlnbpafiamejdnhcphjbkeiagm] uBlock Origin =>.Raymond Hill
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ogfcmafjalglgifnmanfmnieipoejdcf] uMatrix =>.Legitimate
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Internet Explorer Extensions, Start, Search (11) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (111)

---\\ Global shortcuts Startup (76) - 2s
O4 - GS\Desktop [Administrator]: Discord.lnk . (.GitHub - Update.) C:\Users\DuhBoy\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Administrator]: DS4Windows.lnk . (.Copyright © Scarlet.Crush Productions 2012, 2013; Inh - DS4Windows.) D:\Program Files (x86)\DS4Windows\DS4Windows.exe
O4 - GS\Desktop [Administrator]: Handbrake.lnk . (.HandBrake Team - .) C:\Program Files (x86)\Handbrake\Handbrake.exe =>.HandBrake Team
O4 - GS\Desktop [Administrator]: LEGO City Undercover.lnk . (.Warner Bros. Interactive Entertainment - LEGO® CITY UNDERCOVER.) D:\Program Files (x86)\LEGO City Undercover\LEGOLCU_DX11.exe =>.Travellers Tales (UK) Ltd®
O4 - GS\Desktop [Administrator]: Outlast 2.lnk . (.Red Barrels Inc. - Outlast 2.) D:\Program Files (x86)\Outlast 2\Binaries\Win64\Outlast2.exe -refreshrate 75 =>.Red Barrels Inc.
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\DuhBoy\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Programs [Administrator]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Desktop [defaultuser0]: Discord.lnk . (.GitHub - Update.) C:\Users\DuhBoy\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [defaultuser0]: DS4Windows.lnk . (.Copyright © Scarlet.Crush Productions 2012, 2013; Inh - DS4Windows.) D:\Program Files (x86)\DS4Windows\DS4Windows.exe
O4 - GS\Desktop [defaultuser0]: Handbrake.lnk . (.HandBrake Team - .) C:\Program Files (x86)\Handbrake\Handbrake.exe =>.HandBrake Team
O4 - GS\Desktop [defaultuser0]: LEGO City Undercover.lnk . (.Warner Bros. Interactive Entertainment - LEGO® CITY UNDERCOVER.) D:\Program Files (x86)\LEGO City Undercover\LEGOLCU_DX11.exe =>.Travellers Tales (UK) Ltd®
O4 - GS\Desktop [defaultuser0]: Outlast 2.lnk . (.Red Barrels Inc. - Outlast 2.) D:\Program Files (x86)\Outlast 2\Binaries\Win64\Outlast2.exe -refreshrate 75 =>.Red Barrels Inc.
O4 - GS\Desktop [defaultuser0]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\DuhBoy\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [defaultuser0]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [defaultuser0]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\TaskBar [defaultuser0]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Programs [defaultuser0]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Desktop [DuhBoy]: Discord.lnk . (.GitHub - Update.) C:\Users\DuhBoy\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [DuhBoy]: DS4Windows.lnk . (.Copyright © Scarlet.Crush Productions 2012, 2013; Inh - DS4Windows.) D:\Program Files (x86)\DS4Windows\DS4Windows.exe
O4 - GS\Desktop [DuhBoy]: Handbrake.lnk . (.HandBrake Team - .) C:\Program Files (x86)\Handbrake\Handbrake.exe =>.HandBrake Team
O4 - GS\Desktop [DuhBoy]: LEGO City Undercover.lnk . (.Warner Bros. Interactive Entertainment - LEGO® CITY UNDERCOVER.) D:\Program Files (x86)\LEGO City Undercover\LEGOLCU_DX11.exe =>.Travellers Tales (UK) Ltd®
O4 - GS\Desktop [DuhBoy]: Outlast 2.lnk . (.Red Barrels Inc. - Outlast 2.) D:\Program Files (x86)\Outlast 2\Binaries\Win64\Outlast2.exe -refreshrate 75 =>.Red Barrels Inc.
O4 - GS\Desktop [DuhBoy]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\DuhBoy\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [DuhBoy]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [DuhBoy]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\TaskBar [DuhBoy]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Programs [DuhBoy]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: Discord.lnk . (.GitHub - Update.) C:\Users\DuhBoy\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Guest]: DS4Windows.lnk . (.Copyright © Scarlet.Crush Productions 2012, 2013; Inh - DS4Windows.) D:\Program Files (x86)\DS4Windows\DS4Windows.exe
O4 - GS\Desktop [Guest]: Handbrake.lnk . (.HandBrake Team - .) C:\Program Files (x86)\Handbrake\Handbrake.exe =>.HandBrake Team
O4 - GS\Desktop [Guest]: LEGO City Undercover.lnk . (.Warner Bros. Interactive Entertainment - LEGO® CITY UNDERCOVER.) D:\Program Files (x86)\LEGO City Undercover\LEGOLCU_DX11.exe =>.Travellers Tales (UK) Ltd®
O4 - GS\Desktop [Guest]: Outlast 2.lnk . (.Red Barrels Inc. - Outlast 2.) D:\Program Files (x86)\Outlast 2\Binaries\Win64\Outlast2.exe -refreshrate 75 =>.Red Barrels Inc.
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\DuhBoy\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Programs [Guest]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\CommonDesktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) D:\Program Files (x86)\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) D:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: CPUID HWMonitor.lnk . (.CPUID - HWMonitor.) D:\Program Files\CPUID\HWMonitor\HWMonitor.exe =>.CPUID®
O4 - GS\CommonDesktop [Public]: Defraggler.lnk . (.Piriform Ltd - Defraggler.) C:\Program Files\Defraggler\Defraggler64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Fraps.lnk . (.Beepa P/L - Fraps.) D:\Fraps\fraps.exe =>.Beepa Pty Ltd®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: Malwarebytes.lnk . (.Malwarebytes - Malwarebytes.) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe =>.Malwarebytes Corporation®
O4 - GS\CommonDesktop [Public]: OBS Studio.lnk . (...) D:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe {6B814CC0D9BCCD2DE17C6C4544824700}
O4 - GS\CommonDesktop [Public]: Origin.lnk . (.Electronic Arts - Origin.) D:\Program Files (x86)\Origin\Origin.exe =>.Electronic Arts, Inc.®
O4 - GS\CommonDesktop [Public]: qBittorrent.lnk . (...) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
O4 - GS\CommonDesktop [Public]: Resident Evil Revelations 2.lnk . (...) D:\Program Files (x86)\Resident Evil Revelations 2\rerev2.exe =>.CAPCOM Co.,Ltd.®
O4 - GS\CommonDesktop [Public]: Revo Uninstaller Pro.lnk . (.VS Revo Group - Revo Uninstaller Pro.) D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe =>.VS Revo Group®
O4 - GS\CommonDesktop [Public]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\CommonDesktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbH®
O4 - GS\CommonDesktop [Public]: Tom Clancy's Splinter Cell Chaos Theory.lnk . (...) D:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe
O4 - GS\CommonDesktop [Public]: Vegas Pro 14.0 (64-bit).lnk . (.MAGIX Computer Products Intl. Co. - .) C:\Program Files (x86)\VEGAS\VEGAS Pro 14.0\vegas140.exe =>.MAGIX Computer Products Intl. Co.
O4 - GS\CommonDesktop [Public]: w3arena.lnk . (.myroc.net - myroc.) D:\Program Files (x86)\w3arena\myroc.exe =>.myroc.net
O4 - GS\CommonDesktop [Public]: Warcraft III - The Frozen Throne.lnk . (.Blizzard Entertainment - Frozen Throne.) D:\Program Files (x86)\Warcraft III\Frozen Throne.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\Programs [Public]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbH®
O4 - GS\ProgramsCommon [Public]: Windows 10 Upgrade Assistant.lnk . (...) C:\Windows10Upgrade\Windows10UpgraderApp.exe
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.77.192.20 94.140.66.194
O17 - HKLM\System\CCS\Services\Tcpip\..\{f9f53f6f-3721-44da-a5be-1652421efa6f}: DhcpNameServer = 77.77.192.20 94.140.66.194

---\\ Extra protocols (22) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation

---\\ Software installed (47) - 4s
O42 - Logiciel: Borderlands 2 - (.Gearbox Software.) [HKLM][64Bits] -- Steam App 49520 =>.Valve®
O42 - Logiciel: Boris Continuum Complete 10 OFX (64-Bit) - (.Boris FX, Inc..) [HKLM][64Bits] -- {6EF8D3CA-AA7A-412D-9297-F949C2B49821} =>.Boris FX, Inc.
O42 - Logiciel: Castle Crashers - (.The Behemoth.) [HKLM][64Bits] -- Steam App 204360 =>.Valve®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Counter-Strike: Global Offensive - (.Valve.) [HKLM][64Bits] -- Steam App 730 =>.Valve®
O42 - Logiciel: CPUID HWMonitor 1.31 - (.CPUID Inc.) [HKLM][64Bits] -- CPUID HWMonitor_is1 =>.CPUID Inc
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM][64Bits] -- Defraggler =>.Piriform Ltd®
O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] -- Discord =>.Hammer & Chisel Inc.®
O42 - Logiciel: Dota 2 - (.Valve.) [HKLM][64Bits] -- Steam App 570 =>.Valve®
O42 - Logiciel: FIFA 17 - (.Electronic Arts.) [HKLM][64Bits] -- {8C0DD062-B659-409C-9AB7-8EBD1D64D2EB} =>.Electronic Arts, Inc.®
O42 - Logiciel: Fraps - (.Beepa.) [HKLM][64Bits] -- Fraps =>.Beepa
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: HandBrake 0.10.5 - (.HandBrake Team.) [HKLM][64Bits] -- HandBrake =>.HandBrake Team
O42 - Logiciel: LEGO City Undercover - (..) [HKLM][64Bits] -- LEGO City Undercover_is1
O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Mortal Kombat X - (.NetherRealm Studios.) [HKLM][64Bits] -- Steam App 307780 =>.Valve®
O42 - Logiciel: MSVCRT Redists - (.MAGIX Computer Products Intl. Co..) [HKLM][64Bits] -- {52116C70-79F9-11E6-9541-BB95F5A309BD} =>.MAGIX Computer Products Intl. Co.
O42 - Logiciel: MSVCRT Redists - (.MAGIX Computer Products Intl. Co..) [HKLM][64Bits] -- {8E4D7921-051A-11E7-8CB0-C2A106E0D44C} =>.MAGIX Computer Products Intl. Co.
O42 - Logiciel: MSVCRT Redists - (.MAGIX Computer Products Intl. Co..) [HKLM][64Bits] -- {96B4EEDE-9175-11E6-A113-F4A5ED4DBF67} =>.MAGIX Computer Products Intl. Co.
O42 - Logiciel: MSVCRT Redists - (.MAGIX Computer Products Intl. Co..) [HKLM][64Bits] -- {AEAC1380-BE51-11E6-AFD9-BE9B4130C4C9} =>.MAGIX Computer Products Intl. Co.
O42 - Logiciel: MSVCRT Redists - (.MAGIX Computer Products Intl. Co..) [HKLM][64Bits] -- {F6698AB0-1A2A-11E7-B816-C2A106E0D44C} =>.MAGIX Computer Products Intl. Co.
O42 - Logiciel: MSVCRT Redists - (.MAGIX Computer Products Intl. Co..) [HKLM][64Bits] -- {F7F9EEA1-AAA0-11E6-B719-8EDAE4BED5C9} =>.MAGIX Computer Products Intl. Co.
O42 - Logiciel: MSVCRT Redists - (.Sony Creative Software Inc..) [HKLM][64Bits] -- {0A75EE21-68BC-11E6-A2B6-BB95F5A309BD} =>.Sony Creative Software Inc.
O42 - Logiciel: MSVCRT Redists - (.Sony Creative Software Inc..) [HKLM][64Bits] -- {24DB3A5E-0BC8-11E5-9A27-F04DA23A5C58} =>.Sony Creative Software Inc.
O42 - Logiciel: MSVCRT Redists - (.Sony Creative Software Inc..) [HKLM][64Bits] -- {FF6F9021-6EBB-11E6-863A-BB95F5A309BD} =>.Sony Creative Software Inc.
O42 - Logiciel: NewBlue Vegas Pro Suite Complete - (.NewBlue.) [HKLM][64Bits] -- NewBlue Vegas Pro Suite Complete =>.NewBlue
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.16.0318 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: OBS Studio - (.OBS Project.) [HKLM][64Bits] -- OBS Studio =>.OBS Project
O42 - Logiciel: Origin - (.Electronic Arts, Inc..) [HKLM][64Bits] -- Origin =>.Electronic Arts, Inc.®
O42 - Logiciel: Outlast 2 - (..) [HKLM][64Bits] -- Outlast 2_is1
O42 - Logiciel: qBittorrent 3.3.12 - (.The qBittorrent project.) [HKLM][64Bits] -- qBittorrent
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.®
O42 - Logiciel: Resident Evil Revelations 2 version 5.0.0.0 - (.Mr DJ.) [HKLM][64Bits] -- Resident Evil Revelations 2_is1
O42 - Logiciel: Revo Uninstaller Pro 3.1.9 - (.VS Revo Group, Ltd..) [HKLM][64Bits] -- {67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1 =>.VS Revo Group, Ltd.
O42 - Logiciel: Rocket League - (.Psyonix, Inc..) [HKLM][64Bits] -- Steam App 252950 =>.Valve®
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam =>.Valve®
O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM][64Bits] -- TeamSpeak 3 Client =>.TeamSpeak Systems GmbH
O42 - Logiciel: Tom Clancy's Splinter Cell Chaos Theory - (.Ubisoft.) [HKLM][64Bits] -- {BABAEBE4-9FFB-4B5D-9453-64FF11517CA2} =>.Ubisoft
O42 - Logiciel: VEGAS Pro 14.0 (64-bit) - (.VEGAS.) [HKLM][64Bits] -- {F1756240-1A2A-11E7-92A1-C2A106E0D44C} =>.VEGAS
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: Vulkan Run Time Libraries 1.0.39.1 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.39.1 =>.LunarG, Inc.®
O42 - Logiciel: w3arena.net Launcher 1.9.10 - (.w3arena.) [HKLM][64Bits] -- {1197C38E-5F74-4141-A58B-FD6936D5D9F3} =>.w3arena
O42 - Logiciel: Warcraft III - (.Blizzard Entertainment.) [HKLM][64Bits] -- Warcraft III =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: WinRAR 5.50 beta 1 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®

---\\ HKCU & HKLM Software Keys (93) - 4s
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\AMD =>.AMD
HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Wow6432Node\ATI =>.ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Wow6432Node\Blizzard Entertainment =>.Blizzard Entertainment
HKLM\SOFTWARE\Wow6432Node\CDDB =>.Cddb Software
HKLM\SOFTWARE\Wow6432Node\EA Sports =>.Electronic Arts, Inc.
HKLM\SOFTWARE\Wow6432Node\Electronic Arts =>.Electronic Arts
HKLM\SOFTWARE\Wow6432Node\Eset =>.ESET
HKLM\SOFTWARE\Wow6432Node\Fraps =>.Beepa
HKLM\SOFTWARE\Wow6432Node\GOG.com =>.GOG.com
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Magix =>.Magix
HKLM\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit =>.Malwarebytes
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware =>.Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Mr DJ
HKLM\SOFTWARE\Wow6432Node\Newblue =>.NewBlue
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\OBS Studio =>.OBS Studio
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\Origin =>.Electronic Arts, Inc.
HKLM\SOFTWARE\Wow6432Node\Origin Games =>.Electronic Arts, Inc.
HKLM\SOFTWARE\Wow6432Node\qBittorrent =>.uTorrent (P2P)
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Riot Games =>.Riot Games
HKLM\SOFTWARE\Wow6432Node\Software =>.Unknow
HKLM\SOFTWARE\Wow6432Node\Sony Creative Software =>.Sony Creative Software
HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Wow6432Node\sumo digital =>.Sumo Digital
HKLM\SOFTWARE\Wow6432Node\TeamViewer =>.TeamViewer
HKLM\SOFTWARE\Wow6432Node\Ubisoft =>.Ubisoft
HKLM\SOFTWARE\Wow6432Node\Unwinder =>.Unwinder
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\w3arena =>.w3arena
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\AMD =>.AMD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\ATI =>.ATI
HKCU\SOFTWARE\Battle.net =>.Games Software
HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\cks =>.Legitimate
HKCU\SOFTWARE\DefaultCompany =>.Unity
HKCU\SOFTWARE\DirectShow =>.Microsoft Corporation
HKCU\SOFTWARE\ej-technologies =>.ej-technologies
HKCU\SOFTWARE\EMU =>.Games Software
HKCU\SOFTWARE\Epic Games =>.Epic Games
HKCU\SOFTWARE\Fraps3 =>.Beepa
HKCU\SOFTWARE\GOG.com =>.GOG.com
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\HWiNFO64
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\Logitech =>.Logitech
HKCU\SOFTWARE\Magix =>.Magix
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mirage =>.Mirage Game
HKCU\SOFTWARE\NewBlue =>.NewBlue
HKCU\SOFTWARE\OpenAutomate =>.nVidia Corporation
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\r1ch.net
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\Reflect Studios
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Safer Networking Limited =>.Safer Networking Limited
HKCU\SOFTWARE\Sony Creative Software =>.Sony Creative Software
HKCU\SOFTWARE\SSA
HKCU\SOFTWARE\Sven Co-op Team
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\TeamViewer =>.TeamViewer
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\VideoLAN =>.VideoLAN
HKCU\SOFTWARE\VS Revo Group =>.VS Revo Group
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft

---\\ Contents of the Common Files folders (217) - 2s
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\AMD =>.Advanced Micro Devices, Inc.®
O43 - CFD: 04/04/2017 - [] AD -- C:\Program Files\Boris FX, Inc {5327FD343B686DEE7D3D45D1540FE947}
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 17/01/2017 - [] AD -- C:\Program Files\Defraggler =>.Piriform Ltd
O43 - CFD: 16/09/2016 - [] D -- C:\Program Files\Handbrake =>.Handbrake
O43 - CFD: 12/04/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] D -- C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 12/04/2017 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 04/04/2017 - [] D -- C:\Program Files\NewBlueFX
O43 - CFD: 01/12/2016 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 11/04/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 12/04/2017 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [0] D -- C:\Program Files\Rockstar Games =>.Rockstar Games
O43 - CFD: 11/04/2017 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 16/04/2017 - [] D -- C:\Program Files\VEGAS =>.VEGAS
O43 - CFD: 19/03/2017 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 10/05/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Security =>.Unknow
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 14/04/2017 - [] AD -- C:\Program Files\WinRAR =>.win.rar GmbH®
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\AMD =>.Advanced Micro Devices, Inc.®
O43 - CFD: 19/04/2017 - [] D -- C:\Program Files (x86)\Blizzard =>.Apple Inc.®
O43 - CFD: 24/05/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 04/09/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 13/04/2017 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 12/04/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 12/04/2017 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 04/04/2017 - [] D -- C:\Program Files (x86)\NewBlueFX
O43 - CFD: 01/12/2016 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 01/12/2016 - [] D -- C:\Program Files (x86)\obs-studio =>.OBS-Studio
O43 - CFD: 16/02/2017 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 12/04/2017 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [0] D -- C:\Program Files (x86)\Rockstar Games =>.Rockstar Games
O43 - CFD: 24/05/2017 - [] D -- C:\Program Files (x86)\Steam =>.Steam Games
O43 - CFD: 04/09/2016 - [] D -- C:\Program Files (x86)\VEGAS =>.VEGAS
O43 - CFD: 04/04/2017 - [] D -- C:\Program Files (x86)\VulkanRT =>.LunarG, Inc
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 10/05/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 12/04/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings =>.Advanced Micro Devices Inc
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net =>.Games Software
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boris Continuum Complete 10 OFX
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 07/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID =>.CPUID Inc
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps =>.Fraps Games
O43 - CFD: 14/09/2016 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 16/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue =>.NewBlue
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio =>.OBS Studio
O43 - CFD: 09/05/2017 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin =>.Electronic Arts, Inc.
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro =>.VS Revo Group
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft =>.Ubisoft
O43 - CFD: 16/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS =>.VEGAS
O43 - CFD: 20/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.9.10
O43 - CFD: 20/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III =>.Games Software
O43 - CFD: 13/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 11/04/2017 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 20/05/2017 - [] D -- C:\ProgramData\Battle.net =>.Games Software
O43 - CFD: 21/02/2017 - [] D -- C:\ProgramData\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 16/03/2017 - [0] D -- C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 09/05/2017 - [] D -- C:\ProgramData\Electronic Arts =>.Electronic Arts
O43 - CFD: 30/04/2017 - [] D -- C:\ProgramData\GOG.com =>.GOG.com
O43 - CFD: 25/02/2017 - [] D -- C:\ProgramData\Intel =>.Intel Corporation
O43 - CFD: 24/09/2016 - [] D -- C:\ProgramData\MAGIX =>.Magix
O43 - CFD: 11/05/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 01/04/2017 - [] D -- C:\ProgramData\ManiaPlanet =>.Nadeo
O43 - CFD: 11/04/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\ProgramData\Origin =>.Electronic Arts, Inc.
O43 - CFD: 24/05/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 19/08/2016 - [] D -- C:\ProgramData\Riot Games =>.Riot Games
O43 - CFD: 18/03/2017 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 07/04/2017 - [] D -- C:\ProgramData\Steam =>.Steam Games
O43 - CFD: 11/04/2017 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] D -- C:\ProgramData\Ubisoft =>.Ubisoft
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 16/04/2017 - [] D -- C:\ProgramData\VEGAS =>.VEGAS
O43 - CFD: 24/09/2016 - [] D -- C:\ProgramData\VEGAS Pro
O43 - CFD: 04/09/2016 - [] D -- C:\ProgramData\VS Revo Group =>.VS Revo Group
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\WindowsHolographicDevices
O43 - CFD: 04/09/2016 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 20/05/2017 - [] D -- C:\Program Files (x86)\Common Files\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 09/05/2017 - [0] HD -- C:\Program Files (x86)\Common Files\EAInstaller =>.Electronic Arts, Inc.
O43 - CFD: 13/04/2017 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 20/05/2017 - [0] D -- C:\Program Files (x86)\Common Files\logishrd =>.Logitech Inc.
O43 - CFD: 11/04/2017 - [] D -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] D -- C:\Program Files (x86)\Common Files\Steam =>.Steam Games
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 02/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\.mono =>.Legitimate
O43 - CFD: 04/09/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 02/01/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\AMD =>.AMD
O43 - CFD: 25/02/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Battle.net =>.Games Software
O43 - CFD: 04/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\BorisFX
O43 - CFD: 20/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\discord =>.GitHub
O43 - CFD: 23/12/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\HandBrake =>.Handbrake
O43 - CFD: 16/09/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\HandBrake Team =>.HandBrake Team
O43 - CFD: 23/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\LolClient =>.LolClient
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 11/10/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\MAGIX =>.Magix
O43 - CFD: 11/04/2017 - [] SD -- C:\Users\DuhBoy\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 12/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\NewBlueFX
O43 - CFD: 21/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\obs-studio =>.OBS-Studio
O43 - CFD: 13/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Obsidium
O43 - CFD: 23/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Origin =>.Electronic Arts, Inc.
O43 - CFD: 22/08/2016 - [0] D -- C:\Users\DuhBoy\AppData\Roaming\Publish Providers =>.Unknow
O43 - CFD: 24/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\qBittorrent
O43 - CFD: 23/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Riot Games =>.Riot Games
O43 - CFD: 24/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Sony =>.Sony
O43 - CFD: 25/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Steam =>.Steam Games
O43 - CFD: 22/01/2017 - [0] D -- C:\Users\DuhBoy\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 19/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\TeamViewer =>.TeamViewer
O43 - CFD: 09/03/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\TS3Client =>.TeamSpeak
O43 - CFD: 20/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\VEGAS =>.VEGAS
O43 - CFD: 24/09/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\VEGAS Pro
O43 - CFD: 17/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 21/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Warner Bros. Interactive Entertainment =>.Warner Bros. Interactive Entertainment
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 24/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 20/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\AMD =>.AMD
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\DuhBoy\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 30/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Battle.net =>.Games Software
O43 - CFD: 20/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Blizzard =>.Blizzard
O43 - CFD: 27/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 04/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\BorisFX
O43 - CFD: 22/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\CAPCOM =>.CAPCOM
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\CEF =>.CEF
O43 - CFD: 12/12/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Chromium =>.Chromium
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [0] D -- C:\Users\DuhBoy\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [0] D -- C:\Users\DuhBoy\AppData\Local\DBG =>.DBG
O43 - CFD: 21/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 20/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Discord =>.GitHub
O43 - CFD: 23/05/2017 - [0] D -- C:\Users\DuhBoy\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [0] D -- C:\Users\DuhBoy\AppData\Local\ESET =>.ESET
O43 - CFD: 01/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\FILECACHE
O43 - CFD: 31/10/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Google =>.Google
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\DuhBoy\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 16/02/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Intel =>.Intel Corporation
O43 - CFD: 21/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 09/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Origin =>.Electronic Arts, Inc.
O43 - CFD: 07/09/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\PackageManagement
O43 - CFD: 11/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 03/12/2016 - [0] D -- C:\Users\DuhBoy\AppData\Local\PeerDistRepub =>.Microsoft Corporation
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 08/09/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\qBittorrent
O43 - CFD: 08/12/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\RadeonSettings
O43 - CFD: 11/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Recovery =>.Recovery Labs
O43 - CFD: 08/03/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Rockstar Games =>.Rockstar Games
O43 - CFD: 04/01/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\SCE =>.SCE
O43 - CFD: 24/09/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Sony =>.Sony
O43 - CFD: 14/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\speech =>.Microsoft Corporation
O43 - CFD: 12/12/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\Steam =>.Steam Games
O43 - CFD: 30/01/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\TeamSpeak 3 =>.TeamSpeak
O43 - CFD: 24/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\DuhBoy\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 09/08/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\Ubisoft =>.Ubisoft
O43 - CFD: 24/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\UnrealEngine =>.Unreal Software
O43 - CFD: 16/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\VEGAS =>.VEGAS
O43 - CFD: 16/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\VEGAS Pro
O43 - CFD: 13/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 04/09/2016 - [] D -- C:\Users\DuhBoy\AppData\Local\VS Revo Group =>.VS Revo Group
O43 - CFD: 24/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 09/08/2016 - [0] D -- C:\Users\DuhBoy\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 10/05/2017 - [] RD -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 11/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Settings =>.Advanced Micro Devices Inc
O43 - CFD: 20/05/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
O43 - CFD: 11/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake =>.Handbrake
O43 - CFD: 18/03/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 10/05/2017 - [] RD -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] D -- C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 11/04/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana

---\\ Image File Execution Options (18) - 0s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\\1] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (76) - 3s
O58 - SDL:2016/12/23 05:45:30 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\26216A8C.sys [250816] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 22:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
O58 - SDL:2017/01/18 01:19:08 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\4C870E23.sys [250816] =>.Malwarebytes Corporation®
O58 - SDL:2017/01/07 16:46:25 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\4ECE7863.sys [250816] =>.Malwarebytes Corporation®
O58 - SDL:2016/12/31 04:20:30 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\4EF81A8E.sys [250816] =>.Malwarebytes Corporation®
O58 - SDL:2017/01/25 00:30:47 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\59570C10.sys [250816] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/27 16:13:20 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\79F97B93.sys [251840] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 22:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
O58 - SDL:2016/08/18 14:41:28 A . (.Advanced Micro Devices, Inc. - AMD Audio Bus Lower Filter.) -- C:\WINDOWS\System32\drivers\amdkmafd.sys [49448] =>.Advanced Micro Devices, Inc.®
O58 - SDL:2017/03/18 22:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2017/04/26 09:09:04 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\WINDOWS\System32\drivers\AtihdWT6.sys [110088] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/03/18 22:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2017/03/18 22:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
O58 - SDL:2017/02/04 23:14:07 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\EasyAntiCheat.sys [573480] =>.EasyAntiCheat Oy®
O58 - SDL:2017/03/18 22:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
O58 - SDL:2017/05/24 17:42:31 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\WINDOWS\System32\drivers\farflt.sys [113592] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 22:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 22:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 22:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
O58 - SDL:2017/03/18 22:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504] =>.Intel Corporation
O58 - SDL:2017/03/18 22:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
O58 - SDL:2017/03/18 22:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
O58 - SDL:2017/03/18 22:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 22:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2016/10/03 07:35:14 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) -- C:\WINDOWS\System32\drivers\iaStorA.sys [795664] =>.Intel(R) Rapid Storage Technology®
O58 - SDL:2017/03/18 22:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2012/10/26 16:42:22 A . (.Logitech Inc. - Logitech Kernel Audio Improvement Filter Dr.) -- C:\WINDOWS\System32\drivers\lvrs64.sys [351520] =>.Logitech, Inc.®
O58 - SDL:2012/10/26 17:42:22 A . (.Logitech Inc. - Logitech USB Video Class Driver.) -- C:\WINDOWS\System32\drivers\lvuvc64.sys [4758176] =>.Logitech, Inc.®
O58 - SDL:2017/05/09 16:37:58 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\mbae64.sys [77440] =>.Malwarebytes Corporation®
O58 - SDL:2017/05/24 17:42:30 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\WINDOWS\System32\drivers\mbam.sys [43968] =>.Malwarebytes Corporation®
O58 - SDL:2017/05/24 16:21:24 A . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\WINDOWS\System32\drivers\MBAMChameleon.sys [187320] =>.Malwarebytes Corporation®
O58 - SDL:2017/05/24 17:42:30 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 22:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2017/05/24 17:42:30 A . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\WINDOWS\System32\drivers\mwac.sys [93624] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 22:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
O58 - SDL:2016/09/13 16:41:36 A . (.Intel Corporation - Intel(R) Technology Access Filter Driver.) -- C:\WINDOWS\System32\drivers\ndisrfl.sys [59792] =>.Intel(R) Technology Access®
O58 - SDL:2017/03/18 22:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2016/12/21 14:52:50 A . (.VS Revo Group - Revo Uninstaller Minifilter.) -- C:\WINDOWS\System32\drivers\revoflt.sys [40240] =>.VS Revo Group®
O58 - SDL:2016/11/18 22:03:26 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.40 64-bit Dr.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [943112] =>.Realtek Semiconductor Corp.®
O58 - SDL:2016/09/23 03:32:56 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [5324808] =>.Realtek Semiconductor Corp.®
O58 - SDL:2013/05/19 02:02:52 A . (.Scarlet.Crush Productions - Scp Virtual Bus Driver.) -- C:\WINDOWS\System32\drivers\ScpVBus.sys [39168] =>.Bruce James®
O58 - SDL:2017/03/18 22:56:26 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
O58 - SDL:2016/09/05 06:47:06 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver.) -- C:\WINDOWS\System32\drivers\ssudbus.sys [131712] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/09/05 05:47:12 A . (.Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver.) -- C:\WINDOWS\System32\drivers\ssudmdm.sys [165504] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2017/03/18 22:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
O58 - SDL:2016/04/04 09:06:10 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [195152] =>.Intel(R) Embedded Subsystems and IP Blocks Group®
O58 - SDL:2017/05/24 15:37:41 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2016/12/20 17:30:32 A . (.Oracle Corporation - VirtualBox NDIS 6.0 Host-Only Network Adapt.) -- C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [131144] =>.Oracle Corporation®
O58 - SDL:2016/12/20 17:31:46 A . (.Oracle Corporation - VirtualBox NDIS 6.0 Lightweight Filter Driv.) -- C:\WINDOWS\System32\drivers\VBoxNetLwf.sys [205440] =>.Oracle Corporation®
O58 - SDL:2017/03/18 22:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
O58 - SDL:2017/03/18 22:56:25 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
O58 - SDL:2017/03/29 23:34:54 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zamguard64.sys [203680] =>.Zemana Ltd.®

---\\ Last modified or created user files (20) - 1s
O61 - LFC: 2017/05/21 16:09:16 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\0615a846581160a959849925da98b596dc6f222d36de6781.bin [2097152] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/21 19:49:15 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\0e30ba96c9cb54cd21e2c23f3eff256df215ac14e06ffb64.bin [33554432] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/18 23:32:17 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\11f2c01fc2acf99b66d06b26bfacce62b563131d1a94f375.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/19 15:37:18 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\2950879658bde9b9bcd292fa0c5ce52949c3a3a36f5e1ede.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/24 01:26:29 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\2f9e86b707a0563b496294103060e4cd5c773849ae29f8d1.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/19 15:37:17 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\340b4c5064248f2c4b920eff4484ad74bbbebf91145d3254.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/18 23:54:17 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\4c456741e8ec3602b16463b1889686cb2be24ca7ae4da84c.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/20 02:07:45 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\4d165ad93d6d9f7e25806501ecdb242ced315f5a3c7a7972.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/20 01:52:13 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\5e6c6004319aaec7bc2e71c62197af2a963aa49ebd50898d.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/19 15:38:39 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\6aa59aef62311ce09103a0b85acb4ccf6eed49ce2231ac4d.bin [33554432] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/19 15:38:30 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\6d640b79973071a0f4432017ca51bcc93e48120ff5f19474.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/19 13:38:53 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\8a1e1581a2ec4c855f700645bfac4cc2cd709c7d966ce9d6.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/20 02:08:10 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\ad89c14e87a72707f8e63ed98693b0debc0674e761e26d17.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/21 14:22:39 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\b11362996b47098b8e5626a8b7a7935885df73a986c599cd.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/24 09:10:52 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\ba0a4f7fc9894966bf4af6f9f467ccb77a12e0a2e5af4990.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/24 00:17:36 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\c4a64a1afe2ca614496294103060e4cdf4849711795a70ca.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/18 23:32:13 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\e1ec8c35eb8ccf7391bd5b06131426e50f952ea4a9df4511.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/19 15:37:19 A . (..) -- C:\Users\DuhBoy\AppData\Local\AMD\DxCache\f68fb9bfff3f6cadc3a5222a571900a7b9ebea9fd42a0086.bin [65536] =>.Advanced Micro Devices Inc
O61 - LFC: 2017/05/23 23:13:32 A . (..) -- C:\Users\DuhBoy\AppData\Local\VEGAS Pro\14.0\svfx_plugin_cache.bin [121066]
O61 - LFC: 2017/05/22 19:11:53 A . (..) -- C:\Users\DuhBoy\Documents\My Games\borderlands 2\willowgame\savedata\76561198054160336\profile.bin [390]

---\\ File Associations Shell Spawning (9) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (4) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.

---\\ Search Browser Infection (4) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (48) - 0s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [199168] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [536064] =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\Windows\System32\TokenBroker.dll [1054208] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [871936] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\system32\wuaueng.dll [2443776] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [196096] =>.Microsoft Corporation

---\\ Additional Scan (O88) (1) - 1s
~ No malicious or unnecessary items found.

---\\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options:
~ End of the scan, 22601 items in 00mn50s (832)(0)
 
#4
TwiXxiN said:
We also removed service from my amd graphic driver, hopefully that won't do anything bad which is StartCN.
Click to expand...


That was not the service, that was the scheduled task for it, which is not needed. Also, You removed Bittorrent from the fix. which can be legit, but is a big source of malware.

Your machine is clean as far as I can see. :)
 
#6
Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 10 (Pro), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
Time: 24.05.2017 - 21:37
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: Croatian (0x41A)
Elevated: Yes
Ran by: DuhBoy (group: Administrator) on DUHBOYKX

Chrome: 58.0.3029.110
Edge: 11.0.15063.250
Internet Explorer: 11.296.15063.0

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
9 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Steam\Steam.exe
2 C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Users\DuhBoy\Downloads\HiJackThis.exe
1 C:\Users\DuhBoy\Downloads\MemCompression
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
60 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 D:\Program Files (x86)\Origin\OriginWebHelperService.exe

R0 - HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command,(default) =
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURL = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURLFallback = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - Google - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 vortex.data.microsoft.com
O1 - Hosts: 0.0.0.0 vortex-win.data.microsoft.com
O1 - Hosts: 0.0.0.0 az512334.vo.msecnd.net
O1 - Hosts: 0.0.0.0 rad.msn.com
O1 - Hosts: 0.0.0.0 preview.msn.com
O1 - Hosts: 0.0.0.0 fe2.update.microsoft.com.akadns.net
O1 - Hosts: 0.0.0.0 diagnostics.support.microsoft.com
O1 - Hosts: 0.0.0.0 corp.sts.microsoft.com
O1 - Hosts: 0.0.0.0 statsfe1.ws.microsoft.com
O1 - Hosts: 0.0.0.0 pre.footprintpredict.com
O1 - Hosts: 0.0.0.0 i1.services.social.microsoft.com
O1 - Hosts: 0.0.0.0 i1.services.social.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 feedback.search.microsoft.com
O1 - Hosts: 0.0.0.0 ad.doubleclick.net
O1 - Hosts: 0.0.0.0 feedback.windows.com
O1 - Hosts: 0.0.0.0 feedback.microsoft-hohm.com
O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 telemetry.appex.bing.net:443
O1 - Hosts: 0.0.0.0 survey.watson.microsoft.com
O1 - Hosts: 0.0.0.0 watson.live.com
O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 az361816.vo.msecnd.net
O1 - Hosts: 0.0.0.0 ads1.msn.com
O1 - Hosts: 0.0.0.0 ads.msn.com
O1 - Hosts: 0.0.0.0 statsfe2.update.microsoft.com.akadns.net
O1 - Hosts: 0.0.0.0 adnxs.com
O1 - Hosts: 0.0.0.0 adnexus.net
O1 - Hosts: 0.0.0.0 compatexchange.cloudapp.net
O1 - Hosts: 0.0.0.0 a-0001.a-msedge.net
O1 - Hosts: 0.0.0.0 ads1.msads.net
O1 - Hosts: 0.0.0.0 choice.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 choice.microsoft.com
O1 - Hosts: 0.0.0.0 df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 redir.metaservices.microsoft.com
O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 oca.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 statsfe2.ws.microsoft.com
O1 - Hosts: 0.0.0.0 watson.microsoft.com
O1 - Hosts: 0.0.0.0 a.ads1.msn.com
O1 - Hosts: 0.0.0.0 a.ads2.msn.com
O1 - Hosts: 0.0.0.0 cs1.wpc.v0cdn.net
O1 - Hosts: 0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
O1 - Hosts: 0.0.0.0 settings-sandbox.data.microsoft.com
O1 - Hosts: 0.0.0.0 telemetry.appex.bing.net
O1 - Hosts: 0.0.0.0 watson.ppe.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 sqm.df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 telemetry.urs.microsoft.com
O1 - Hosts: 0.0.0.0 sls.update.microsoft.com.akadns.net
O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 reports.wes.df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 services.wes.df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 vortex-sandbox.data.microsoft.com
O1 - Hosts: 0.0.0.0 wes.df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 a.ads2.msads.net
O1 - Hosts: 0.0.0.0 a-0002.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0003.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0004.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0005.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0006.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0007.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0008.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0009.a-msedge.net
O1 - Hosts: 0.0.0.0 ac3.msn.com
O1 - Hosts: 0.0.0.0 a-msedge.net
O1 - Hosts: 0.0.0.0 msnbot-65-55-108-23.search.msn.com
O1 - Hosts: 0.0.0.0 rad.live.com
O1 - Hosts: 0.0.0.0 cds26.ams9.msecn.net
O1 - Hosts: 0.0.0.0 m.hotmail.com
O1 - Hosts: 0.0.0.0 msedge.net
O1 - Hosts: 0.0.0.0 msftncsi.com
O1 - Hosts: 0.0.0.0 msnbot-65-55-108-23.search.msn.com
O1 - Hosts: 0.0.0.0 msntest.serving-sys.com
O1 - Hosts: 0.0.0.0 s0.2mdn.net
O1 - Hosts: 0.0.0.0 schemas.microsoft.akadns.net
O1 - Hosts: 0.0.0.0 static.2mdn.net
O1 - Hosts: 0.0.0.0 aidps.atdmt.com
O1 - Hosts: 0.0.0.0 aka-cdn-ns.adtech.de
O1 - Hosts: 0.0.0.0 a-msedge.net
O1 - Hosts: 0.0.0.0 msftncsi.com
O1 - Hosts: 0.0.0.0 msnbot-65-55-108-23.search.msn.com
O1 - Hosts: 0.0.0.0 view.atdmt.com
O1 - Hosts: 0.0.0.0 ssw.live.com
O1 - Hosts: 0.0.0.0 secure.adnxs.com
O1 - Hosts: 0.0.0.0 s.gateway.messenger.live.com
O1 - Hosts: 0.0.0.0 secure.flashtalking.com
O1 - Hosts: 0.0.0.0 sO.2mdn.net
O1 - Hosts: 0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
O1 - Hosts: 0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
O1 - Hosts: 0.0.0.0 settings-win.data.microsoft.com
O1 - Hosts: 0.0.0.0 static.2mdn.net
O1 - Hosts: 0.0.0.0 dns.msftncsi.com
O1 - Hosts: 0.0.0.0 ipv6.msftncsi.com
O1 - Hosts: 0.0.0.0 ec.atdmt.com
O1 - Hosts: 0.0.0.0 spynet2.microsoft.com
O1 - Hosts: 0.0.0.0 www.msftncsi.com
O1 - Hosts: 0.0.0.0 h1.msn.com
O1 - Hosts: 0.0.0.0 db3aqu.atdmt.com
O1 - Hosts: 0.0.0.0 spynetalt.microsoft.com
O1 - Hosts: 0.0.0.0 keystone.mwbsys.com
O1 - Hosts: 0.0.0.0 telemetry.malwarebytes.com
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O17 - DHCP DNS - 1: 77.77.192.20
O17 - DHCP DNS - 2: 94.140.66.194
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellular - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Origin Web Helper Service - D:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service S2: Usluga Google ažuriranje (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Origin Client Service - D:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service S3: Usluga Google ažuriranje (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe

--
End of file - Time spent: 5 sec. - 23642 bytes, CRC32: FFFFFFFF. Sign: 勮㱩

Also this memcompression thing is from privazer, since i just finished cleaning with that software.
 
Last edited:
#7
Your machine is clean... :thumbsup:

Glad to have helped!! Please tell a friend ...... or two about us.
smile.png


Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.


Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.




Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore



Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu