Solved Possible infection

M

Mazrim

Posts: 139   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Mazrim (2017-04-10 23:13:49)
Running from C:\Users\Mazrim\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-28 02:43:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2832065358-1053774325-2113242752-500 - Administrator - Disabled)
Guest (S-1-5-21-2832065358-1053774325-2113242752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2832065358-1053774325-2113242752-1002 - Limited - Enabled)
Mazrim (S-1-5-21-2832065358-1053774325-2113242752-1000 - Administrator - Enabled) => C:\Users\Mazrim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACD/Labs 2015 Freeware in C:\ACD2015FREE\ (HKLM-x32\...\ACDLabs in C__ACD2015FREE_) (Version: v14.00, FREE - ACD/Labs)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
Ansel (Version: 381.65 - NVIDIA Corporation) Hidden
AutoHotkey 1.1.23.03 (HKLM\...\AutoHotkey) (Version: 1.1.23.03 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
CLC Genomics Workbench 8.5.1 (HKLM\...\clcgenomicswb8) (Version: 8.5.1 - QIAGEN Aarhus A/S)
Corsair Utility Engine (HKLM-x32\...\{D1A3ECB3-18F1-4EB2-9C1B-A83DE1D16976}) (Version: 2.10.71 - Corsair)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GD Defiler (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\eb52a1e1a73b9708) (Version: 0.1.1.5 - Soul's Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grim Dawn (HKLM\...\Steam App 219990) (Version: - Crate Entertainment)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Kodi (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Kodi) (Version: - XBMC-Foundation)
Marvel Heroes Game (HKLM-x32\...\{f8f040bd-5ced-4167-a116-592fce1698f4}_is1) (Version: 1.0 - Gazillion Entertainment)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
My.com Game Center (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\MyComGames) (Version: 3.192 - My.com B.V.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PC3D Viewer (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\PC3D Viewer) (Version: - NCBI)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.14.7 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.302 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
Revelation Online (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Revelation Online) (Version: 1.26 - My.com B.V.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SkySaga Infinite Isles (HKLM-x32\...\SkySaga Infinite Isles 1.0.3713.0) (Version: 1.0.3713.0 - Radiant Worlds)
SkySaga Infinite Isles (x32 Version: 1.0.3713.0 - Radiant Worlds) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-02-2016 14:36:47 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
24-02-2016 14:37:15 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
24-02-2016 14:37:28 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
24-02-2016 14:37:55 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
27-02-2016 01:49:08 Windows Update
25-03-2017 04:43:59 Scheduled Checkpoint
02-04-2017 05:20:16 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09710573-039E-466F-9BE0-7FCC0ED4E3CD} - System32\Tasks\EPSON WF-3620 Series Update {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {10F8BC8B-3559-4D6B-9801-DA83B9777306} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {1135FAC8-0B06-4705-8D37-0B2358C6F4C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)
Task: {26E29A7D-57C3-4DBD-9875-2C688CB94372} - System32\Tasks\{2CFF223A-057B-4FE4-A0AF-40D8CEA746DC} => pcalua.exe -a C:\Users\Mazrim\Downloads\NDP46-KB3045560-Web.exe -d C:\Users\Mazrim\Downloads
Task: {401D9397-BF75-466C-B766-0E28CB8A77DA} - System32\Tasks\EPSON WF-3620 Series Invitation {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {40A808C9-A73F-4091-A2F8-1D6BA603224B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-27] (NVIDIA Corporation)
Task: {4B560D85-56DB-42D8-8B90-F200B6EBFDB6} - System32\Tasks\{C74B427A-421F-4BEA-998B-7A3E49009CB8} => Firefox.exe
Task: {4D1CA325-CB20-4887-BC18-E3C81844FFBB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-05] (AVAST Software)
Task: {7017541B-B27D-4D68-86BE-5EABE7C0BE51} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {836930EA-A678-4CD4-827C-E2250C374FF9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {840AA1F5-D2AB-4678-963D-EAA7CD0B1B04} - System32\Tasks\SafeZone scheduled Autoupdate 1458683308 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {92148F3C-A3A0-4BB9-8A9D-F90BD68D3C4A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-27] (NVIDIA Corporation)
Task: {96F81140-DBB4-4263-A09A-C24C3C1424C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)
Task: {A25DEB4A-381A-4608-A5CD-6A3CF028A9D4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {AB30CDE4-4347-4210-BD77-0A8C4F4FCB89} - System32\Tasks\EPSON WF-3620 Series Update {BB533B34-5626-4473-83FF-5552782BBE7B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C64C4DF1-97C2-4B19-A69F-7ADF4AC12A02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D801F80B-F834-4847-9C12-380D9D220E18} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {E723F7B0-85D5-488E-8F99-CCD20889AD17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {ED71C5FB-1503-41C3-9A7D-B6D5C27429AD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-27] (NVIDIA Corporation)
Task: {F0A3879B-B1B4-40D7-A92E-85FBF6794F0A} - System32\Tasks\EPSON WF-3620 Series Invitation {BB533B34-5626-4473-83FF-5552782BBE7B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {BB533B34-5626-4473-83FF-5552782BBE7B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {BB533B34-5626-4473-83FF-5552782BBE7B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{BB533B34-5626-4473-83FF-5552782BBE7B} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (Whitelisted) ==============

2014-09-19 06:35 - 2014-09-19 06:35 - 00137584 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2017-03-26 23:05 - 2017-03-27 23:32 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-02-28 00:33 - 2017-03-31 22:10 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00522512 _____ () C:\Program Files\AVAST Software\Avast\x64\gaming_spy.dll
2017-01-18 23:22 - 2017-01-18 23:22 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2017-04-05 04:31 - 2017-04-05 04:31 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-10 22:01 - 2017-04-10 22:01 - 05918208 _____ () C:\Program Files\AVAST Software\Avast\defs\17041002\algo.dll
2014-09-19 06:35 - 2014-09-19 06:35 - 00625000 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2014-09-19 06:35 - 2014-09-19 06:35 - 03860848 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2014-09-19 06:35 - 2014-09-19 06:35 - 01587560 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2014-09-19 06:35 - 2014-09-19 06:35 - 06441320 _____ () C:\Program Files (x86)\AMD\OverDrive\QtGui4.dll
2014-09-19 06:35 - 2014-09-19 06:35 - 00362856 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2017-03-26 23:05 - 2017-03-27 23:32 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00454424 _____ () C:\Program Files\AVAST Software\Avast\gaming_spy.dll
2016-03-02 13:05 - 2017-03-09 20:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-03-02 13:05 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-03-02 13:05 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-03-02 13:05 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-03-02 13:05 - 2017-03-22 20:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-03-02 13:05 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-03-02 13:05 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-03-02 13:05 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-03-02 13:05 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-03-02 13:05 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-03-02 13:05 - 2017-03-30 18:46 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-30 08:18 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-06-30 06:45 - 2016-06-30 06:45 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-05 04:31 - 2017-04-05 04:31 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2016-12-25 16:35 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-03-02 13:05 - 2017-03-22 20:52 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-03-26 23:05 - 2017-03-27 23:32 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-20 04:10 - 2017-02-20 04:10 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-01-09 08:44 - 2016-10-08 03:13 - 50656768 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2017-01-27 18:11 - 2017-01-27 18:11 - 00211456 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-01-27 18:09 - 2017-01-27 18:09 - 00093184 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2017-01-27 18:10 - 2017-01-27 18:10 - 00037376 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2016-12-01 13:37 - 2016-12-01 13:37 - 00011264 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2016-12-01 13:37 - 2016-12-01 13:37 - 01990144 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2017-03-26 23:05 - 2017-03-21 00:27 - 02442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-03-26 23:05 - 2017-03-21 00:27 - 00363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-03-26 23:05 - 2017-03-21 00:27 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-03-26 23:05 - 2017-03-21 00:27 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-03-26 23:05 - 2017-03-21 00:27 - 00469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-03-26 23:05 - 2017-03-21 00:27 - 00571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-01-09 08:44 - 2016-10-08 03:13 - 50656768 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2017-01-09 08:44 - 2016-10-08 03:13 - 01874944 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2017-01-09 08:44 - 2016-10-08 03:13 - 00075264 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2017-01-09 08:44 - 2016-10-08 03:13 - 01874944 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2017-01-09 08:44 - 2016-10-08 03:13 - 00075264 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mazrim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: MBAMService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Genie.lnk => C:\Windows\pss\NETGEAR WNDA3100v2 Genie.lnk.CommonStartup
MSCONFIG\startupreg: Discord => C:\Users\Mazrim\AppData\Local\Discord\app-0.0.296\Discord.exe
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MyComGames => "C:\Users\Mazrim\AppData\Local\MyComGames\MyComGames.exe" -autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Mazrim\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mazrim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BD750EB-032E-4F98-AB71-75764283CE97}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6DDDB30-223F-49E4-808E-446A499E6292}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34C08CAF-52A7-43CD-BC43-4CD0C7AFECB9}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{7E105D1B-4B8E-4D07-88AE-F33845634AEE}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{C1472F45-7FE0-41E7-9BCA-76628FF810B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{723CA262-13BC-45C1-8CCC-98AD0E92CAA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8901505-1A2C-443A-8453-523E1C53A43E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{40151567-0EED-478C-844A-FF8F334E7A79}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{9ADDBE4C-0988-4EC7-9FF4-47332E701CD0}C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [UDP Query User{0E0F933E-9210-4930-8295-B59FAF1FFCCD}C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [{7E4FA3D3-2625-40B4-BA26-4C7C1DBD757C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{915C2CCF-3721-4854-81F2-6E582FC2BB70}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2C736F83-D3C2-491C-83E8-3E5B7CFA547F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{63BE69A8-5DBF-4019-9B2A-7EEB708379C4}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => (Allow) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe
FirewallRules: [UDP Query User{6D13796E-F55A-4B0F-A288-F46621453F3C}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => (Allow) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe
FirewallRules: [TCP Query User{C6718825-AFB8-4464-8CDF-2958BD31F094}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{7D39D96D-204D-4860-AF62-9FBD973F78CF}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{4825D96C-06A4-4162-B437-F5A225EC5AC9}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{E977D7CE-8334-4220-A4D0-DB1C9450EAF4}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{8E4DD75C-D3BF-4894-BA8E-8778CB5F75F6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{03B0E567-7B31-4761-9C5A-952822B1E9DE}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D3290984-42A5-4DD4-9AE8-B17376A396B2}] => (Allow) C:\Users\Mazrim\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{380301B0-62BF-489E-AAB9-A851445871F8}] => (Allow) C:\Users\Mazrim\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B8AB8B21-E2F6-4F76-A348-1EE2AD1E61B4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{FF630342-2F47-412A-A2C5-56B56260A4F8}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{C574D94E-5687-4911-896E-B4F8358CDB11}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{74BE0029-9329-44F5-A111-7CE8FDCEFDB4}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{DC9376A6-1EFE-4662-BC86-EDD5BC264038}C:\users\mazrim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mazrim\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{100F47B4-7E88-4CBF-9691-60874280FA83}C:\users\mazrim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mazrim\appdata\roaming\spotify\spotify.exe
FirewallRules: [{67DB393F-6059-4FF1-AA1E-D78084BA566C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3BEB53AF-4336-4A1E-A2B8-7165B08751B3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{431AB37D-0F60-410B-86A8-A8BB6AF103A2}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{07C4EA12-76AA-4257-B105-ED30196E6983}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{45761ABA-FF1C-4203-AE8F-D7B444FAED6A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{1D4BB83D-BB5E-4A22-A5EC-4399F02C3FC0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{E6026E8A-1ECB-4975-8E38-151154039BAE}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{04F83100-E50E-49E1-B22B-58BADD5240F9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{8D942F4D-E61B-4070-8D61-E992A099AE5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{6FBB2D1D-897C-463F-A1AA-26DE2E2B10C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{CC2C1115-E8E5-477C-8D2E-D1CCB239E97B}] => (Allow) C:\Program Files (x86)\Radiant Worlds\SkySaga Infinite Isles\SkySagaLauncher.exe
FirewallRules: [{893C4B82-C8AA-4B46-AD99-8B057340C738}] => (Allow) C:\Program Files (x86)\Radiant Worlds\SkySaga Infinite Isles\Client\SkySaga.exe
FirewallRules: [TCP Query User{39047E13-74CD-4BF8-A872-444068171606}C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{122A5BAA-338B-4E3A-8BA4-D22CFA19138E}C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{552877C3-9142-45B7-92D8-8B91940C0AC0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6231339F-8A97-4A37-A710-6240A28CCD17}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5B149C74-C88D-4951-9FA0-105D47B6C421}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{453B9786-A9F2-4814-BEDC-62291D6221A0}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{79D2E9A8-B5F5-4C6D-B8D0-953D8D8DDF66}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{9D8CB725-C503-48B9-B011-FE294DCCCD1A}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{48B839F3-BD99-44A8-86E5-C2E27369D3B1}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{0C203B16-05CF-4B60-B94E-7E57FDC738D0}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{BDA3B18A-9C28-4E26-9718-B62A31D65480}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3F832307-2288-4E0E-956F-6E6DA1367E2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A2D7A42C-DDD1-43E2-A50F-342F46841AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1AC36BB7-54F7-471B-9210-25D41D1CB579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{7CA0A0B0-5865-421C-BE24-D7E6041FAB20}G:\mygames\revelation online\game\tianyu.exe] => (Allow) G:\mygames\revelation online\game\tianyu.exe
FirewallRules: [UDP Query User{D975BBE0-58DC-4B65-A859-C9417D366650}G:\mygames\revelation online\game\tianyu.exe] => (Allow) G:\mygames\revelation online\game\tianyu.exe
FirewallRules: [{93206404-BBD4-41F2-9657-7DD8260046D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{102317B4-5646-4CC4-B4CA-3CE2EC58559E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{89304651-5F55-4A66-81F9-5B10830B6375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CBA85AAC-278C-4047-8203-C2DE6F989B62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{716B51F6-B148-4880-97CF-B9B45D0B6848}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{2CEE1501-1D91-49D3-BAB2-C7AE81CABB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{8F59134F-15FD-40D4-B79E-6503106730AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6E409A95-DD79-4F53-B9AD-03A74289A073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F460CE86-8AA8-4CE0-915C-54FE0AADF402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B9DCE1CE-0D24-4BDD-834C-90F9FB784ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35B95995-83FC-4A3D-A13C-8395B424AB5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{DF4D4D04-C0B0-433C-B6B2-39D9BD5A2C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{6511FE89-A431-4204-99BB-4733C572BDD7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe
FirewallRules: [{31FFBB4B-0DA5-4E24-AA44-154A3EC042F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7952365D-D950-4811-B15A-F2193F69A1CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D790E8F6-FC57-40DC-9351-32C802183047}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7E213174-B7FA-49A7-A358-9555ECAAED9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB885CA5-95D0-4CF6-BAD0-BA5E7360DD82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B94B780D-1324-44DF-90A2-244BE1EE49F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2CFD459-8736-4B1E-9D66-CCFE7A4B7A80}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2017 10:18:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/10/2017 02:36:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.0.2.6291, time stamp: 0x58d41a2d
Faulting module name: mozglue.dll, version: 52.0.2.6291, time stamp: 0x58d41a1f
Exception code: 0x80000003
Fault offset: 0x0000f73b
Faulting process id: 0xf7c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/10/2017 02:36:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 52.0.2.6291 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1240

Start Time: 01d2b1c48c2daae7

Termination Time: 61

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (04/10/2017 02:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.0.2.6291, time stamp: 0x58d41a2d
Faulting module name: mozglue.dll, version: 52.0.2.6291, time stamp: 0x58d41a1f
Exception code: 0x80000003
Fault offset: 0x0000f73b
Faulting process id: 0x1bc8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/10/2017 02:34:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 52.0.2.6291 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b98

Start Time: 01d2b095e2e869da

Termination Time: 93

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (04/09/2017 02:51:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/08/2017 12:31:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/06/2017 12:30:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/05/2017 12:30:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/04/2017 01:47:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


System errors:
=============
Error: (04/10/2017 02:00:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/10/2017 01:59:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/10/2017 01:59:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/10/2017 01:49:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/10/2017 10:02:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/10/2017 10:01:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/10/2017 10:01:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/10/2017 03:04:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/08/2017 02:18:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/08/2017 02:17:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)


CodeIntegrity:
===================================
Date: 2017-04-10 23:08:31.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-10 22:23:46.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-10 13:59:59.540
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-10 13:14:23.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-10 10:01:16.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-09 23:13:51.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-09 21:01:27.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-09 19:53:16.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-09 12:15:31.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-08 14:17:35.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 16281.75 MB
Available physical RAM: 12521.07 MB
Total Virtual: 32561.68 MB
Available Virtual: 28575.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447.03 GB) (Free:84.38 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:558.81 GB) (Free:118.76 GB) NTFS
Drive g: () (Fixed) (Total:1862.92 GB) (Free:1289.02 GB) NTFS
Drive I: (ED) (Removable) (Total:3.72 GB) (Free:1.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 5449E575)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BD0D67B6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: ED4C1BB4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=558.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)

==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Mazrim (administrator) on STORM2 (10-04-2017 23:12:56)
Running from C:\Users\Mazrim\Desktop
Loaded Profiles: Mazrim (Available Profiles: Mazrim)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(Spotify Ltd) C:\Users\Mazrim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Mazrim\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Mazrim\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\gaming_hook.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\gaming_hook.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-03-02] (Razer Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [13760208 2017-01-27] (Corsair Components, Inc.)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [Spotify Web Helper] => C:\Users\Mazrim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-02-22] (Spotify Ltd)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-03-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C5B71E6-CBC2-4545-BCE3-F4BB5D8AE309}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F01BD071-824E-41BF-B832-05F6B2DC588D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)

FireFox:
========
FF ProfilePath: C:\Users\Mazrim\AppData\Roaming\Mozilla\Firefox\Profiles\z024eioi.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2832065358-1053774325-2113242752-1000: @my.com/Games -> C:\Users\Mazrim\AppData\Local\MyComGames\NPMyComDetector.dll [2016-12-24] (MY.COM B.V.)
FF Extension: No Name - C:\Users\Mazrim\AppData\Roaming\Mozilla\Firefox\Profiles\z024eioi.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2016-02-28]
FF Extension: Adblock Plus - C:\Users\Mazrim\AppData\Roaming\Mozilla\Firefox\Profiles\z024eioi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-28]
CHR Extension: (Google Docs) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-28]
CHR Extension: (Google Drive) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-28]
CHR Extension: (YouTube) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-28]
CHR Extension: (Google Search) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-24]
CHR Extension: (Google Sheets) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-28]
CHR Extension: (Avast Online Security) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-28]
CHR Extension: (Gmail) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-22]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-06-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-27] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-27] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-03-31] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-27] (NVIDIA Corporation)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-03-20] (Razer Inc.)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)

R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)

R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)

R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-05] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-05] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)

R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)

R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [43000 2017-01-20] (Corsair)

R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [27640 2017-01-20] (Corsair)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-03-27] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-27] (NVIDIA Corporation)

R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)

R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50384 2015-10-26] (Razer Inc)

R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [47320 2015-10-26] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)

S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]



==================== NetSvcs (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)





==================== One Month Created files and folders ========



(If an entry is included in the fixlist, the file/folder will be moved.)



2017-04-10 23:12 - 2017-04-10 23:12 - 00017246 _____ C:\Users\Mazrim\Desktop\FRST.txt

2017-04-10 22:27 - 2017-04-10 22:27 - 00000000 ____D C:\ProgramData\SWCUTemp

2017-04-10 13:25 - 2017-03-31 21:36 - 00136248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2017-04-10 13:21 - 2017-04-02 12:12 - 00218040 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2017-04-10 13:21 - 2017-04-02 12:12 - 00046008 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 40201152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 35315256 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 35280320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 16431320 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 14653888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2017-04-10 13:21 - 2017-03-31 23:20 - 11112928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 10636240 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 09316648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 09014792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 08876272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 03430336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 03012152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 01988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438165.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438165.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 01054776 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00991800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00960448 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00912952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00577544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00507504 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00426312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00406736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2017-04-10 13:21 - 2017-03-31 23:20 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json

2017-04-10 13:21 - 2017-03-31 23:20 - 00000669 _____ C:\Windows\system32\nv-vk64.json

2017-04-10 13:21 - 2017-03-31 20:41 - 00076840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys

2017-04-10 13:15 - 2017-03-21 00:27 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat

2017-04-10 13:14 - 2017-03-27 23:32 - 00153536 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2017-04-10 13:14 - 2017-03-27 23:32 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2017-04-10 13:14 - 2017-03-27 23:32 - 00047552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2017-04-05 04:32 - 2017-04-05 04:31 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2017-03-26 23:06 - 2017-04-10 13:16 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2017-03-26 23:05 - 2017-04-10 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2017-03-26 23:05 - 2017-04-10 13:16 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-03-26 23:05 - 2017-04-10 13:16 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-03-26 23:05 - 2017-04-10 13:16 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-03-26 23:05 - 2017-04-10 13:16 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-03-26 23:05 - 2017-04-10 13:16 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-03-26 23:05 - 2017-04-10 13:16 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-03-26 23:05 - 2017-04-10 13:16 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-03-26 23:05 - 2017-03-27 23:32 - 01882048 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2017-03-26 23:05 - 2017-03-27 23:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2017-03-26 23:05 - 2017-03-27 23:32 - 01472960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2017-03-26 23:05 - 2017-03-27 23:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2017-03-26 23:05 - 2017-03-27 23:32 - 00121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll

2017-03-26 23:04 - 2017-03-31 22:09 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

2017-03-26 23:03 - 2017-03-31 23:20 - 03588376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2017-03-26 23:03 - 2017-03-16 20:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll

2017-03-26 23:03 - 2017-03-16 20:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll

2017-03-24 16:41 - 2017-03-24 16:41 - 00033653 _____ C:\Users\Mazrim\Desktop\DxDiag_3_24_17.txt

2017-03-20 23:12 - 2017-03-20 23:12 - 00105088 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll

2017-03-20 23:12 - 2017-03-20 23:12 - 00048776 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll

2017-03-20 23:11 - 2017-03-20 23:11 - 00114816 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll

2017-03-16 15:53 - 2017-03-16 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype

2017-03-16 15:53 - 2017-03-16 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2017-03-16 15:52 - 2017-04-05 04:32 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update

2017-03-16 15:51 - 2017-04-05 04:31 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys

2017-03-16 15:51 - 2017-04-05 04:31 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys

2017-03-16 15:51 - 2017-04-05 04:31 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys

2017-03-16 15:51 - 2017-04-05 04:31 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys



==================== One Month Modified files and folders ========



(If an entry is included in the fixlist, the file/folder will be moved.)



2017-04-10 23:13 - 2017-02-02 18:56 - 00000000 ____D C:\FRST

2017-04-10 23:09 - 2016-11-18 20:43 - 00000000 ____D C:\Users\Mazrim\AppData\LocalLow\Mozilla

2017-04-10 23:00 - 2016-04-04 18:56 - 00000000 ____D C:\Users\Mazrim\AppData\Roaming\Skype

2017-04-10 22:27 - 2016-02-28 03:04 - 00000000 ____D C:\Users\Mazrim\AppData\Local\Google

2017-04-10 14:20 - 2016-02-27 22:43 - 01775251 _____ C:\Windows\WindowsUpdate.log

2017-04-10 14:07 - 2009-07-14 00:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-04-10 14:07 - 2009-07-14 00:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-04-10 14:05 - 2016-03-02 13:05 - 00000000 ____D C:\Program Files (x86)\Steam

2017-04-10 14:05 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI

2017-04-10 14:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2017-04-10 14:00 - 2016-02-28 00:33 - 00000000 ____D C:\ProgramData\NVIDIA

2017-04-10 13:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-04-10 13:59 - 2009-07-14 00:51 - 00053027 _____ C:\Windows\setupact.log

2017-04-10 13:25 - 2016-03-11 17:42 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2017-04-10 13:25 - 2016-02-28 00:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-04-10 13:22 - 2016-02-28 00:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-04-10 13:18 - 2016-02-28 00:30 - 00000000 ____D C:\Users\Mazrim\AppData\Local\NVIDIA Corporation

2017-04-10 13:16 - 2016-02-28 00:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-04-10 02:36 - 2016-02-28 03:37 - 00000000 ____D C:\Users\Mazrim\AppData\Local\CrashDumps

2017-04-08 14:17 - 2016-03-22 17:48 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458683308

2017-04-08 14:17 - 2016-02-28 04:01 - 00685182 _____ C:\Windows\PFRO.log

2017-04-05 04:31 - 2016-03-22 17:48 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2017-04-05 04:31 - 2016-02-28 03:03 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2017-04-03 21:46 - 2016-02-28 03:04 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-04-03 21:46 - 2016-02-28 03:04 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-04-03 17:26 - 2016-10-19 09:10 - 00000000 ____D C:\Users\Mazrim\Desktop\Grim Dawn Backup files March 2017

2017-04-03 17:26 - 2016-10-19 08:59 - 00000000 ____D C:\Users\Mazrim\AppData\Local\Deployment

2017-04-02 12:12 - 2016-02-28 00:32 - 01600560 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

2017-03-31 23:20 - 2017-02-02 19:42 - 28560440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2017-03-31 23:20 - 2017-02-02 19:42 - 13398512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2017-03-31 23:20 - 2016-10-24 20:10 - 00491208 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2017-03-31 23:20 - 2016-03-11 17:41 - 17418608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2017-03-31 23:20 - 2016-02-28 00:32 - 20055968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2017-03-31 23:20 - 2016-02-28 00:32 - 04071816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2017-03-31 23:20 - 2016-02-28 00:32 - 00042897 _____ C:\Windows\system32\nvinfo.pb

2017-03-31 22:10 - 2016-02-28 00:33 - 06437312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2017-03-31 22:10 - 2016-02-28 00:33 - 02481208 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2017-03-31 22:10 - 2016-02-28 00:33 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2017-03-31 22:10 - 2016-02-28 00:33 - 00549944 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2017-03-31 22:10 - 2016-02-28 00:33 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2017-03-31 22:10 - 2016-02-28 00:33 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2017-03-31 22:10 - 2016-02-28 00:33 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2017-03-31 06:15 - 2016-02-28 00:33 - 07851747 _____ C:\Windows\system32\nvcoproc.bin

2017-03-30 21:31 - 2016-11-17 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-03-30 21:31 - 2016-02-27 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-03-26 23:06 - 2016-02-28 00:30 - 00000000 ____D C:\Users\Mazrim\AppData\Local\NVIDIA

2017-03-23 20:18 - 2016-02-28 03:03 - 00000000 ____D C:\ProgramData\AVAST Software

2017-03-22 00:22 - 2016-07-04 17:59 - 00000000 ____D C:\Users\Mazrim\AppData\Roaming\Kodi

2017-03-20 16:36 - 2016-03-03 22:02 - 00000000 ____D C:\Users\Mazrim\AppData\Local\Warframe

2017-03-17 12:30 - 2016-12-24 11:56 - 00000000 ____D C:\Users\Mazrim\AppData\Local\MyComGames

2017-03-17 12:13 - 2016-02-28 00:30 - 00000000 ____D C:\ProgramData\Package Cache

2017-03-16 15:53 - 2016-04-04 18:56 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk

2017-03-16 15:53 - 2016-04-04 18:56 - 00000000 ____D C:\ProgramData\Skype

2017-03-16 15:51 - 2016-02-28 03:03 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148969392431104

2017-03-16 15:51 - 2016-02-28 03:03 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148969392520006

2017-03-15 01:45 - 2016-02-28 01:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-03-15 01:45 - 2016-02-28 01:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-03-15 01:45 - 2016-02-28 01:40 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-03-15 01:45 - 2016-02-28 01:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-03-15 01:45 - 2016-02-28 01:40 - 00000000 ____D C:\Windows\system32\Macromed



==================== Files in the root of some directories =======



2016-07-24 23:16 - 2016-07-24 23:16 - 0000864 _____ () C:\Users\Mazrim\AppData\Roaming\.PC3D.cfg

2016-04-17 22:02 - 2016-04-17 22:02 - 0007605 _____ () C:\Users\Mazrim\AppData\Local\Resmon.ResmonCfg

2016-05-18 17:11 - 2016-05-18 17:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2016-12-22 17:42 - 2017-01-30 04:56 - 0006292 _____ () C:\ProgramData\NvTelemetryContainer.log

2016-12-22 17:42 - 2017-01-14 15:25 - 0005504 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1



Some files in TEMP:

====================

C:\Users\Mazrim\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Mazrim\AppData\Local\Temp\nvStInst.exe

C:\Users\Mazrim\AppData\Local\Temp\ose00000.exe





==================== Bamital & volsnap =================



(There is no automatic fix for files that do not pass verification.)



C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed





LastRegBack: 2017-04-03 01:46



==================== End of FRST.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

What are the exact issues?

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I do have one question before I start the cleaning process:

I believe that my flash drive that has all of my college work on it for this semester, may also be infected. It is still plugged into my rig at the moment. Should I go ahead and unplug that before I begin? Also, is there a way to clean a flash drive in the event of a possible infection?
 
RogueKiller V12.10.4.0 (x64) [Apr 10 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mazrim [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/13/2017 14:28:57 (Duration : 00:20:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 32 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Mazrim_ON_G_B668\Software\iLivid -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_Mazrim_ON_G_B668\Software\iLivid -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet001\Services\X6va005 (\??\C:\Users\Mazrim\AppData\Local\Temp\0058300.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet002\Services\X6va005 (\??\C:\Users\Mazrim\AppData\Local\Temp\0058300.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B253FB23-C317-4C37-B40B-9D8D295E7F03} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Mazrim\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Games| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E8770ADF-5FEE-44D0-A3AB-CFC4C6869C5B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Mazrim\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Games| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ACC1F694-7F2B-419B-956C-E15FD9C2F8D3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C67DC3BA-14AF-479C-8836-AF18B54CCDEB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path|VT.Opencandy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1418FA24-DEBD-42FD-954B-7B7986EA7302} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path|VT.Opencandy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7626DE1C-5F6C-48DC-B092-3512B43DC7BC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B70D18F-555D-4BA4-BDBA-ED7CF07A143C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0B8E01DB-BDA3-4ED0-88D5-F3A9FA9AD71A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0DA263BA-BE54-4E31-9F3C-412DE67870F2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CC8FB31F-D910-4382-AA9A-F1968417810E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3290984-42A5-4DD4-9AE8-B17376A396B2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Mazrim\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {380301B0-62BF-489E-AAB9-A851445871F8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Mazrim\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{39047E13-74CD-4BF8-A872-444068171606}C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{122A5BAA-338B-4E3A-8BA4-D22CFA19138E}C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B253FB23-C317-4C37-B40B-9D8D295E7F03} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Mazrim\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Games| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E8770ADF-5FEE-44D0-A3AB-CFC4C6869C5B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Mazrim\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Games| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ACC1F694-7F2B-419B-956C-E15FD9C2F8D3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C67DC3BA-14AF-479C-8836-AF18B54CCDEB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path|VT.Opencandy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1418FA24-DEBD-42FD-954B-7B7986EA7302} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path|VT.Opencandy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_C5A0\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7626DE1C-5F6C-48DC-B092-3512B43DC7BC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B70D18F-555D-4BA4-BDBA-ED7CF07A143C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0B8E01DB-BDA3-4ED0-88D5-F3A9FA9AD71A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0DA263BA-BE54-4E31-9F3C-412DE67870F2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_7B09\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CC8FB31F-D910-4382-AA9A-F1968417810E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Mazrim\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3290984-42A5-4DD4-9AE8-B17376A396B2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Mazrim\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {380301B0-62BF-489E-AAB9-A851445871F8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Mazrim\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{39047E13-74CD-4BF8-A872-444068171606}C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{122A5BAA-338B-4E3A-8BA4-D22CFA19138E}C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mazrim\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Defer=User| [7] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: PNY CS1311 480GB SSD ATA Device +++++
--- User ---
[MBR] 450695ad9d82bdb0ac3505c758ec4b62
[BSP] 786aeb4b6093250b73fb352f84db57ea : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 457760 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] c935882b714ac7a13a1d2d78758c39ad
[BSP] a7fb23470c64d4f16154a6995ec856d0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD6000HLHX-01JJPV0 ATA Device +++++
--- User ---
[MBR] 22f8c133972d448646bf3d39e83de9bc
[BSP] a6d5a6844cbb2c67feb3dae58eebb32f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 572223 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/13/17
Scan Time: 4:21 PM
Logfile: MBAM scan 4-13-17.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1723
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Storm2\Mazrim

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323729
Time Elapsed: 1 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
# AdwCleaner v6.045 - Logfile created 13/04/2017 at 16:32:58
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-13.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Mazrim - STORM2
# Running from : C:\Users\Mazrim\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Web browsers ] *****

[-] [C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1371 Bytes] - [13/04/2017 16:32:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1625 Bytes] - [13/04/2017 16:31:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1517 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64
Ran by Mazrim (Administrator) on Thu 04/13/2017 at 16:39:20.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 32

Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4F82QUU9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P1HT742 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90I7P70C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJH0SZ65 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOUW5OD0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J89MH9OO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOIWXPHH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGGAHZ4B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTX4AX2B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9Y4QYYH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG1NL0DE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mazrim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJLM3FYG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4F82QUU9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P1HT742 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90I7P70C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJH0SZ65 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOUW5OD0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J89MH9OO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOIWXPHH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGGAHZ4B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTX4AX2B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9Y4QYYH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG1NL0DE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJLM3FYG (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/13/2017 at 16:41:26.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Web navigating is smoother now, without the long hang when trying to use search. Can go to google now without having to end task (firefox was locking up when trying to go to google).

Load time to desktop from login screen is about 15-30s now, as opposed to 2-3 minutes before.
 
Good :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 17-04-05.01 - Mazrim 04/13/2017 23:33:29.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16282.13674 [GMT -4:00]
Running from: c:\users\Mazrim\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mazrim\Desktop\Setup.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
G:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2017-03-14 to 2017-04-14 )))))))))))))))))))))))))))))))
.
.
2017-04-14 03:42 . 2017-04-14 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-04-13 20:29 . 2017-04-13 20:32 -------- d-----w- C:\AdwCleaner
2017-04-13 20:20 . 2017-04-14 03:50 251832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-13 20:19 . 2017-03-22 15:02 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-04-13 20:19 . 2017-04-13 20:19 -------- d-----w- c:\programdata\Malwarebytes
2017-04-13 20:19 . 2017-04-13 20:19 -------- d-----w- c:\program files\Malwarebytes
2017-04-13 18:28 . 2017-04-13 18:28 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-04-13 18:28 . 2017-04-13 20:19 -------- d-----w- c:\programdata\RogueKiller
2017-04-13 18:28 . 2017-04-13 18:28 -------- d-----w- c:\program files\RogueKiller
2017-04-10 17:25 . 2017-04-01 01:36 136248 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2017-04-10 17:15 . 2017-03-21 04:27 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2017-04-10 17:14 . 2017-03-28 03:32 47552 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-04-10 17:14 . 2017-03-28 03:32 153536 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-04-10 17:14 . 2017-03-28 03:32 127424 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2017-04-05 08:32 . 2017-04-05 08:31 399944 ----a-w- c:\windows\system32\aswBoot.exe
2017-03-27 03:05 . 2017-03-28 03:32 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2017-03-27 03:05 . 2017-03-28 03:32 1882048 ----a-w- c:\windows\system32\nvspcap64.dll
2017-03-27 03:05 . 2017-03-28 03:32 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2017-03-27 03:05 . 2017-03-28 03:32 121280 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2017-03-27 03:05 . 2017-03-28 03:32 1472960 ----a-w- c:\windows\SysWow64\nvspcap.dll
2017-03-27 03:04 . 2017-04-01 02:09 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-03-27 03:03 . 2017-03-17 00:59 1983424 ----a-w- c:\windows\system32\nvdispco6437892.dll
2017-03-27 03:03 . 2017-03-17 00:59 1589696 ----a-w- c:\windows\system32\nvdispgenco6437892.dll
2017-03-27 03:03 . 2017-04-01 03:20 3588376 ----a-w- c:\windows\SysWow64\nvapi.dll
2017-03-21 03:12 . 2017-03-21 03:12 48776 ----a-w- c:\windows\SysWow64\RzAPIChromaSDK.dll
2017-03-21 03:12 . 2017-03-21 03:12 105088 ----a-w- c:\windows\SysWow64\RzChromaSDK.dll
2017-03-21 03:11 . 2017-03-21 03:11 114816 ----a-w- c:\windows\system32\RzChromaSDK64.dll
2017-03-17 15:55 . 2017-03-30 11:04 527816 ----a-w- c:\program files (x86)\Mozilla Firefox\minidump-analyzer.exe
2017-03-16 19:53 . 2017-03-16 19:53 -------- d-----r- c:\program files (x86)\Skype
2017-03-16 19:53 . 2017-03-16 19:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2017-03-16 19:51 . 2017-04-05 08:31 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-03-16 19:51 . 2017-04-05 08:31 334088 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-03-16 19:51 . 2017-04-05 08:31 307736 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-03-16 19:51 . 2017-04-05 08:31 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-11 20:45 . 2016-02-28 05:40 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-04-11 20:45 . 2016-02-28 05:40 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-05 08:31 . 2016-02-28 07:03 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-04-05 08:31 . 2016-02-28 07:03 556784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-04-05 08:31 . 2016-02-28 07:03 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-04-05 08:31 . 2016-02-28 07:03 339696 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-04-05 08:31 . 2016-02-28 07:03 164064 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-04-05 08:31 . 2016-02-28 07:03 127112 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-04-05 08:31 . 2016-02-28 07:03 101152 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-04-05 08:31 . 2016-03-22 21:48 32600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-04-05 08:31 . 2016-02-28 07:03 1005048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-04-02 16:12 . 2016-02-28 04:32 1600560 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-04-01 03:20 . 2017-02-02 23:42 28560440 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-04-01 03:20 . 2017-02-02 23:42 13398512 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-04-01 03:20 . 2016-10-25 00:10 491208 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-04-01 03:20 . 2016-03-11 21:41 17418608 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-04-01 03:20 . 2016-02-28 04:32 4071816 ----a-w- c:\windows\system32\nvapi64.dll
2017-04-01 03:20 . 2016-02-28 04:32 20055968 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-04-01 02:10 . 2016-02-28 04:33 6437312 ----a-w- c:\windows\system32\nvcpl.dll
2017-04-01 02:10 . 2016-02-28 04:33 2481208 ----a-w- c:\windows\system32\nvsvc64.dll
2017-04-01 02:10 . 2016-02-28 04:33 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2017-04-01 02:10 . 2016-02-28 04:33 71224 ----a-w- c:\windows\system32\nvshext.dll
2017-04-01 02:10 . 2016-02-28 04:33 549944 ----a-w- c:\windows\system32\nv3dappshext.dll
2017-04-01 02:10 . 2016-02-28 04:33 393784 ----a-w- c:\windows\system32\nvmctray.dll
2017-04-01 02:10 . 2016-02-28 04:33 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2017-03-31 10:15 . 2016-02-28 04:33 7851747 ----a-w- c:\windows\system32\nvcoproc.bin
2017-03-10 21:17 . 2017-03-10 21:17 525600 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-42-1.dll
2017-03-10 21:17 . 2016-03-11 21:42 525600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-03-10 21:17 . 2017-03-10 21:17 233760 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-42-1.exe
2017-03-10 21:17 . 2016-03-11 21:42 233760 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-03-10 21:17 . 2017-03-10 21:17 536864 ----a-w- c:\windows\system32\vulkan-1-1-0-42-1.dll
2017-03-10 21:17 . 2016-03-11 21:42 536864 ----a-w- c:\windows\system32\vulkan-1.dll
2017-03-10 21:17 . 2017-03-10 21:17 254240 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-42-1.exe
2017-03-10 21:17 . 2016-03-11 21:42 254240 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-01-20 20:28 . 2017-01-20 20:28 43000 ----a-w- c:\windows\system32\drivers\CorsairVBusDriver.sys
2017-01-20 20:28 . 2017-01-20 20:28 27640 ----a-w- c:\windows\system32\drivers\CorsairVHidDriver.sys
2017-01-20 16:36 . 2017-02-02 23:42 1985080 ----a-w- c:\windows\system32\nvdispco6437849.dll
2017-01-20 16:36 . 2017-02-02 23:42 1591352 ----a-w- c:\windows\system32\nvdispgenco6437849.dll
2017-01-20 16:36 . 2016-02-28 04:33 512960 ----a-w- c:\windows\system32\OpenCL.dll
2017-01-20 16:36 . 2016-02-28 04:33 420408 ----a-w- c:\windows\SysWow64\OpenCL.dll
2017-01-14 08:57 . 2016-02-28 04:51 135657872 -c--a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2017-03-23 3019552]
"Spotify Web Helper"="c:\users\Mazrim\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2017-02-22 1431664]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-03-14 27545048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2017-03-02 596640]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2016-01-20 1087184]
"Corsair Utility Engine"="c:\program files (x86)\Corsair\Corsair Utility Engine\CUE.exe" [2017-01-27 13760208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AODDriver4.3.0;AODDriver4.3.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 Razer Chroma SDK Service;Razer Chroma SDK Service;c:\program files (x86)\Razer Chroma SDK\bin\RzSDKService.exe;c:\program files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S3 CorsairVBusDriver;Corsair Bus;c:\windows\system32\DRIVERS\CorsairVBusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVBusDriver.sys [x]
S3 CorsairVHidDriver;Corsair virtual device;c:\windows\system32\DRIVERS\CorsairVHidDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVHidDriver.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzmpos;rzmpos;c:\windows\system32\DRIVERS\rzmpos.sys;c:\windows\SYSNATIVE\DRIVERS\rzmpos.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-04-04 01:46 1319256 ----a-w- c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-23 c:\windows\Tasks\EPSON WF-3620 Series Invitation {BB533B34-5626-4473-83FF-5552782BBE7B}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2016-05-01 08:20]
.
2017-02-23 c:\windows\Tasks\EPSON WF-3620 Series Invitation {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2016-05-01 08:20]
.
2017-02-23 c:\windows\Tasks\EPSON WF-3620 Series Update {BB533B34-5626-4473-83FF-5552782BBE7B}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2016-05-01 08:20]
.
2017-02-23 c:\windows\Tasks\EPSON WF-3620 Series Update {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2016-05-01 08:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-05 08:31 1529352 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-05 08:31 1529352 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-10-04 7200984]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-09-26 1353432]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-03-28 1882048]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-04-05 213824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mazrim\AppData\Roaming\Mozilla\Firefox\Profiles\z024eioi.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\program files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
.
**************************************************************************
.
Completion time: 2017-04-14 00:00:36 - machine was rebooted
ComboFix-quarantined-files.txt 2017-04-14 04:00
.
Pre-Run: 87,709,356,032 bytes free
Post-Run: 139,723,939,840 bytes free
.
- - End Of File - - 02ACDACC87D89D7828B1DAABED9E60F5
A36C5E4F47E84449FF07ED3517B43A31
 
Response time is much, much faster now. Time from when I login to when Windows goes to desktop is now instant on my SSD. Load times on browser (firefox) is now back to 1-2 second load times.
 
Good :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015

Ran by Mazrim (2017-04-15 01:41:57)

Running from C:\Users\Mazrim\Desktop

Windows 7 Ultimate Service Pack 1 (X64) (2016-02-28 02:43:02)

Boot Mode: Normal

==========================================================





==================== Accounts: =============================



Administrator (S-1-5-21-2832065358-1053774325-2113242752-500 - Administrator - Disabled)

Guest (S-1-5-21-2832065358-1053774325-2113242752-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2832065358-1053774325-2113242752-1002 - Limited - Enabled)

Mazrim (S-1-5-21-2832065358-1053774325-2113242752-1000 - Administrator - Enabled) => C:\Users\Mazrim



==================== Security Center ========================



(If an entry is included in the fixlist, it will be removed.)



AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



==================== Installed Programs ======================



(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



ACD/Labs 2015 Freeware in C:\ACD2015FREE\ (HKLM-x32\...\ACDLabs in C__ACD2015FREE_) (Version: v14.00, FREE - ACD/Labs)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)

Ansel (Version: 381.65 - NVIDIA Corporation) Hidden

AutoHotkey 1.1.23.03 (HKLM\...\AutoHotkey) (Version: 1.1.23.03 - Lexikos)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)

Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden

Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)

CLC Genomics Workbench 8.5.1 (HKLM\...\clcgenomicswb8) (Version: 8.5.1 - QIAGEN Aarhus A/S)

Corsair Utility Engine (HKLM-x32\...\{D1A3ECB3-18F1-4EB2-9C1B-A83DE1D16976}) (Version: 2.10.71 - Corsair)

Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)

Discord (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)

Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)

Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)

Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )

EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)

FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)

GD Defiler (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\eb52a1e1a73b9708) (Version: 0.1.1.5 - Soul's Software)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden

Grim Dawn (HKLM\...\Steam App 219990) (Version: - Crate Entertainment)

Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)

Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)

Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)

Kodi (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Kodi) (Version: - XBMC-Foundation)

Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)

Marvel Heroes Game (HKLM-x32\...\{f8f040bd-5ced-4167-a116-592fce1698f4}_is1) (Version: 1.0 - Gazillion Entertainment)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)

My.com Game Center (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\MyComGames) (Version: 3.192 - My.com B.V.)

NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)

NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)

NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)

NVIDIA Graphics Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)

NvNodejs (Version: 3.5.0.70 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden

NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden

OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)

PC3D Viewer (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\PC3D Viewer) (Version: - NCBI)

Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.14.7 - Razer Inc.)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.302 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)

Revelation Online (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Revelation Online) (Version: 1.26 - My.com B.V.)

RogueKiller version 12.10.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.4.0 - Adlice Software)

SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden

SHIELD Streaming (Version: 7.1.0360 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.5.0.70 - NVIDIA Corporation) Hidden

Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)

SkySaga Infinite Isles (HKLM-x32\...\SkySaga Infinite Isles 1.0.3713.0) (Version: 1.0.3713.0 - Radiant Worlds)

SkySaga Infinite Isles (x32 Version: 1.0.3713.0 - Radiant Worlds) Hidden

Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)

Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)

Spotify (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)

Star Citizen Launcher (HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)

The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)

The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)

WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)



==================== Custom CLSID (Whitelisted): ==========================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)





==================== Restore Points =========================



24-02-2016 14:36:47 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506

24-02-2016 14:37:15 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026

24-02-2016 14:37:28 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506

24-02-2016 14:37:55 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026

27-02-2016 01:49:08 Windows Update

25-03-2017 04:43:59 Scheduled Checkpoint

02-04-2017 05:20:16 Scheduled Checkpoint

11-04-2017 05:07:56 Scheduled Checkpoint

13-04-2017 16:39:22 JRT Pre-Junkware Removal



==================== Hosts content: ===============================



(If needed Hosts: directive could be included in the fixlist to reset Hosts.)



2009-07-13 22:34 - 2017-04-13 23:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost



==================== Scheduled Tasks (Whitelisted) =============



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



Task: {09710573-039E-466F-9BE0-7FCC0ED4E3CD} - System32\Tasks\EPSON WF-3620 Series Update {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {10F8BC8B-3559-4D6B-9801-DA83B9777306} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)

Task: {1135FAC8-0B06-4705-8D37-0B2358C6F4C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)

Task: {11A3E510-6AF1-40B0-B5F3-33E0F0B07460} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)

Task: {26E29A7D-57C3-4DBD-9875-2C688CB94372} - System32\Tasks\{2CFF223A-057B-4FE4-A0AF-40D8CEA746DC} => pcalua.exe -a C:\Users\Mazrim\Downloads\NDP46-KB3045560-Web.exe -d C:\Users\Mazrim\Downloads

Task: {401D9397-BF75-466C-B766-0E28CB8A77DA} - System32\Tasks\EPSON WF-3620 Series Invitation {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {40A808C9-A73F-4091-A2F8-1D6BA603224B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-27] (NVIDIA Corporation)

Task: {4B560D85-56DB-42D8-8B90-F200B6EBFDB6} - System32\Tasks\{C74B427A-421F-4BEA-998B-7A3E49009CB8} => Firefox.exe

Task: {4D1CA325-CB20-4887-BC18-E3C81844FFBB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-05] (AVAST Software)

Task: {7017541B-B27D-4D68-86BE-5EABE7C0BE51} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)

Task: {836930EA-A678-4CD4-827C-E2250C374FF9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)

Task: {840AA1F5-D2AB-4678-963D-EAA7CD0B1B04} - System32\Tasks\SafeZone scheduled Autoupdate 1458683308 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)

Task: {92148F3C-A3A0-4BB9-8A9D-F90BD68D3C4A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-27] (NVIDIA Corporation)

Task: {96F81140-DBB4-4263-A09A-C24C3C1424C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)

Task: {A25DEB4A-381A-4608-A5CD-6A3CF028A9D4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)

Task: {AB30CDE4-4347-4210-BD77-0A8C4F4FCB89} - System32\Tasks\EPSON WF-3620 Series Update {BB533B34-5626-4473-83FF-5552782BBE7B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {D801F80B-F834-4847-9C12-380D9D220E18} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)

Task: {E723F7B0-85D5-488E-8F99-CCD20889AD17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)

Task: {ED71C5FB-1503-41C3-9A7D-B6D5C27429AD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-27] (NVIDIA Corporation)

Task: {F0A3879B-B1B4-40D7-A92E-85FBF6794F0A} - System32\Tasks\EPSON WF-3620 Series Invitation {BB533B34-5626-4473-83FF-5552782BBE7B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)



(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)



Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {BB533B34-5626-4473-83FF-5552782BBE7B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE

Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE

Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {BB533B34-5626-4473-83FF-5552782BBE7B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{BB533B34-5626-4473-83FF-5552782BBE7B} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{E812D5C5-CCD3-4FBD-AEF5-32A3A74B9B5D} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi



==================== Loaded Modules (Whitelisted) ==============



2014-09-19 06:35 - 2014-09-19 06:35 - 00137584 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

2017-03-26 23:05 - 2017-03-27 23:32 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2016-02-28 00:33 - 2017-03-31 22:10 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2017-04-13 16:19 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00522512 _____ () C:\Program Files\AVAST Software\Avast\x64\gaming_spy.dll

2017-01-18 23:22 - 2017-01-18 23:22 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

2017-04-05 04:31 - 2017-04-05 04:31 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-04-14 08:54 - 2017-04-14 08:54 - 05911040 _____ () C:\Program Files\AVAST Software\Avast\defs\17041400\algo.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll

2014-09-19 06:35 - 2014-09-19 06:35 - 00625000 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll

2014-09-19 06:35 - 2014-09-19 06:35 - 03860848 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll

2014-09-19 06:35 - 2014-09-19 06:35 - 01587560 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll

2014-09-19 06:35 - 2014-09-19 06:35 - 06441320 _____ () C:\Program Files (x86)\AMD\OverDrive\QtGui4.dll

2014-09-19 06:35 - 2014-09-19 06:35 - 00362856 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll

2017-03-26 23:05 - 2017-03-27 23:32 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00454424 _____ () C:\Program Files\AVAST Software\Avast\gaming_spy.dll

2016-06-30 06:45 - 2016-06-30 06:45 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-04-05 04:31 - 2017-04-05 04:31 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

2016-03-02 13:05 - 2017-03-09 20:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2016-03-02 13:05 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll

2016-03-02 13:05 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2016-03-02 13:05 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2016-03-02 13:05 - 2017-03-22 20:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll

2016-03-02 13:05 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2016-03-02 13:05 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2016-03-02 13:05 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2016-03-02 13:05 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2016-03-02 13:05 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2016-03-02 13:05 - 2017-03-30 18:46 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2016-03-30 08:18 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll

2016-12-25 16:35 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll

2016-03-02 13:05 - 2017-03-22 20:52 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll

2017-03-26 23:05 - 2017-03-27 23:32 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

2017-02-20 04:10 - 2017-02-20 04:10 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

2017-01-09 08:44 - 2016-10-08 03:13 - 50656768 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll

2017-01-27 18:11 - 2017-01-27 18:11 - 00211456 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll

2017-01-27 18:09 - 2017-01-27 18:09 - 00093184 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll

2017-01-27 18:10 - 2017-01-27 18:10 - 00037376 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll

2016-12-01 13:37 - 2016-12-01 13:37 - 00011264 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL

2016-12-01 13:37 - 2016-12-01 13:37 - 01990144 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll

2017-03-26 23:05 - 2017-03-21 00:27 - 02442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node

2017-03-26 23:05 - 2017-03-21 00:27 - 00363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node

2017-03-26 23:05 - 2017-03-21 00:27 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node

2017-03-26 23:05 - 2017-03-21 00:27 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node

2017-03-26 23:05 - 2017-03-21 00:27 - 00469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

2017-03-26 23:05 - 2017-03-21 00:27 - 00571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node

2017-01-09 08:44 - 2016-10-08 03:13 - 50656768 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll

2017-01-09 08:44 - 2016-10-08 03:13 - 01874944 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll

2017-01-09 08:44 - 2016-10-08 03:13 - 00075264 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll

2017-01-09 08:44 - 2016-10-08 03:13 - 01874944 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll

2017-01-09 08:44 - 2016-10-08 03:13 - 00075264 _____ () C:\Users\Mazrim\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll

2016-03-02 13:05 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll



==================== Alternate Data Streams (Whitelisted) =========



(If an entry is included in the fixlist, only the ADS will be removed.)





==================== Safe Mode (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"



==================== EXE Association (Whitelisted) ===============



(If an entry is included in the fixlist, the registry item will be restored to default or removed.)





==================== Internet Explorer trusted/restricted ===============



(If an entry is included in the fixlist, it will be removed from the registry.)





==================== Other Areas ============================



(Currently there is no automatic fix for this section.)



HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mazrim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.



==================== MSCONFIG/TASK MANAGER disabled items ==



(Currently there is no automatic fix for this section.)



MSCONFIG\Services: MBAMService => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Genie.lnk => C:\Windows\pss\NETGEAR WNDA3100v2 Genie.lnk.CommonStartup

MSCONFIG\startupreg: Discord => C:\Users\Mazrim\AppData\Local\Discord\app-0.0.296\Discord.exe

MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe

MSCONFIG\startupreg: MyComGames => "C:\Users\Mazrim\AppData\Local\MyComGames\MyComGames.exe" -autostart

MSCONFIG\startupreg: Spotify => "C:\Users\Mazrim\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mazrim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BD750EB-032E-4F98-AB71-75764283CE97}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6DDDB30-223F-49E4-808E-446A499E6292}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34C08CAF-52A7-43CD-BC43-4CD0C7AFECB9}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{7E105D1B-4B8E-4D07-88AE-F33845634AEE}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{C1472F45-7FE0-41E7-9BCA-76628FF810B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{723CA262-13BC-45C1-8CCC-98AD0E92CAA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8901505-1A2C-443A-8453-523E1C53A43E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{40151567-0EED-478C-844A-FF8F334E7A79}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{9ADDBE4C-0988-4EC7-9FF4-47332E701CD0}C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [UDP Query User{0E0F933E-9210-4930-8295-B59FAF1FFCCD}C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [{7E4FA3D3-2625-40B4-BA26-4C7C1DBD757C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{915C2CCF-3721-4854-81F2-6E582FC2BB70}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2C736F83-D3C2-491C-83E8-3E5B7CFA547F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{63BE69A8-5DBF-4019-9B2A-7EEB708379C4}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => (Allow) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe
FirewallRules: [UDP Query User{6D13796E-F55A-4B0F-A288-F46621453F3C}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => (Allow) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe
FirewallRules: [TCP Query User{C6718825-AFB8-4464-8CDF-2958BD31F094}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{7D39D96D-204D-4860-AF62-9FBD973F78CF}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{4825D96C-06A4-4162-B437-F5A225EC5AC9}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{E977D7CE-8334-4220-A4D0-DB1C9450EAF4}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{8E4DD75C-D3BF-4894-BA8E-8778CB5F75F6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{03B0E567-7B31-4761-9C5A-952822B1E9DE}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{B8AB8B21-E2F6-4F76-A348-1EE2AD1E61B4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{FF630342-2F47-412A-A2C5-56B56260A4F8}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{C574D94E-5687-4911-896E-B4F8358CDB11}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{74BE0029-9329-44F5-A111-7CE8FDCEFDB4}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{DC9376A6-1EFE-4662-BC86-EDD5BC264038}C:\users\mazrim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mazrim\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{100F47B4-7E88-4CBF-9691-60874280FA83}C:\users\mazrim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mazrim\appdata\roaming\spotify\spotify.exe
FirewallRules: [{67DB393F-6059-4FF1-AA1E-D78084BA566C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3BEB53AF-4336-4A1E-A2B8-7165B08751B3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{431AB37D-0F60-410B-86A8-A8BB6AF103A2}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{07C4EA12-76AA-4257-B105-ED30196E6983}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{45761ABA-FF1C-4203-AE8F-D7B444FAED6A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{1D4BB83D-BB5E-4A22-A5EC-4399F02C3FC0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{E6026E8A-1ECB-4975-8E38-151154039BAE}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{04F83100-E50E-49E1-B22B-58BADD5240F9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{8D942F4D-E61B-4070-8D61-E992A099AE5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{6FBB2D1D-897C-463F-A1AA-26DE2E2B10C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{CC2C1115-E8E5-477C-8D2E-D1CCB239E97B}] => (Allow) C:\Program Files (x86)\Radiant Worlds\SkySaga Infinite Isles\SkySagaLauncher.exe
FirewallRules: [{893C4B82-C8AA-4B46-AD99-8B057340C738}] => (Allow) C:\Program Files (x86)\Radiant Worlds\SkySaga Infinite Isles\Client\SkySaga.exe
FirewallRules: [{552877C3-9142-45B7-92D8-8B91940C0AC0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6231339F-8A97-4A37-A710-6240A28CCD17}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5B149C74-C88D-4951-9FA0-105D47B6C421}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{453B9786-A9F2-4814-BEDC-62291D6221A0}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{79D2E9A8-B5F5-4C6D-B8D0-953D8D8DDF66}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{9D8CB725-C503-48B9-B011-FE294DCCCD1A}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{48B839F3-BD99-44A8-86E5-C2E27369D3B1}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{0C203B16-05CF-4B60-B94E-7E57FDC738D0}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{BDA3B18A-9C28-4E26-9718-B62A31D65480}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3F832307-2288-4E0E-956F-6E6DA1367E2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A2D7A42C-DDD1-43E2-A50F-342F46841AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1AC36BB7-54F7-471B-9210-25D41D1CB579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{7CA0A0B0-5865-421C-BE24-D7E6041FAB20}G:\mygames\revelation online\game\tianyu.exe] => (Allow) G:\mygames\revelation online\game\tianyu.exe
FirewallRules: [UDP Query User{D975BBE0-58DC-4B65-A859-C9417D366650}G:\mygames\revelation online\game\tianyu.exe] => (Allow) G:\mygames\revelation online\game\tianyu.exe
FirewallRules: [{93206404-BBD4-41F2-9657-7DD8260046D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{102317B4-5646-4CC4-B4CA-3CE2EC58559E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{89304651-5F55-4A66-81F9-5B10830B6375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CBA85AAC-278C-4047-8203-C2DE6F989B62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{716B51F6-B148-4880-97CF-B9B45D0B6848}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{2CEE1501-1D91-49D3-BAB2-C7AE81CABB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{8F59134F-15FD-40D4-B79E-6503106730AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6E409A95-DD79-4F53-B9AD-03A74289A073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F460CE86-8AA8-4CE0-915C-54FE0AADF402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B9DCE1CE-0D24-4BDD-834C-90F9FB784ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35B95995-83FC-4A3D-A13C-8395B424AB5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{DF4D4D04-C0B0-433C-B6B2-39D9BD5A2C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{6511FE89-A431-4204-99BB-4733C572BDD7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe
FirewallRules: [{31FFBB4B-0DA5-4E24-AA44-154A3EC042F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7952365D-D950-4811-B15A-F2193F69A1CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D790E8F6-FC57-40DC-9351-32C802183047}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7E213174-B7FA-49A7-A358-9555ECAAED9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB885CA5-95D0-4CF6-BAD0-BA5E7360DD82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B94B780D-1324-44DF-90A2-244BE1EE49F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2CFD459-8736-4B1E-9D66-CCFE7A4B7A80}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2017 12:30:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/14/2017 03:47:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/13/2017 02:53:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/12/2017 12:30:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/11/2017 05:01:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/10/2017 10:18:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/10/2017 02:36:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.0.2.6291, time stamp: 0x58d41a2d
Faulting module name: mozglue.dll, version: 52.0.2.6291, time stamp: 0x58d41a1f
Exception code: 0x80000003
Fault offset: 0x0000f73b
Faulting process id: 0xf7c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/10/2017 02:36:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 52.0.2.6291 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1240

Start Time: 01d2b1c48c2daae7

Termination Time: 61

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (04/10/2017 02:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.0.2.6291, time stamp: 0x58d41a2d
Faulting module name: mozglue.dll, version: 52.0.2.6291, time stamp: 0x58d41a1f
Exception code: 0x80000003
Fault offset: 0x0000f73b
Faulting process id: 0x1bc8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/10/2017 02:34:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 52.0.2.6291 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b98

Start Time: 01d2b095e2e869da

Termination Time: 93

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:


System errors:
=============
Error: (04/14/2017 04:46:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/14/2017 04:45:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/14/2017 04:45:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/14/2017 04:29:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/14/2017 12:53:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/14/2017 12:52:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/14/2017 12:52:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/14/2017 12:09:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/13/2017 11:51:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/13/2017 11:50:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)


CodeIntegrity:
===================================
Date: 2017-04-14 17:48:39.475
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 17:04:33.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 16:45:12.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 16:28:14.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 10:54:54.547
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 10:36:15.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 01:23:10.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 00:52:45.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 00:39:33.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-14 00:31:23.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 16281.75 MB
Available physical RAM: 13113.45 MB
Total Virtual: 32561.68 MB
Available Virtual: 29265.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447.03 GB) (Free:129.75 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:558.81 GB) (Free:118.77 GB) NTFS
Drive g: () (Fixed) (Total:1862.92 GB) (Free:1289.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 5449E575)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BD0D67B6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: ED4C1BB4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=558.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Mazrim (administrator) on STORM2 (15-04-2017 01:41:34)
Running from C:\Users\Mazrim\Desktop
Loaded Profiles: Mazrim (Available Profiles: Mazrim)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Mazrim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Mazrim\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Mazrim\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-03-02] (Razer Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [13760208 2017-01-27] (Corsair Components, Inc.)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [Spotify Web Helper] => C:\Users\Mazrim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-02-22] (Spotify Ltd)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C5B71E6-CBC2-4545-BCE3-F4BB5D8AE309}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F01BD071-824E-41BF-B832-05F6B2DC588D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)

FireFox:
========
FF ProfilePath: C:\Users\Mazrim\AppData\Roaming\Mozilla\Firefox\Profiles\z024eioi.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2832065358-1053774325-2113242752-1000: @my.com/Games -> C:\Users\Mazrim\AppData\Local\MyComGames\NPMyComDetector.dll [2016-12-24] (MY.COM B.V.)
FF Extension: No Name - C:\Users\Mazrim\AppData\Roaming\Mozilla\Firefox\Profiles\z024eioi.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2016-02-28]
FF Extension: Adblock Plus - C:\Users\Mazrim\AppData\Roaming\Mozilla\Firefox\Profiles\z024eioi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-28]
CHR Extension: (Google Docs) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-28]
CHR Extension: (Google Drive) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-28]
CHR Extension: (YouTube) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-28]
CHR Extension: (Google Search) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-24]
CHR Extension: (Google Sheets) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-28]
CHR Extension: (Avast Online Security) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-28]
CHR Extension: (Gmail) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mazrim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-22]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-06-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-27] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-27] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-03-31] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-27] (NVIDIA Corporation)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-03-20] (Razer Inc.)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [43000 2017-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [27640 2017-01-20] (Corsair)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-14] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-27] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50384 2015-10-26] (Razer Inc)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [47320 2015-10-26] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 01:41 - 2017-04-15 01:41 - 00017294 _____ C:\Users\Mazrim\Desktop\FRST.txt
2017-04-14 00:00 - 2017-04-14 00:00 - 00020674 _____ C:\ComboFix.txt
2017-04-13 23:32 - 2017-04-14 00:01 - 00000000 ____D C:\Qoobox
2017-04-13 23:32 - 2017-04-13 23:58 - 00000000 ____D C:\Windows\erdnt
2017-04-13 23:32 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-13 23:32 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-13 23:32 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-13 23:32 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-13 23:32 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-13 23:32 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-13 23:32 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-13 23:32 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-13 23:26 - 2017-04-13 23:26 - 05659546 ____R (Swearware) C:\Users\Mazrim\Desktop\ComboFix.exe
2017-04-13 16:41 - 2017-04-13 16:41 - 00005824 _____ C:\Users\Mazrim\Desktop\JRT 4-13-17.txt
2017-04-13 16:37 - 2017-04-13 16:37 - 01663672 _____ (Malwarebytes) C:\Users\Mazrim\Desktop\JRT.exe
2017-04-13 16:29 - 2017-04-13 16:32 - 00000000 ____D C:\AdwCleaner
2017-04-13 16:25 - 2017-04-13 16:26 - 04089296 _____ C:\Users\Mazrim\Desktop\AdwCleaner.exe
2017-04-13 16:24 - 2017-04-13 16:24 - 00001106 _____ C:\Users\Mazrim\Desktop\MBAM scan 4-13-17.txt
2017-04-13 16:20 - 2017-04-14 16:45 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-13 16:19 - 2017-04-13 16:19 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-13 16:19 - 2017-04-13 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-13 16:19 - 2017-04-13 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-13 16:19 - 2017-04-13 16:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-13 16:19 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-13 16:18 - 2017-04-13 16:18 - 60107896 _____ (Malwarebytes ) C:\Users\Mazrim\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-13 14:28 - 2017-04-13 16:19 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-13 14:28 - 2017-04-13 14:28 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-13 14:28 - 2017-04-13 14:28 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-13 14:28 - 2017-04-13 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-13 14:28 - 2017-04-13 14:28 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-10 13:25 - 2017-03-31 21:36 - 00136248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-04-10 13:21 - 2017-04-02 12:12 - 00218040 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-04-10 13:21 - 2017-04-02 12:12 - 00046008 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 40201152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 35315256 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 35280320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 16431320 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 14653888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-04-10 13:21 - 2017-03-31 23:20 - 11112928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 10636240 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 09316648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 09014792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 08876272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 03430336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 03012152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 01988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438165.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438165.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 01054776 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00991800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00960448 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00912952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00577544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00507504 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00426312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00406736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-04-10 13:21 - 2017-03-31 23:20 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-04-10 13:21 - 2017-03-31 23:20 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-04-10 13:21 - 2017-03-31 20:41 - 00076840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-04-10 13:15 - 2017-03-21 00:27 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-04-10 13:14 - 2017-03-27 23:32 - 00153536 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-04-10 13:14 - 2017-03-27 23:32 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-04-10 13:14 - 2017-03-27 23:32 - 00047552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-04-05 04:32 - 2017-04-05 04:31 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-26 23:06 - 2017-04-10 13:16 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-26 23:05 - 2017-04-10 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-26 23:05 - 2017-04-10 13:16 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-26 23:05 - 2017-04-10 13:16 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-26 23:05 - 2017-04-10 13:16 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-26 23:05 - 2017-04-10 13:16 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-26 23:05 - 2017-04-10 13:16 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-26 23:05 - 2017-04-10 13:16 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-26 23:05 - 2017-04-10 13:16 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-26 23:05 - 2017-03-27 23:32 - 01882048 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-26 23:05 - 2017-03-27 23:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-26 23:05 - 2017-03-27 23:32 - 01472960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-26 23:05 - 2017-03-27 23:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-26 23:05 - 2017-03-27 23:32 - 00121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-26 23:04 - 2017-03-31 22:09 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-26 23:03 - 2017-03-31 23:20 - 03588376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-03-26 23:03 - 2017-03-16 20:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-26 23:03 - 2017-03-16 20:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-24 16:41 - 2017-03-24 16:41 - 00033653 _____ C:\Users\Mazrim\Desktop\DxDiag_3_24_17.txt
2017-03-20 23:12 - 2017-03-20 23:12 - 00105088 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
2017-03-20 23:12 - 2017-03-20 23:12 - 00048776 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll
2017-03-20 23:11 - 2017-03-20 23:11 - 00114816 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll
2017-03-16 15:53 - 2017-03-16 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-16 15:53 - 2017-03-16 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-16 15:52 - 2017-04-05 04:32 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-16 15:51 - 2017-04-05 04:31 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-16 15:51 - 2017-04-05 04:31 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-16 15:51 - 2017-04-05 04:31 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-16 15:51 - 2017-04-05 04:31 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 01:41 - 2017-02-02 18:56 - 00000000 ____D C:\FRST
2017-04-15 01:41 - 2016-11-18 20:43 - 00000000 ____D C:\Users\Mazrim\AppData\LocalLow\Mozilla
2017-04-15 01:39 - 2016-04-04 18:56 - 00000000 ____D C:\Users\Mazrim\AppData\Roaming\Skype
2017-04-14 17:48 - 2016-03-02 13:05 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-14 16:52 - 2009-07-14 00:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-14 16:52 - 2009-07-14 00:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-14 16:50 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-14 16:47 - 2016-02-27 22:43 - 01789225 _____ C:\Windows\WindowsUpdate.log
2017-04-14 16:45 - 2016-02-28 00:33 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-14 16:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-14 16:45 - 2009-07-14 00:51 - 00053251 _____ C:\Windows\setupact.log
2017-04-14 11:13 - 2016-10-19 09:10 - 00000000 ____D C:\Users\Mazrim\Desktop\Grim Dawn Backup files March 2017
2017-04-14 00:01 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-04-14 00:01 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2017-04-13 23:50 - 2016-02-28 04:01 - 00687054 _____ C:\Windows\PFRO.log
2017-04-13 23:50 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2017-04-12 17:23 - 2016-10-19 08:59 - 00000000 ____D C:\Users\Mazrim\AppData\Local\Deployment
2017-04-12 01:13 - 2017-02-07 20:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 01:13 - 2017-02-07 20:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-11 17:16 - 2016-02-28 03:04 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 17:16 - 2016-02-28 03:04 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 16:45 - 2016-02-28 01:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 16:45 - 2016-02-28 01:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 16:45 - 2016-02-28 01:40 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 16:45 - 2016-02-28 01:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 16:45 - 2016-02-28 01:40 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-10 22:27 - 2016-02-28 03:04 - 00000000 ____D C:\Users\Mazrim\AppData\Local\Google
2017-04-10 14:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-10 13:25 - 2016-03-11 17:42 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-10 13:25 - 2016-02-28 00:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-10 13:22 - 2016-02-28 00:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-10 13:18 - 2016-02-28 00:30 - 00000000 ____D C:\Users\Mazrim\AppData\Local\NVIDIA Corporation
2017-04-10 13:16 - 2016-02-28 00:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-04-10 02:36 - 2016-02-28 03:37 - 00000000 ____D C:\Users\Mazrim\AppData\Local\CrashDumps
2017-04-08 14:17 - 2016-03-22 17:48 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458683308
2017-04-05 04:31 - 2016-03-22 17:48 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-05 04:31 - 2016-02-28 03:03 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-03 21:46 - 2016-02-28 03:04 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-03 21:46 - 2016-02-28 03:04 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-02 12:12 - 2016-02-28 00:32 - 01600560 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-03-31 23:20 - 2017-02-02 19:42 - 28560440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-31 23:20 - 2017-02-02 19:42 - 13398512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-31 23:20 - 2016-10-24 20:10 - 00491208 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-31 23:20 - 2016-03-11 17:41 - 17418608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-31 23:20 - 2016-02-28 00:32 - 20055968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-03-31 23:20 - 2016-02-28 00:32 - 04071816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-03-31 23:20 - 2016-02-28 00:32 - 00042897 _____ C:\Windows\system32\nvinfo.pb
2017-03-31 22:10 - 2016-02-28 00:33 - 06437312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-31 22:10 - 2016-02-28 00:33 - 02481208 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-31 22:10 - 2016-02-28 00:33 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-31 22:10 - 2016-02-28 00:33 - 00549944 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-31 22:10 - 2016-02-28 00:33 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-31 22:10 - 2016-02-28 00:33 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-31 22:10 - 2016-02-28 00:33 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-31 06:15 - 2016-02-28 00:33 - 07851747 _____ C:\Windows\system32\nvcoproc.bin
2017-03-30 21:31 - 2016-11-17 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-30 21:31 - 2016-02-27 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-26 23:06 - 2016-02-28 00:30 - 00000000 ____D C:\Users\Mazrim\AppData\Local\NVIDIA
2017-03-23 20:18 - 2016-02-28 03:03 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-22 00:22 - 2016-07-04 17:59 - 00000000 ____D C:\Users\Mazrim\AppData\Roaming\Kodi
2017-03-20 16:36 - 2016-03-03 22:02 - 00000000 ____D C:\Users\Mazrim\AppData\Local\Warframe
2017-03-17 12:30 - 2016-12-24 11:56 - 00000000 ____D C:\Users\Mazrim\AppData\Local\MyComGames
2017-03-17 12:13 - 2016-02-28 00:30 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-16 15:53 - 2016-04-04 18:56 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-16 15:53 - 2016-04-04 18:56 - 00000000 ____D C:\ProgramData\Skype
2017-03-16 15:51 - 2016-02-28 03:03 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148969392431104
2017-03-16 15:51 - 2016-02-28 03:03 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148969392520006

==================== Files in the root of some directories =======

2016-07-24 23:16 - 2016-07-24 23:16 - 0000864 _____ () C:\Users\Mazrim\AppData\Roaming\.PC3D.cfg
2016-04-17 22:02 - 2016-04-17 22:02 - 0007605 _____ () C:\Users\Mazrim\AppData\Local\Resmon.ResmonCfg
2016-05-18 17:11 - 2016-05-18 17:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-22 17:42 - 2017-01-30 04:56 - 0006292 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 17:42 - 2017-01-14 15:25 - 0005504 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-04-13 02:53

==================== End of FRST.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    969 bytes · Views: 1
Just FYI, I am now getting 9013 and 9010 errors, nothing has changed since my last reply, and I haven't installed anything since either.
 
When browsing or performing tasks (like in MS Office, for example), sometimes everything freezes for about 20 seconds, then my screen flashes, and everything seems normal, but a look in event viewer shows those same errors.

And something else: When I created this thread, my taskbar also would no longer pop up whenever I moused to the bottom of the screen. The problem seemed fixed after all of the things you've had me run, but since the 9010 and 9013 errors began, my taskbar now will no longer come up unless I close my browser, or whatever window I might have up (can be anything really).

One final observation: The problems trying to return to the techspot site and google are back. Thing is, I haven't changed by browsing habits, nor have I been to any "shady" areas of the 'net. I've been to MassivelyOP, Grim Dawn, Square-Enix, my college website and email to communicate with my professors, The Nerdist, and Netflix, and that's it.

Running FRST scan and will post.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Mazrim (2017-04-18 00:47:45) Run:1
Running from C:\Users\Mazrim\Desktop
Loaded Profiles: Mazrim (Available Profiles: Mazrim)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-07-24 23:16 - 2016-07-24 23:16 - 0000864 _____ () C:\Users\Mazrim\AppData\Roaming\.PC3D.cfg
2016-04-17 22:02 - 2016-04-17 22:02 - 0007605 _____ () C:\Users\Mazrim\AppData\Local\Resmon.ResmonCfg
2016-05-18 17:11 - 2016-05-18 17:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-22 17:42 - 2017-01-30 04:56 - 0006292 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 17:42 - 2017-01-14 15:25 - 0005504 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2832065358-1053774325-2113242752-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
BCMH43XX => service removed successfully
catchme => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Users\Mazrim\AppData\Roaming\.PC3D.cfg => moved successfully
C:\Users\Mazrim\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\NvTelemetryContainer.log => moved successfully
C:\ProgramData\NvTelemetryContainer.log_backup1 => moved successfully

==== End of Fixlog 00:47:45 ====
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle

Latest posts

Back