Inactive-A Rundll virus spams my pc ive tried most things.

goddangit · Mar 6, 2017

I recently got a rundll virus that seems to be undetectable by malwarebytes, ccleaner, hitmanpro, roguekiller, and even the autorun exe thing wont find it so I cant delete it. literally nothing will work I jsut keeps popping up on my pc every few seconds and spams me. very annoying I need help removing it please. dropped a png file in this thread so you can see what it looks like. please only help if you know what youre doing.

mailpup · Mar 6, 2017

Moving to Virus and Malware Removal forum.

Broni · Mar 6, 2017

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

goddangit · Mar 6, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Cameron (administrator) on DESKTOP-1CV2C8F (06-03-2017 15:07:27)
Running from C:\Users\Cameron\Downloads
Loaded Profiles: Cameron (Available Profiles: defaultuser0 & Cameron)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Windows\System32\PnkBstrA.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\Cameron\AppData\Local\Discord\app-0.0.297\Discord.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hammer & Chisel, Inc.) C:\Users\Cameron\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Hammer & Chisel, Inc.) C:\Users\Cameron\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\Run: [Discord] => C:\Users\Cameron\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\RunOnce: [Uninstall C:\Users\Cameron\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cameron\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-01-19]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2016-11-24]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d24928bb-d200-4223-bdb9-963699610593}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qjm165ls.default
FF ProfilePath: C:\Users\Cameron\AppData\Roaming\Mozilla\Firefox\Profiles\qjm165ls.default [2017-03-06]
FF HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default [2017-03-06]
CHR Extension: (BetterTTV) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-11-10]
CHR Extension: (Adblock Plus) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-12]
CHR Extension: (Galaxy-View) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbeddldohkakodfncjnkkjfojggbahp [2016-11-10]
CHR Extension: (Popup Blocker Pro) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1494024 2017-02-26] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-03-05] (SurfRight B.V.)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [1102848 2012-03-26] (Atheros Communications, Inc.) [File not signed]
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-09-22] (Rivet Networks)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-03-02] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-03-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2017-03-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-03-04] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307928 2013-11-11] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R3 athur; C:\Windows\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R1 ESEADriver2; C:\Users\Cameron\AppData\Local\Temp\ESEADriver2.sys [330384 2017-02-14] () <==== ATTENTION
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Cameron\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz141; \??\C:\Users\Cameron\AppData\Local\Temp\cpuz141\cpuz141_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 15:06 - 2017-03-06 15:07 - 00045788 _____ C:\Users\Cameron\Downloads\Addition.txt
2017-03-06 15:05 - 2017-03-06 15:07 - 00019621 _____ C:\Users\Cameron\Downloads\FRST.txt
2017-03-06 15:05 - 2017-03-06 15:07 - 00000000 ____D C:\FRST
2017-03-06 15:04 - 2017-03-06 15:04 - 02423808 _____ (Farbar) C:\Users\Cameron\Downloads\FRST64.exe
2017-03-06 12:10 - 2017-03-06 12:11 - 00260336 _____ C:\TDSSKiller.3.1.0.12_06.03.2017_12.10.25_log.txt
2017-03-06 12:09 - 2017-03-06 12:09 - 04656523 _____ C:\Users\Cameron\Downloads\tdsskiller.zip
2017-03-06 12:01 - 2017-03-06 12:01 - 00000000 _____ C:\Windows\cd_127
2017-03-06 11:40 - 2017-03-06 11:42 - 00000000 ___HD C:\$SysReset
2017-03-06 00:42 - 2017-03-06 00:42 - 01305227 _____ C:\Users\Cameron\Downloads\Autoruns.zip
2017-03-06 00:42 - 2017-01-30 10:42 - 00743088 ____N (Sysinternals - www.sysinternals.com) C:\Users\Cameron\Desktop\autorunsc64.exe
2017-03-06 00:42 - 2017-01-30 10:40 - 00844464 ____N (Sysinternals - www.sysinternals.com) C:\Users\Cameron\Desktop\Autoruns64.exe
2017-03-06 00:42 - 2017-01-30 10:38 - 00629928 ____N (Sysinternals - www.sysinternals.com) C:\Users\Cameron\Desktop\autorunsc.exe
2017-03-06 00:42 - 2017-01-30 10:36 - 00716456 ____N (Sysinternals - www.sysinternals.com) C:\Users\Cameron\Desktop\Autoruns.exe
2017-03-06 00:42 - 2017-01-30 10:32 - 00050512 ____N C:\Users\Cameron\Desktop\autoruns.chm
2017-03-06 00:42 - 2016-03-03 21:44 - 00007490 ____N C:\Users\Cameron\Desktop\Eula.txt
2017-03-06 00:29 - 2017-03-06 00:29 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-03-05 23:43 - 2017-03-05 23:43 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-05 23:42 - 2017-03-06 00:41 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-05 23:42 - 2017-03-05 23:42 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-05 23:42 - 2017-03-05 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-05 23:42 - 2017-03-05 23:42 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-05 23:41 - 2017-03-05 23:42 - 34885984 _____ (Adlice Software ) C:\Users\Cameron\Downloads\setup.exe
2017-03-05 23:40 - 2017-03-05 23:40 - 00001958 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-05 23:40 - 2017-03-05 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-03-05 23:40 - 2017-03-05 23:40 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-05 23:39 - 2017-03-06 00:29 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-05 23:39 - 2017-03-05 23:40 - 11581544 _____ (SurfRight B.V.) C:\Users\Cameron\Downloads\HitmanPro_x64 (1).exe
2017-03-05 23:38 - 2017-03-05 23:38 - 11581544 _____ (SurfRight B.V.) C:\Users\Cameron\Downloads\HitmanPro_x64.exe
2017-03-05 22:53 - 2017-03-05 23:24 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\C0BBF5B5-2376-44A1-BBC7-6AAE32EF98CA
2017-03-05 22:53 - 2017-03-05 23:04 - 00000000 __SHD C:\sHnfc6niynsHnfc6niyn
2017-03-05 22:53 - 2017-03-05 22:53 - 00003568 _____ C:\Windows\System32\Tasks\sHnfc6niyn
2017-03-05 22:52 - 2017-03-05 23:40 - 00000000 ____D C:\Users\Cameron\sHnfc6niyn
2017-03-05 22:04 - 2017-03-05 22:04 - 00012877 _____ C:\Users\Cameron\Downloads\[www.OldSchoolHack.me]_Skills.rar
2017-03-05 16:52 - 2017-03-05 16:52 - 14250788 _____ C:\Users\Cameron\Downloads\[www.OldSchoolHack.me]_insurgency material wallhack.zip
2017-03-05 01:33 - 2017-03-05 01:33 - 00298897 _____ C:\Users\Cameron\Downloads\[www.OldSchoolHack.me]_Stream BETA BF4 V0.5.rar
2017-03-04 22:42 - 2017-03-04 22:42 - 00000000 __SHD C:\Users\Cameron\AppData\Roaming\SubFolder
2017-03-04 22:41 - 2017-03-04 22:41 - 00000000 ____D C:\Windows\Injector by .United
2017-03-04 22:26 - 2017-03-05 17:46 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-03-04 22:26 - 2017-03-04 22:29 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-03-04 15:19 - 2017-03-04 15:19 - 00090482 _____ C:\Users\Cameron\Desktop\k.flp
2017-03-04 00:26 - 2017-03-04 00:26 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Steam
2017-03-04 00:25 - 2017-03-04 00:25 - 01996621 _____ C:\Users\Cameron\Downloads\Mafia III.Crack.CODEX.Only.rar
2017-03-04 00:16 - 2017-03-04 01:45 - 00000000 ____D C:\Users\Cameron\AppData\LocalLow\uTorrent
2017-03-04 00:13 - 2017-03-04 00:13 - 00000000 ____D C:\Users\Cameron\AppData\Local\2K Games
2017-03-04 00:10 - 2017-03-04 00:17 - 00001079 _____ C:\Users\Cameron\Desktop\Mafia III.lnk
2017-03-04 00:10 - 2017-03-04 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia III
2017-03-03 23:47 - 2017-03-04 00:27 - 00000000 ____D C:\Program Files (x86)\Mafia III
2017-03-03 15:47 - 2017-03-03 15:47 - 00001369 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-03-03 15:39 - 2017-03-03 20:44 - 00000000 ____D C:\Users\Cameron\Downloads\Mafia.III-CODEX

goddangit · Mar 6, 2017

15:39 - 00105465 _____ C:\Users\Cameron\Downloads\MAFIA III (THE MAZ FAZ).torrent
2017-03-03 15:37 - 2017-03-03 15:37 - 00265482 _____ C:\Users\Cameron\Downloads\[katcr.co]18BE535120D94137F96254A7C05FFE84433C883C (1).torrent
2017-03-03 00:48 - 2017-03-05 01:33 - 00000000 ____D C:\Users\Cameron\Desktop\Multihack
2017-03-03 00:28 - 2017-03-03 00:28 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-03-02 23:36 - 2017-03-05 00:57 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2017-03-02 23:26 - 2017-03-02 23:26 - 00000000 ____D C:\Users\Cameron\AppData\Local\PunkBuster
2017-03-02 23:23 - 2017-03-02 23:23 - 00000000 ____D C:\Users\Cameron\Documents\Battlefield 4
2017-03-02 23:23 - 2017-03-02 23:23 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-03-02 23:21 - 2017-03-02 23:21 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2017-03-02 23:20 - 2017-03-05 15:48 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-03-02 21:38 - 2017-03-02 21:38 - 00664064 _____ (Microsoft) C:\Users\Cameron\Downloads\Bf4Assist_public_v2_[unknowncheats.me]_.exe
2017-03-02 21:35 - 2017-03-02 21:35 - 00015308 _____ C:\Users\Cameron\Downloads\BF4ESP-MPGH_mpgh.net.rar
2017-03-02 21:19 - 2017-03-02 21:20 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-03-02 21:16 - 2017-03-05 22:59 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Origin
2017-03-02 21:15 - 2017-03-02 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-03-02 21:15 - 2017-03-02 21:15 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-02 21:14 - 2017-03-05 12:38 - 00000000 ____D C:\ProgramData\Origin
2017-03-02 21:14 - 2017-03-02 21:19 - 00000000 ____D C:\Users\Cameron\AppData\Local\Origin
2017-03-02 21:14 - 2017-03-02 21:14 - 00000000 ____D C:\Users\Cameron\.QtWebEngineProcess
2017-03-02 21:14 - 2017-03-02 21:14 - 00000000 ____D C:\Users\Cameron\.Origin
2017-03-02 21:13 - 2017-03-02 21:14 - 54970576 _____ (Electronic Arts) C:\Users\Cameron\Downloads\OriginThinSetup.exe
2017-03-02 16:00 - 2017-03-04 22:27 - 00000000 ____D C:\Users\Cameron\Documents\Battlefield 1
2017-03-02 11:39 - 2017-03-02 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-02 11:39 - 2017-03-02 11:39 - 00000000 ____D C:\Games
2017-03-01 23:35 - 2017-03-02 01:02 - 00000000 ____D C:\Users\Cameron\Downloads\Battlefield 1 [FitGirl Repack]
2017-03-01 23:34 - 2017-03-01 23:34 - 00265482 _____ C:\Users\Cameron\Downloads\[katcr.co]18BE535120D94137F96254A7C05FFE84433C883C.torrent
2017-02-28 22:10 - 2017-02-28 22:10 - 00559349 _____ C:\Users\Cameron\Downloads\94a591-GTACOOPRelease (1).zip
2017-02-28 22:09 - 2017-02-28 22:09 - 00918895 _____ C:\Users\Cameron\Downloads\3e0d39-LUA.zip
2017-02-28 22:09 - 2017-02-28 22:09 - 00748517 _____ C:\Users\Cameron\Downloads\ScriptHookVDotNet.zip
2017-02-28 22:07 - 2017-02-28 22:08 - 00559349 _____ C:\Users\Cameron\Downloads\94a591-GTACOOPRelease.zip
2017-02-28 21:19 - 2017-02-28 21:19 - 01286048 _____ C:\Users\Cameron\Downloads\ScriptHookV_1.0.944.2 (1).zip
2017-02-28 21:19 - 2017-02-28 21:19 - 00970368 _____ C:\Users\Cameron\Downloads\165fe3-trainerv.rar
2017-02-28 20:56 - 2017-02-28 20:56 - 00241726 _____ C:\Users\Cameron\Downloads\Bash v2 MENU SC.rar
2017-02-28 20:37 - 2017-02-28 20:37 - 06895018 _____ C:\Users\Cameron\Downloads\87031a-MenyooRelease.rar
2017-02-28 20:37 - 2017-02-28 20:37 - 01286048 _____ C:\Users\Cameron\Downloads\ScriptHookV_1.0.944.2.zip
2017-02-28 20:26 - 2017-02-28 20:26 - 00000000 ____D C:\ProgramData\Socialclub
2017-02-28 19:50 - 2017-02-28 22:39 - 00000000 ____D C:\Program Files (x86)\Grand Theft Auto V
2017-02-28 15:07 - 2017-02-28 17:36 - 00000000 ____D C:\Users\Cameron\Downloads\Grand.Theft.Auto.V-RELOADED
2017-02-28 15:06 - 2017-02-28 15:06 - 00303101 _____ C:\Users\Cameron\Downloads\GTA 5 - Grand Theft Auto V-RELOADED- Sanju Gurung.torrent
2017-02-27 15:48 - 2017-02-28 11:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-27 15:48 - 2017-02-28 11:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-27 15:48 - 2017-02-27 15:48 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-02-27 15:39 - 2017-02-28 11:50 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-02-27 15:39 - 2017-02-28 11:36 - 00000000 ____D C:\ProgramData\McAfee
2017-02-27 15:39 - 2017-02-27 15:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-27 15:39 - 2017-02-27 15:39 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-02-27 15:39 - 2017-02-27 15:39 - 00000000 ____D C:\Users\Cameron\AppData\LocalLow\Adobe
2017-02-27 15:38 - 2017-02-27 15:41 - 00000000 ____D C:\ProgramData\Adobe
2017-02-27 15:38 - 2017-02-27 15:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-27 15:37 - 2017-02-27 15:40 - 00000000 ____D C:\Users\Cameron\AppData\Local\Adobe
2017-02-26 12:46 - 2017-02-26 12:46 - 00000000 ____D C:\Users\Cameron\Documents\MEGAsync Downloads
2017-02-26 12:40 - 2017-02-26 12:40 - 13286592 _____ (MEGA Limited) C:\Users\Cameron\Downloads\MEGAsyncSetup.exe
2017-02-26 12:40 - 2017-02-26 12:40 - 00000000 ____D C:\Users\Cameron\AppData\Local\Mega Limited
2017-02-24 18:03 - 2017-02-24 18:03 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\EasyAntiCheat
2017-02-24 11:49 - 2017-02-24 11:50 - 03182885 _____ C:\Users\Cameron\Downloads\Personal Finance Student Resources.zip
2017-02-21 14:19 - 2017-02-21 14:19 - 00190120 _____ C:\Users\Cameron\Downloads\Weekly Guidance Update_2017_2_21.pdf
2017-02-17 18:36 - 2017-02-17 18:36 - 00000000 ____D C:\Users\Cameron\Downloads\The.Sims.4.City.Living.INTERNAL-RELOADED
2017-02-17 18:35 - 2017-02-17 18:35 - 00095564 _____ C:\Users\Cameron\Downloads\The.Sims.4.City.Living.INTERNAL-RELOADED.torrent
2017-02-17 18:35 - 2017-02-17 18:35 - 00000204 _____ C:\Users\Cameron\Downloads\The Sims 4 City Living INTERNAL-RELOADED Torrent.txt
2017-02-17 11:54 - 2017-02-17 11:54 - 00000000 ____D C:\Users\Cameron\AppData\Local\Sniper3
2017-02-17 11:50 - 2017-02-17 11:50 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2017-02-17 11:50 - 2017-02-17 11:50 - 00001000 _____ C:\Users\Public\Desktop\Sniper Elite 3.lnk
2017-02-17 11:28 - 2017-03-04 13:08 - 00000000 ____D C:\Program Files (x86)\Sniper Elite 3
2017-02-17 01:18 - 2017-02-17 02:04 - 00000000 ____D C:\Users\Cameron\Downloads\Sniper.Elite.3-RELOADED
2017-02-14 19:33 - 2017-02-14 19:33 - 26221144 _____ C:\Users\Cameron\Downloads\ESEAClientInstall.exe
2017-02-14 19:33 - 2017-02-14 19:33 - 00000987 _____ C:\Users\Cameron\Desktop\ESEA Client.lnk
2017-02-14 19:33 - 2017-02-14 19:33 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA
2017-02-14 19:33 - 2017-02-14 19:33 - 00000000 ____D C:\Program Files\ESEA
2017-02-14 01:57 - 2017-02-14 01:57 - 00000000 ____D C:\Users\Cameron\Documents\Custom Office Templates
2017-02-13 22:02 - 2017-02-13 22:02 - 00010668 _____ C:\Users\Cameron\Downloads\nativeplayback (6).collab
2017-02-13 21:41 - 2017-02-13 21:41 - 00001711 _____ C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2017-02-13 21:40 - 2017-02-13 21:40 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Blackboard
2017-02-13 21:40 - 2017-02-13 21:40 - 00000000 ____D C:\Users\Cameron\AppData\Local\Blackboard
2017-02-13 21:39 - 2017-02-13 21:40 - 49298432 _____ C:\Users\Cameron\Downloads\BlackboardCollaborateLauncher-Win(2).msi
2017-02-13 21:35 - 2017-02-13 21:38 - 49298432 _____ C:\Users\Cameron\Downloads\BlackboardCollaborateLauncher-Win(1).msi
2017-02-13 21:32 - 2017-02-13 21:59 - 00000000 ____D C:\Users\Cameron\AppData\LocalLow\Mozilla
2017-02-13 21:31 - 2017-02-13 21:38 - 00000000 ____D C:\Users\Cameron\AppData\Local\Mozilla
2017-02-13 21:31 - 2017-02-13 21:32 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Mozilla
2017-02-13 21:31 - 2017-02-13 21:31 - 00001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-13 21:31 - 2017-02-13 21:31 - 00001212 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-13 21:31 - 2017-02-13 21:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-13 21:31 - 2017-02-13 21:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-13 21:30 - 2017-02-13 21:30 - 00245392 _____ C:\Users\Cameron\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-13 21:29 - 2017-02-13 21:29 - 00010668 _____ C:\Users\Cameron\Downloads\nativeplayback (5).collab
2017-02-13 21:24 - 2017-02-13 21:24 - 00010668 _____ C:\Users\Cameron\Downloads\nativeplayback (4).collab
2017-02-13 21:20 - 2017-02-13 21:22 - 49298432 _____ C:\Users\Cameron\Downloads\BlackboardCollaborateLauncher-Win (2).msi
2017-02-13 21:17 - 2017-02-13 21:19 - 49298432 _____ C:\Users\Cameron\Downloads\BlackboardCollaborateLauncher-Win.msi
2017-02-13 21:17 - 2017-02-13 21:17 - 00010668 _____ C:\Users\Cameron\Downloads\nativeplayback (3).collab
2017-02-13 20:44 - 2017-02-13 20:44 - 00010668 _____ C:\Users\Cameron\Downloads\nativeplayback (2).collab
2017-02-13 20:33 - 2017-02-13 20:33 - 00010668 _____ C:\Users\Cameron\Downloads\nativeplayback (1).collab
2017-02-13 20:05 - 2017-02-13 20:06 - 00000000 ____D C:\Users\Cameron\Desktop\MICRO_ACTIVATe
2017-02-13 19:58 - 2017-02-13 20:00 - 00000000 ____D C:\Users\Cameron\Desktop\SCHOOL ONLY
2017-02-13 19:21 - 2017-02-13 19:21 - 00010668 _____ C:\Users\Cameron\Downloads\nativeplayback.collab
2017-02-13 19:09 - 2017-02-13 19:19 - 49298432 _____ C:\Users\Cameron\Downloads\BlackboardCollaborateLauncher-Win (1).msi
2017-02-13 18:13 - 2017-02-13 18:13 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-13 18:13 - 2017-02-13 18:13 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-13 18:13 - 2017-02-13 18:13 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-13 18:13 - 2017-02-13 18:13 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-13 18:13 - 2017-02-13 18:13 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-13 18:13 - 2017-02-13 18:13 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-13 18:13 - 2017-02-13 18:13 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-13 18:13 - 2017-02-13 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-13 18:09 - 2017-03-03 00:26 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-13 18:09 - 2017-02-13 18:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-10 14:58 - 2017-02-24 18:03 - 00560168 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2017-02-10 14:58 - 2017-02-10 14:58 - 00000000 ____D C:\ProgramData\For Honor
2017-02-10 14:56 - 2017-02-28 11:04 - 00000000 ____D C:\Users\Cameron\AppData\Local\Ubisoft Game Launcher
2017-02-10 14:56 - 2017-02-10 14:56 - 00001270 _____ C:\Users\Cameron\Desktop\Uplay.lnk
2017-02-10 14:56 - 2017-02-10 14:56 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-02-10 14:56 - 2017-02-10 14:56 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-02-08 20:55 - 2017-03-04 13:08 - 00000000 ____D C:\Program Files (x86)\ExtremeInjector
2017-02-07 20:05 - 2017-02-07 20:05 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-07 20:05 - 2017-01-20 06:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-07 20:05 - 2016-12-15 16:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-07 20:05 - 2016-12-15 16:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-07 20:05 - 2016-12-15 16:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-07 20:05 - 2016-12-15 16:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-07 20:02 - 2017-01-23 16:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-07 20:02 - 2017-01-20 08:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-07 20:02 - 2017-01-20 08:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 15:04 - 2016-11-10 08:33 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Skype
2017-03-06 13:08 - 2016-11-10 08:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-06 12:25 - 2016-11-10 07:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-06 12:01 - 2016-11-09 21:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 12:01 - 2016-07-15 22:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-03-06 11:55 - 2016-11-12 11:36 - 00000000 ____D C:\Users\Cameron\AppData\Local\CrashDumps
2017-03-06 11:55 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-03-06 11:53 - 2016-11-17 13:16 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-06 11:21 - 2016-11-09 21:15 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-06 11:11 - 2016-11-09 21:22 - 00000000 ____D C:\Users\Cameron
2017-03-06 11:10 - 2017-01-24 13:45 - 00000000 ____D C:\Users\Cameron\AppData\Local\ElevatedDiagnostics
2017-03-06 09:03 - 2016-11-10 07:36 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{662B9732-DC63-45B2-AC86-3DC80183D0A0}
2017-03-06 00:29 - 2017-02-02 23:05 - 00000000 ____D C:\Users\Cameron\Desktop\Windows_x64_nheqminer-5c
2017-03-05 23:34 - 2016-11-24 23:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-04 23:06 - 2016-11-10 07:43 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\uTorrent
2017-03-04 13:09 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Resources
2017-03-03 12:57 - 2016-11-09 21:22 - 00000000 ____D C:\Users\Cameron\AppData\Local\Packages
2017-03-03 00:28 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-03 00:28 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-02 23:58 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-02 23:21 - 2016-11-09 23:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-02 15:58 - 2016-11-10 08:28 - 00000000 ___HD C:\Windows\msdownld.tmp
2017-03-02 15:58 - 2016-11-10 08:28 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-01 16:41 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 10:31 - 2016-12-24 15:42 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Kodi
2017-02-28 20:19 - 2016-12-09 17:35 - 00000000 ____D C:\Program Files\Rockstar Games
2017-02-28 20:19 - 2016-12-09 17:35 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-02-27 15:43 - 2016-12-12 16:24 - 00003294 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-27 15:43 - 2016-11-09 21:24 - 00002365 _____ C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-27 15:43 - 2016-11-09 21:24 - 00000000 ___RD C:\Users\Cameron\OneDrive
2017-02-27 15:39 - 2016-11-09 21:22 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Adobe
2017-02-26 00:27 - 2016-12-19 22:20 - 00000000 ____D C:\Users\Cameron\AppData\Local\game-debate
2017-02-24 18:03 - 2016-12-25 04:25 - 00000000 ____D C:\Users\Cameron\Documents\My Games
2017-02-23 16:09 - 2016-11-09 21:32 - 00153216 _____ C:\Users\Cameron\Desktop\nice so far.flp
2017-02-23 11:53 - 2016-11-10 09:11 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 11:52 - 2016-11-10 09:11 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 11:26 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-14 19:39 - 2016-11-09 21:32 - 00000501 _____ C:\Users\Cameron\Desktop\asdfadf.txt
2017-02-14 19:36 - 2016-11-09 21:15 - 00380584 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-08 20:42 - 2016-12-19 22:45 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\DMCache
2017-02-07 20:06 - 2016-11-10 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-07 20:06 - 2016-11-10 00:04 - 00000000 ____D C:\temp
2017-02-07 20:06 - 2016-11-09 21:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-07 20:04 - 2016-11-10 07:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-11-11 23:09 - 2009-10-23 23:00 - 5811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
2016-11-17 12:50 - 2016-11-17 12:50 - 0140288 _____ () C:\Users\Cameron\AppData\Roaming\Installer.dat
2017-01-19 20:58 - 2017-01-19 20:58 - 0000000 _____ () C:\Users\Cameron\AppData\Local\Driver_LOM_8161Present.flag
2016-11-17 12:48 - 2016-11-17 12:48 - 0000000 _____ () C:\Users\Cameron\AppData\Local\run.txt
2016-11-17 12:50 - 2016-11-17 12:50 - 0000001 _____ () C:\Users\Cameron\AppData\Local\setupsuccessful.txt
2016-11-17 12:48 - 2016-11-17 12:50 - 0000000 _____ () C:\Users\Cameron\AppData\Local\stxtname.txt

Some files in TEMP:
====================
2017-03-05 23:42 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Cameron\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-26 23:33

==================== End of FRST.txt ============================

goddangit · Mar 6, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Cameron (06-03-2017 15:06:21)
Running from C:\Users\Cameron\Downloads
Windows 10 Pro Version 1607 (X64) (2016-11-10 05:20:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-950105099-82054115-3998001934-500 - Administrator - Disabled)
Cameron (S-1-5-21-950105099-82054115-3998001934-1001 - Administrator - Enabled) => C:\Users\Cameron
DefaultAccount (S-1-5-21-950105099-82054115-3998001934-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-950105099-82054115-3998001934-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-950105099-82054115-3998001934-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Age of Conquest IV (HKLM\...\Steam App 314970) (Version: - Noble Master LLC)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 1 (HKLM-x32\...\Battlefield 1_is1) (Version: - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CEVO CS:GO Client Beta version 2.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 2.0 - )
Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Discord (HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ESEA Client (HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
For Honor Open Beta (HKLM\...\Steam App 572600) (Version: - Ubisoft Montreal)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
GD Hardware Scan (HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H1Z1: Just Survive (HKLM\...\Steam App 295110) (Version: - Daybreak Game Company)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Hook (HKLM\...\Steam App 367580) (Version: - Maciej Targoni)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Insurgency (HKLM\...\Steam App 222880) (Version: - New World Interactive)
Killer Bandwidth Control Filter Driver (Version: 1.1.64.1133 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.64.1133 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.64.1133 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.64.1133 - Rivet Networks)
Kodi (HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\Kodi) (Version: - XBMC-Foundation)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Mafia III (HKLM-x32\...\Mafia III_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-950105099-82054115-3998001934-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mortal Kombat X (HKLM\...\Steam App 307780) (Version: - NetherRealm Studios)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.18 - MSI)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 2.2.0.1 - NETGEAR)
No Man's Sky (HKLM\...\Steam App 275850) (Version: - Hello Games)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress Classic (HKLM\...\Steam App 20) (Version: - Valve)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version: - Firaxis Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2761752B-8D46-4E27-8BFC-61A047520A15} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {29F1B000-30E1-4DF3-86EA-2F83B2453F31} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {37E2BAE9-195D-4444-ADBF-C772407F19AA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {3A5113C8-047B-4DDE-B855-2BCAAB784919} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-10] (Google Inc.)
Task: {457D2642-113F-45C7-A0D9-56030064B0AB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {5E257F7D-9801-4DC8-8AC6-4C825CED1F34} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {62D7829E-FBF7-43E6-AD47-32C3DB5862E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {7F4A5906-EC34-440C-BC5E-1A641A3D27D9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {9323BD3C-A366-46DC-9F77-C5BB5657EC0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {93E3D265-B83F-4B08-8DA6-46DBB2D9228D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-10] (Google Inc.)
Task: {A6FB83AB-44D5-4974-90EC-10674B739352} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {A868CCA8-36A2-4DD1-8D7E-D12159B2E7F1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {AE355E22-5288-4D2E-9723-56334D3824CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {E54C9222-2DAE-4F4B-BD88-D2B6F915A2E8} - System32\Tasks\sHnfc6niyn => C:\sHnfc6niynsHnfc6niyn\sHnfc6niyn.vbs [2017-03-05] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-13 20:33 - 2016-12-09 02:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-10 08:10 - 2017-01-20 10:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-10 08:10 - 2017-01-20 10:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-02 23:36 - 2017-03-05 00:57 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-11-10 06:52 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2016-11-10 07:00 - 2017-01-20 07:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 20:33 - 2016-12-09 02:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-11-10 10:35 - 2016-09-06 20:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 08:04 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 06:52 - 2014-01-02 13:13 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2017-02-02 13:23 - 2017-02-01 01:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 13:23 - 2017-02-01 01:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-22 08:59 - 2017-02-22 09:00 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 08:59 - 2017-02-22 09:00 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 08:59 - 2017-02-22 09:00 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 07:58 - 2017-02-06 07:58 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-14 12:24 - 2017-02-14 12:24 - 31178840 _____ () C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll
2017-01-11 08:03 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 08:03 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 08:03 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 08:03 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 08:03 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 08:03 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-02 21:15 - 2017-03-02 21:15 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-11-10 06:52 - 2013-10-15 09:29 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2016-11-10 08:10 - 2017-01-20 10:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-10 08:10 - 2017-01-20 10:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-10 08:10 - 2017-01-20 10:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-10 08:10 - 2017-01-20 10:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-11 20:24 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Cameron\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 20:25 - 2017-01-11 20:25 - 01082880 _____ () \\?\C:\Users\Cameron\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 20:25 - 2017-01-11 20:25 - 03750400 _____ () \\?\C:\Users\Cameron\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 20:25 - 2017-01-11 20:25 - 00914432 _____ () \\?\C:\Users\Cameron\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 20:25 - 2017-01-11 20:25 - 01127424 _____ () \\?\C:\Users\Cameron\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-11-10 06:52 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2017-01-11 20:24 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Cameron\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 20:24 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Cameron\AppData\Local\Discord\app-0.0.297\libegl.dll
2016-11-10 08:10 - 2017-01-20 05:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-10 08:10 - 2017-01-20 05:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-10 08:10 - 2017-01-20 05:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-10 08:10 - 2017-01-20 05:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-10 08:10 - 2017-01-20 05:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-10 08:10 - 2017-01-20 05:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-11-10 08:10 - 2017-01-20 05:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-21 14:58 - 2017-01-20 05:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-03-06 12:03 - 2017-03-06 12:03 - 00148992 _____ () \\?\C:\Users\Cameron\AppData\Local\Temp\4ACA.tmp.node
2017-01-11 20:25 - 2017-01-11 20:25 - 02658304 _____ () \\?\C:\Users\Cameron\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 20:25 - 2017-01-11 20:25 - 02130432 _____ () \\?\C:\Users\Cameron\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 03:47 - 2017-02-28 11:42 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-950105099-82054115-3998001934-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cameron\Downloads\wallup-137636.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: lfsvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3B5B989C-9D58-45D6-A70F-AC21109211C4}] => (Allow) C:\Users\Cameron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6ED0A5A5-CE78-41F7-8FE6-E3A419CFD89E}] => (Allow) C:\Users\Cameron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11F7D5EA-FF01-40E3-A308-BB87146EB84E}] => (Allow) C:\Users\Cameron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B43EE3DA-E37C-4C4B-8840-22FFC0EECB40}] => (Allow) C:\Users\Cameron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{618DCA79-9161-4DCA-9E84-DDB303E8AB38}] => (Allow) C:\Users\Cameron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C234D259-706C-4532-8F3F-DF3D39065B52}] => (Allow) C:\Users\Cameron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{231CDCAF-5BC8-4495-ABB5-63F2D8DFE7E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{289E427A-6F47-46D9-B632-DE6F7FF2B55E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{BBBBA87D-B87E-484E-B2A2-0DA2E4A7F52A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E54815BE-68B9-4285-B915-8EE2F294BBD2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{C370AFD5-B7FA-40FE-9B4A-9E003DAF1A69}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E5531615-3132-485A-9D5E-A8642CA55894}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{8AEB8FF6-154F-4FE5-A610-851D36A39823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{A3F427E6-2701-44F6-84D7-F83F8237A10D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Conquest IV\app_main.exe
FirewallRules: [{AB5434C6-D555-4AE1-BBFB-31BEE9C17E1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Conquest IV\app_main.exe
FirewallRules: [{F68212F2-3698-403E-A582-E271A3BFA42B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{0349C063-0666-40AA-8EAE-3376B0FC6FB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [TCP Query User{32DBB5E8-640C-4997-8EAA-CC61F7B6DDF1}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{0B9E3989-B0EA-4A38-810C-90A331D32F8F}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{F5447631-0914-44E9-AD3A-CD2BEE2F976E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7301C2F6-BDBF-465B-A5E8-1A9028094507}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5AED8DEF-9F0F-4E50-9B58-A5D7A4F85AEF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F7C5E81E-570A-4553-8CC1-15D78EAD8878}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8F55EFA2-7C7B-46D0-8957-6322981D25B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{52D76C42-5CCC-4C75-BA93-73534ECFD1CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{82CEF843-200B-4BBE-8CAA-352544F6BF23}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{96D5C0CC-F899-4574-9D09-5DEDE3762A20}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{6A9EC19C-C8EC-49F3-A01D-CC5B8FE44B2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{95F0D4F0-3C97-4E11-8C84-DF9CF67FCF86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{CD8D436C-9DD1-4E2E-BAF0-5770EE815222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{3B6F07E2-4CFC-4E7C-B86B-601689FD2DAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{AB146834-D16E-4949-8E0A-74AE31E0073D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{61B379DA-7746-4EF0-A261-E7F554AE8C66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{0C58D96D-CF3B-4F0D-BB6A-EC9226B2FFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{37EE391A-5493-47B3-9C30-2071ABE94B25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{E58F866C-8986-463A-9E2F-9278AD515E2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8E4CA727-D999-47D5-85ED-53CBD5051970}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A0B7F6BA-D614-46DA-9810-F761B6E30AD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E61D9264-4758-40BD-82B5-3CF30D769B34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3D91280F-9C8C-4175-9FBA-B4CBE33C9DBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{283E07DC-D1A1-4D4F-B644-C5AE3D98010E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{16AEB2B6-BDB8-47C0-A12C-1935E1EAEE8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe

goddangit · Mar 6, 2017

6)\Google\Chrome\Application\chrome.exe
FirewallRules: [{38A691F0-1F00-4617-99CD-2CE383F4561D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D5F9E5D0-1BFE-4787-A664-354BB2C4D3C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{57B168EF-BB7D-4638-B6F9-2DDBC16034DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{DF1510D1-746B-4614-A82A-ADCF5C1A3160}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{EB295D49-648D-4DAE-B1FA-95C68468F7E2}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{E6DA3506-86DD-4DBD-8E47-D6D0FC58B423}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{9C57436F-80FB-4CF3-80C2-A09E3C5E508A}] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{40F1DA4D-A012-4FBE-8446-4E8C6DF5DEB7}] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{B8634891-FD77-415C-9EE9-8E7454868465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\For Honor Open Beta\forhonor.exe
FirewallRules: [{E52D7254-52F2-43CA-89A4-B53FB8D68C03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\For Honor Open Beta\forhonor.exe
FirewallRules: [{285F7537-3F6F-4E14-8320-5B8201D96E6C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A4C696DA-509D-4068-BA1A-E939B6BE71D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{911B31AC-9419-4386-A7B8-7A2356D60E9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1660FD14-EF8E-4B69-9C71-67F965494B97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe
FirewallRules: [{73F12441-A213-404E-B0D4-4639953EC093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe
FirewallRules: [{A10B57FC-FF28-4371-802B-2C4F18F2C7E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{E56327C8-82B9-466F-B305-00577CC11899}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [TCP Query User{B855774B-C261-4EDD-ACE8-1104247B01D1}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{9C7D5372-A6FF-473A-B92B-44A02F3501E6}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{E0359471-4F1F-41F0-A42E-FC9235752781}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{FA8D82C4-F5E4-46BE-814A-2F6CED97D901}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{75288656-193D-458D-BF8B-07E3F92FDF91}C:\games\battlefield 1\bf1.exe] => (Allow) C:\games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{17BA3991-4AC3-4502-A6FC-624EE0130712}C:\games\battlefield 1\bf1.exe] => (Allow) C:\games\battlefield 1\bf1.exe
FirewallRules: [{1886E188-E4DE-4E27-9E19-6B9A8E7ED52F}] => (Block) C:\games\battlefield 1\bf1.exe
FirewallRules: [{1D1EA277-2D0B-4ECE-A659-EB1AF30B58C4}] => (Block) C:\games\battlefield 1\bf1.exe
FirewallRules: [TCP Query User{CFA433B9-9F9E-4C87-9C1A-8CD6C4E85224}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{D0ADA81F-D0DA-4AB2-BDDA-A3EDFB64C06F}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{2D550F1E-C5B8-42A5-8720-66358B11C2C8}] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{F5272296-F56F-45A6-A1AD-28497C3BC331}] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{4E868B7E-CA73-44CD-A931-4C0B70089F06}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E1EFE15E-3421-42CD-8368-43E452670657}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{96280D4F-7221-4D09-824B-0AC37E4C7886}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E9989C33-A1A7-493B-9848-702DA369A0FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{99BF900E-A10D-44DB-832A-3B3D9046E9B0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{9BD99948-C2CB-46A1-87E2-E1A6ABF2AB7C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{26115326-9333-462E-9210-AF2E5D3CD972}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{D0745BB9-B0DF-4F99-B26A-9F9FD721C738}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{A4DDB56A-04B9-4C2C-B12C-CD2AAA9CE65D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{4CAA75AA-682A-4FFE-8C07-0D4415E1EF3F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2017 12:04:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/06/2017 12:04:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/06/2017 11:54:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1CV2C8F)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/06/2017 11:38:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1CV2C8F)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/06/2017 11:37:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1CV2C8F)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/06/2017 11:36:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/06/2017 11:31:50 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/06/2017 11:31:12 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/06/2017 11:27:37 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/06/2017 11:27:37 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

System errors:
=============
Error: (03/06/2017 12:00:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/06/2017 12:00:34 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1CV2C8F)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/06/2017 11:59:44 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1CV2C8F)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (03/06/2017 11:59:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/06/2017 11:59:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/06/2017 11:59:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/06/2017 11:59:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1CV2C8F)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/06/2017 11:59:17 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1CV2C8F)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (03/06/2017 11:59:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/06/2017 11:59:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================
Date: 2017-03-05 23:43:00.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-05 17:13:25.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-05 01:43:38.255
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-02 23:58:37.481
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-02 17:14:14.733
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-01 21:48:13.262
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-27 12:14:18.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-20 13:04:52.242
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-20 13:04:30.385
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-18 23:16:16.437
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: AMD Athlon(tm) X4 860K Quad Core Processor
Percentage of memory in use: 36%
Total physical RAM: 8131.25 MB
Available physical RAM: 5196.08 MB
Total Virtual: 9411.25 MB
Available Virtual: 6137.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:334.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9631622C)

Partition: GPT.

==================== End of Addition.txt ============================

goddangit · Mar 6, 2017

Ok ive posted my files had to split them up because they were too big to paste all at once. I posted all of them in the reply section of the new thread I made.

Broni · Mar 6, 2017

Please do NOT create multiple topics.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

goddangit · Mar 6, 2017

Ive already used those programs...it says that in my first post.. They didnt detect anything. I need your help removing the rundll error virus please.

Broni · Mar 6, 2017

I need you to follow my instructions.
Do not run anything what I'm not asking to run.
Post all required logs.

goddangit · Mar 6, 2017

I can assure you that since they all showed 0 items detected that you will not be able to get anything helpful from those logs. If you need to get all your help from programs then maybe im in the wrong spot and need to talk to actual professionals.

Broni · Mar 6, 2017

Please do so.
I'll not be wasting my time on idle discussions.
Topic closed.

Inactive-A Rundll virus spams my pc ive tried most things.

goddangit

Posts: 14 +0

Attachments

mailpup

Posts: 7,855 +919

Broni

Posts: 56,041 +516

goddangit

Posts: 14 +0

goddangit

Posts: 14 +0

goddangit

Posts: 14 +0

goddangit

Posts: 14 +0

goddangit

Posts: 14 +0

Broni

Posts: 56,041 +516

goddangit

Posts: 14 +0

Broni

Posts: 56,041 +516

goddangit

Posts: 14 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts