Malware / Adware affecting Google Chrome, cant be deleted

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Malware / Adware affecting Google Chrome, cant be deleted

Postby kintsuchi » Sat May 27, 2017 5:26 pm

please help my start and my starting effect my google chrome

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by elite (administrator) on DESKTOP-473IJUE (28-05-2017 01:21:09)
Running from D:\download\Programs
Loaded Profiles: elite (Available Profiles: elite)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.23\aaHMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\McCSPServiceHost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\5.0.154.1\mcupdatemgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2017-04-21] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [555832 2014-03-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-03-02] (Razer Inc.)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600096 2017-02-14] (Razer Inc)
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\Run: [Discord] => C:\Users\elite\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-05-17] (Tonec Inc.)
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-20] (Piriform Ltd)
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{b79bfb90-06a5-4e61-83d5-3b3dcdb54a40}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{f7ad69c6-8062-408c-b682-073c34a901af}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2141949100-3600031293-2034327126-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-11] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: i524uw13.default
FF ProfilePath: C:\Users\elite\AppData\Roaming\Mozilla\Firefox\Profiles\i524uw13.default [2017-05-28]
FF user.js: detected! => C:\Users\elite\AppData\Roaming\Mozilla\Firefox\Profiles\i524uw13.default\user.js [2017-04-06]
FF NewTab: Mozilla\Firefox\Profiles\i524uw13.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\i524uw13.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\i524uw13.default -> user_pref("keyword.URL", true);
FF Extension: (uBlock Origin) - C:\Users\elite\AppData\Roaming\Mozilla\Firefox\Profiles\i524uw13.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-18]
FF Extension: (Adblock Plus) - C:\Users\elite\AppData\Roaming\Mozilla\Firefox\Profiles\i524uw13.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-28]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-05-17]
FF HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\elite\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\elite\AppData\Roaming\IDM\idmmzcc5 [2017-05-21] [not signed]
FF HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-25] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://www.mystarting123.com/search/ind ... qae3mdq&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystarting123
CHR Profile: C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default [2017-05-28]
CHR Extension: (Google Slides) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-28]
CHR Extension: (Google Docs) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-28]
CHR Extension: (Google Drive) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-28]
CHR Extension: (YouTube) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-28]
CHR Extension: (Google Sheets) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-28]
CHR Extension: (Google Docs Offline) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-28]
CHR Extension: (Gmail) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\elite\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2017-04-21] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.23\aaHMSvc.exe [963536 2017-04-21] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2017-04-21] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-25] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S2 gupdate1d2d541f1b23a79; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-25] (Google Inc.)
S3 gupdatem1d2d541f1b23a79; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-25] (Google Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [1001520 2017-04-18] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\\McCSPServiceHost.exe [2115584 2017-04-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241664 2017-03-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384504 2017-03-17] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343544 2017-03-17] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1582560 2017-04-27] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154864 2017-05-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3124088 2017-05-22] (Electronic Arts)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [70792 2017-03-29] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110088 2017-03-31] (Advanced Micro Devices)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [401896 2017-05-28] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [87568 2017-04-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [485904 2017-04-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [363024 2017-04-18] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85048 2017-04-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [514576 2017-04-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [917008 2017-04-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [109072 2017-04-18] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252432 2017-04-18] (McAfee, Inc.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-05-28] (Greatis Software)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
R3 sshid; C:\Windows\System32\drivers\sshid.sys [45928 2017-01-11] (SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
S1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-28] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-10] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 01:21 - 2017-05-28 01:21 - 00004222 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-05-28 01:08 - 2017-05-28 01:08 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-05-28 01:06 - 2017-05-28 01:06 - 00000000 ____D C:\@RestoreQuarantine
2017-05-28 01:04 - 2017-05-28 01:21 - 00000000 ____D C:\FRST
2017-05-28 01:04 - 2017-05-28 01:11 - 00000626 _____ C:\Windows\SysWOW64\Partizan.RRI
2017-05-28 01:01 - 2017-05-28 01:15 - 00000000 ____D C:\ProgramData\RegRun
2017-05-28 01:00 - 2017-05-28 01:16 - 00000000 ____D C:\Users\elite\Documents\RegRun2
2017-05-28 01:00 - 2017-05-28 01:15 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2017-05-28 01:00 - 2017-05-28 01:03 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-05-28 01:00 - 2017-05-28 01:00 - 00003420 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2017-05-28 01:00 - 2017-05-28 01:00 - 00001080 _____ C:\Users\elite\Desktop\UnHackMe.lnk
2017-05-28 01:00 - 2017-05-28 01:00 - 00000002 RSHOT C:\Windows\winstart.bat
2017-05-28 01:00 - 2017-05-28 01:00 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-05-28 01:00 - 2017-05-28 01:00 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-05-28 01:00 - 2017-05-28 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-05-28 01:00 - 2017-05-25 12:16 - 00014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-05-28 01:00 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2017-05-28 00:59 - 2017-05-28 00:59 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-05-28 00:52 - 2017-05-28 00:52 - 00000085 _____ C:\Windows\wininit.ini
2017-05-28 00:33 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-28 00:29 - 2017-05-28 00:29 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-28 00:29 - 2017-05-28 00:29 - 00000000 ____D C:\Program Files\MSBuild
2017-05-28 00:29 - 2017-05-28 00:29 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-28 00:29 - 2017-05-28 00:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-28 00:28 - 2017-02-10 11:26 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-05-28 00:28 - 2017-02-10 11:26 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-28 00:28 - 2017-02-10 11:26 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-05-28 00:28 - 2017-02-10 11:21 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-05-28 00:28 - 2017-02-10 11:21 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-28 00:28 - 2017-02-10 11:21 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-05-28 00:18 - 2017-05-28 01:04 - 00000000 ____D C:\Users\elite\AppData\Local\terana
2017-05-28 00:18 - 2017-05-28 00:18 - 00000000 ____D C:\Pipisy
2017-05-25 18:30 - 2017-05-25 18:31 - 00000000 ____D C:\Program Files (x86)\GUM79C6.tmp
2017-05-25 18:30 - 2017-05-25 18:30 - 00003446 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d2d541f1b6ff2c
2017-05-25 18:30 - 2017-05-25 18:30 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-25 18:30 - 2017-05-25 18:30 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-25 18:17 - 2017-05-25 18:21 - 00566598 _____ C:\TDSSKiller.3.1.0.15_25.05.2017_18.17.31_log.txt
2017-05-25 18:11 - 2017-05-25 18:11 - 00127482 _____ C:\Users\elite\Documents\cc_20170525_181132.reg
2017-05-25 18:11 - 2017-05-25 18:11 - 00011610 _____ C:\Users\elite\Documents\cc_20170525_181153.reg
2017-05-25 18:10 - 2017-05-25 18:30 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-25 18:10 - 2017-05-25 18:10 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-05-25 18:10 - 2017-05-25 18:10 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-25 18:10 - 2017-05-25 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-25 18:10 - 2017-05-25 18:10 - 00000000 ____D C:\Program Files\CCleaner
2017-05-25 18:04 - 2017-05-25 18:04 - 00000000 ____D C:\Users\elite\Documents\ProcAlyzer Dumps
2017-05-25 17:59 - 2017-05-28 01:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-25 17:59 - 2017-05-28 00:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-25 17:59 - 2017-05-25 17:59 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-25 17:55 - 2017-05-28 00:57 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-05-25 17:53 - 2017-05-25 17:53 - 00000000 ____D C:\Cosusp
2017-05-21 20:08 - 2017-05-28 00:59 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-05-21 20:03 - 2017-05-21 20:08 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-21 19:59 - 2017-05-21 19:59 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\163F5E78.sys
2017-05-21 19:54 - 2017-05-28 00:50 - 00000000 ____D C:\AdwCleaner
2017-05-21 19:42 - 2017-05-28 01:21 - 00031202 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-21 12:44 - 2017-05-28 01:08 - 00000000 ____D C:\Users\elite\AppData\Roaming\IDM
2017-05-21 12:44 - 2017-05-21 12:44 - 01130328 _____ (Google Inc.) C:\Users\elite\Downloads\ChromeSetup.exe
2017-05-21 12:44 - 2017-05-21 12:44 - 00001082 _____ C:\Users\elite\Desktop\Internet Download Manager.lnk
2017-05-21 12:41 - 2017-05-21 12:41 - 00076673 _____ C:\Users\elite\Downloads\[www.gigapurbalingga.com]_pidm28b10.rar
2017-05-21 12:35 - 2017-05-21 12:43 - 07166576 _____ (Tonec Inc.) C:\Users\elite\Downloads\idman628build10(1).exe
2017-05-21 09:26 - 2017-05-28 01:21 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-05-21 09:13 - 2017-05-25 18:11 - 00000000 ____D C:\Windows\Minidump
2017-05-18 00:55 - 2017-05-25 17:56 - 00000000 ____D C:\Users\elite\AppData\Local\Mozilla
2017-05-18 00:54 - 2017-05-19 23:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-18 00:54 - 2017-05-18 00:54 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-18 00:54 - 2017-05-18 00:54 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-17 22:05 - 2017-05-17 22:05 - 00003160 _____ C:\Windows\System32\Tasks\StartCN
2017-05-17 22:05 - 2017-05-17 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-05-17 22:05 - 2017-05-17 22:05 - 00000000 ____D C:\Program Files (x86)\AMD
2017-05-17 21:13 - 2016-10-17 23:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-05-16 18:06 - 2017-05-16 18:06 - 01040768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2017-05-16 18:06 - 2017-05-16 18:06 - 00121208 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-05-16 18:06 - 2017-05-16 18:06 - 00112000 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-05-12 18:01 - 2017-05-12 19:01 - 00003446 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-05-10 21:50 - 2017-05-10 21:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-10 21:45 - 2017-05-10 21:49 - 60107896 _____ (Malwarebytes ) C:\Users\elite\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-10 21:44 - 2017-05-28 01:20 - 00061335 _____ C:\Windows\ZAM.krnl.trace
2017-05-10 21:44 - 2017-05-28 01:19 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-10 21:44 - 2017-05-10 21:44 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-05-10 21:44 - 2017-05-10 21:44 - 00000000 ____D C:\Users\elite\AppData\Local\Zemana
2017-05-10 21:38 - 2017-05-25 18:30 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-10 21:38 - 2017-05-10 21:38 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-10 21:30 - 2017-05-24 17:57 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-10 21:25 - 2017-05-10 21:25 - 00000000 ____D C:\Users\elite\AppData\Roaming\surrogate
2017-05-10 13:26 - 2017-05-10 13:26 - 00000000 ____D C:\Users\elite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2017-05-10 13:26 - 2017-05-10 13:26 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2017-05-10 03:41 - 2017-04-28 09:38 - 01411128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-05-10 03:41 - 2017-04-28 09:19 - 01839872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 03:41 - 2017-04-28 09:19 - 00605936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 03:41 - 2017-04-28 09:18 - 02259760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2017-05-10 03:41 - 2017-04-28 09:16 - 00599576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 03:41 - 2017-04-28 09:12 - 01604312 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-05-10 03:41 - 2017-04-28 09:12 - 00543640 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-05-10 03:41 - 2017-04-28 09:11 - 02158544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 03:41 - 2017-04-28 09:09 - 01557288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 03:41 - 2017-04-28 09:08 - 08320920 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 03:41 - 2017-04-28 09:08 - 02399728 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 03:41 - 2017-04-28 09:08 - 02330520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 03:41 - 2017-04-28 09:08 - 00775824 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 03:41 - 2017-04-28 09:07 - 06759512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 03:41 - 2017-04-28 09:07 - 00988168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 03:41 - 2017-04-28 09:06 - 02969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2017-05-10 03:41 - 2017-04-28 09:06 - 00708712 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 03:41 - 2017-04-28 09:05 - 00923040 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-05-10 03:41 - 2017-04-28 09:04 - 00583160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-05-10 03:41 - 2017-04-28 09:03 - 00667040 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-05-10 03:41 - 2017-04-28 09:00 - 02444192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 03:41 - 2017-04-28 08:59 - 05477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2017-05-10 03:41 - 2017-04-28 08:59 - 02635336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 03:41 - 2017-04-28 08:59 - 00388000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-05-10 03:41 - 2017-04-28 08:59 - 00207264 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-05-10 03:41 - 2017-04-28 08:59 - 00027040 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2017-05-10 03:41 - 2017-04-28 08:58 - 01852776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 03:41 - 2017-04-28 08:58 - 00872472 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2017-05-10 03:41 - 2017-04-28 08:57 - 03116184 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 03:41 - 2017-04-28 08:56 - 07904784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 03:41 - 2017-04-28 08:55 - 21353200 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-05-10 03:41 - 2017-04-28 08:55 - 01325456 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 03:41 - 2017-04-28 08:53 - 00387928 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2017-05-10 03:41 - 2017-04-28 08:52 - 02957824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-05-10 03:41 - 2017-04-28 08:52 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2017-05-10 03:41 - 2017-04-28 08:52 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-05-10 03:41 - 2017-04-28 08:51 - 20505600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-05-10 03:41 - 2017-04-28 08:49 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 03:41 - 2017-04-28 08:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2017-05-10 03:41 - 2017-04-28 08:46 - 19335168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 03:41 - 2017-04-28 08:46 - 00329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2017-05-10 03:41 - 2017-04-28 08:46 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 03:41 - 2017-04-28 08:45 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 03:41 - 2017-04-28 08:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 03:41 - 2017-04-28 08:44 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 03:41 - 2017-04-28 08:42 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-05-10 03:41 - 2017-04-28 08:42 - 00663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 03:41 - 2017-04-28 08:42 - 00636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-05-10 03:41 - 2017-04-28 08:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 03:41 - 2017-04-28 08:41 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 03:41 - 2017-04-28 08:40 - 11870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 03:41 - 2017-04-28 08:40 - 06292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-05-10 03:41 - 2017-04-28 08:40 - 02008576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 03:41 - 2017-04-28 08:40 - 00799232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2017-05-10 03:41 - 2017-04-28 08:40 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-05-10 03:41 - 2017-04-28 08:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2017-05-10 03:41 - 2017-04-28 08:39 - 05225984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-05-10 03:41 - 2017-04-28 08:39 - 03655680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 03:41 - 2017-04-28 08:39 - 02859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 03:41 - 2017-04-28 08:38 - 03667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-05-10 03:41 - 2017-04-28 08:38 - 01019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-05-10 03:41 - 2017-04-28 08:37 - 04559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2017-05-10 03:41 - 2017-04-28 08:37 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 03:41 - 2017-04-28 08:34 - 00891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2017-05-10 03:41 - 2017-04-28 08:33 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-05-10 03:41 - 2017-04-28 08:26 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-05-10 03:41 - 2017-04-28 08:15 - 03672064 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-05-10 03:41 - 2017-04-28 08:15 - 01051648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2017-05-10 03:41 - 2017-04-28 08:14 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2017-05-10 03:41 - 2017-04-28 08:11 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 03:41 - 2017-04-28 08:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-05-10 03:41 - 2017-04-28 08:11 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2017-05-10 03:41 - 2017-04-28 08:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 03:41 - 2017-04-28 08:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 03:41 - 2017-04-28 08:08 - 00457728 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2017-05-10 03:41 - 2017-04-28 08:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2017-05-10 03:41 - 2017-04-28 08:08 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 03:41 - 2017-04-28 08:07 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 03:41 - 2017-04-28 08:06 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-05-10 03:41 - 2017-04-28 08:06 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-05-10 03:41 - 2017-04-28 08:06 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 03:41 - 2017-04-28 08:06 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 03:41 - 2017-04-28 08:05 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-05-10 03:41 - 2017-04-28 08:05 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 03:41 - 2017-04-28 08:04 - 23681024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 03:41 - 2017-04-28 08:04 - 01878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-05-10 03:41 - 2017-04-28 08:04 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2017-05-10 03:41 - 2017-04-28 08:04 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-05-10 03:41 - 2017-04-28 08:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 03:41 - 2017-04-28 08:03 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2017-05-10 03:41 - 2017-04-28 08:03 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2017-05-10 03:41 - 2017-04-28 08:03 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 03:41 - 2017-04-28 08:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2017-05-10 03:41 - 2017-04-28 08:02 - 01260544 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2017-05-10 03:41 - 2017-04-28 08:01 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 03:41 - 2017-04-28 08:01 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 03:41 - 2017-04-28 08:00 - 08244736 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-05-10 03:41 - 2017-04-28 07:59 - 04396032 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-05-10 03:41 - 2017-04-28 07:59 - 03307008 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 03:41 - 2017-04-28 07:59 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-05-10 03:41 - 2017-04-28 07:59 - 01293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-05-10 03:41 - 2017-04-28 07:59 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-05-10 03:41 - 2017-04-28 07:58 - 12787200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 03:41 - 2017-04-28 07:58 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2017-05-10 03:41 - 2017-04-28 07:57 - 05557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-05-10 03:41 - 2017-04-28 07:57 - 04730368 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 03:41 - 2017-04-28 07:57 - 02800128 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-05-10 03:41 - 2017-04-28 07:57 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 03:41 - 2017-04-28 07:54 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-05-10 03:41 - 2017-04-28 07:54 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2017-05-10 03:41 - 2017-04-28 07:54 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 03:41 - 2017-04-28 07:54 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 03:41 - 2017-04-28 07:52 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.ps.dll
2017-05-10 03:36 - 2017-05-28 01:19 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-10 03:36 - 2017-05-10 09:01 - 00000000 __SHD C:\Users\elite\IntelGraphicsProfiles
2017-05-10 03:36 - 2017-05-10 03:36 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-05-10 03:36 - 2017-05-10 03:36 - 00000000 ____D C:\Intel
2017-05-10 03:36 - 2017-05-10 03:36 - 00000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2017-05-07 18:31 - 2017-05-07 18:32 - 00000000 ____D C:\Users\elite\Documents\Battlefield 1
2017-05-06 21:35 - 2017-05-06 21:36 - 00000000 ____D C:\Users\elite\AppData\Local\canodidet
2017-05-06 21:35 - 2017-05-06 21:36 - 00000000 ____D C:\Users\elite\AppData\Local\{FC02CA5E-D8AA-A6E6-B532-830E915A7F96}
2017-05-06 21:35 - 2017-05-06 21:35 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-05-06 21:30 - 2017-05-21 12:17 - 00000000 ____D C:\Users\elite\AppData\Roaming\BitComet
2017-05-06 21:30 - 2017-05-06 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
2017-05-06 21:30 - 2017-05-06 21:30 - 00000000 ____D C:\Program Files\BitComet
2017-05-06 21:13 - 2017-05-28 01:20 - 00000000 ____D C:\Users\elite\AppData\LocalLow\Mozilla
2017-05-06 21:13 - 2017-05-18 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-06 21:13 - 2017-05-06 21:13 - 00000000 ____D C:\Users\elite\AppData\Roaming\Mozilla
2017-05-03 09:07 - 2017-04-19 14:18 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2017-05-03 09:07 - 2017-04-19 13:58 - 20374424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-05-03 09:07 - 2017-04-19 13:36 - 01291776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-05-03 09:07 - 2017-04-19 13:34 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-03 09:07 - 2017-04-14 07:21 - 06728192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-05-03 09:07 - 2017-04-14 07:18 - 00731136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmgaserver.exe
2017-05-03 09:07 - 2017-04-14 07:13 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputSwitch.dll
2017-05-03 09:06 - 2017-04-19 15:07 - 00712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2017-05-03 09:06 - 2017-04-19 15:06 - 00651680 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-05-03 09:06 - 2017-04-19 15:04 - 00142240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2017-05-03 09:06 - 2017-04-19 15:02 - 00716440 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2017-05-03 09:06 - 2017-04-19 14:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-05-03 09:06 - 2017-04-19 14:16 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2017-05-03 09:06 - 2017-04-19 14:15 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2017-05-03 09:06 - 2017-04-19 14:14 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\LockHostingFramework.dll
2017-05-03 09:06 - 2017-04-19 14:13 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2017-05-03 09:06 - 2017-04-19 14:13 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-05-03 09:06 - 2017-04-19 14:12 - 00805888 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-05-03 09:06 - 2017-04-19 14:12 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-03 09:06 - 2017-04-19 14:12 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2017-05-03 09:06 - 2017-04-19 14:11 - 04446208 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-05-03 09:06 - 2017-04-19 14:11 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-05-03 09:06 - 2017-04-19 14:10 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2017-05-03 09:06 - 2017-04-19 14:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-03 09:06 - 2017-04-19 14:10 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2017-05-03 09:06 - 2017-04-19 14:08 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-05-03 09:06 - 2017-04-19 14:08 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-05-03 09:06 - 2017-04-19 14:07 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2017-05-03 09:06 - 2017-04-19 14:07 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-05-03 09:06 - 2017-04-19 14:06 - 02651648 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-05-03 09:06 - 2017-04-19 14:04 - 01356800 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-05-03 09:06 - 2017-04-19 14:04 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-05-03 09:06 - 2017-04-19 14:02 - 00559000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-05-03 09:06 - 2017-04-19 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\catsrvps.dll
2017-05-03 09:06 - 2017-04-19 13:59 - 02435584 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2017-05-03 09:06 - 2017-04-19 13:59 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2017-05-03 09:06 - 2017-04-19 13:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll
2017-05-03 09:06 - 2017-04-19 13:35 - 00476672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-03 09:06 - 2017-04-19 13:34 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-05-03 09:06 - 2017-04-19 13:34 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2017-05-03 09:06 - 2017-04-19 13:32 - 01285120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2017-05-03 09:06 - 2017-04-19 13:30 - 00909312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-05-03 09:06 - 2017-04-19 13:29 - 02298880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-05-03 09:06 - 2017-04-14 08:35 - 04848440 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-05-03 09:06 - 2017-04-14 08:35 - 00741784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2017-05-03 09:06 - 2017-04-14 08:35 - 00673112 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll
2017-05-03 09:06 - 2017-04-14 08:33 - 02085280 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2017-05-03 09:06 - 2017-04-14 08:32 - 01320352 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2017-05-03 09:06 - 2017-04-14 08:30 - 00105456 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2017-05-03 09:06 - 2017-04-14 08:25 - 01854880 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-05-03 09:06 - 2017-04-14 08:25 - 01452960 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-05-03 09:06 - 2017-04-14 07:43 - 04469832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-05-03 09:06 - 2017-04-14 07:43 - 00523296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll
2017-05-03 09:06 - 2017-04-14 07:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-03 09:06 - 2017-04-14 07:41 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-05-03 09:06 - 2017-04-14 07:40 - 00095584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2017-05-03 09:06 - 2017-04-14 07:39 - 07931392 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-05-03 09:06 - 2017-04-14 07:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\mmgaserver.exe
2017-05-03 09:06 - 2017-04-14 07:39 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2017-05-03 09:06 - 2017-04-14 07:39 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2017-05-03 09:06 - 2017-04-14 07:39 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2017-05-03 09:06 - 2017-04-14 07:38 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Preview.dll
2017-05-03 09:06 - 2017-04-14 07:38 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2017-05-03 09:06 - 2017-04-14 07:37 - 00450048 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-05-03 09:06 - 2017-04-14 07:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2017-05-03 09:06 - 2017-04-14 07:37 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2017-05-03 09:06 - 2017-04-14 07:37 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-05-03 09:06 - 2017-04-14 07:36 - 00524800 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2017-05-03 09:06 - 2017-04-14 07:36 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-05-03 09:06 - 2017-04-14 07:35 - 01433600 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2017-05-03 09:06 - 2017-04-14 07:35 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
2017-05-03 09:06 - 2017-04-14 07:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-03 09:06 - 2017-04-14 07:34 - 01468416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-05-03 09:06 - 2017-04-14 07:34 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\InputSwitch.dll
2017-05-03 09:06 - 2017-04-14 07:33 - 01269760 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2017-05-03 09:06 - 2017-04-14 07:33 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2017-05-03 09:06 - 2017-04-14 07:31 - 01611776 _____ (Microsoft Corporation) C:\Windows\system32\SpeechPal.dll
2017-05-03 09:06 - 2017-04-14 07:31 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2017-05-03 09:06 - 2017-04-14 07:29 - 02499584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2017-05-03 09:06 - 2017-04-14 07:29 - 01583616 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-03 09:06 - 2017-04-14 07:29 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-05-03 09:06 - 2017-04-14 07:29 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-05-03 09:06 - 2017-04-14 07:29 - 00647168 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-05-03 09:06 - 2017-04-14 07:28 - 02443776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-03 09:06 - 2017-04-14 07:26 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2017-05-03 09:06 - 2017-04-14 07:25 - 00750080 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2017-05-03 09:06 - 2017-04-14 07:24 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-05-03 09:06 - 2017-04-14 07:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2017-05-03 09:06 - 2017-04-14 07:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2017-05-03 09:06 - 2017-04-14 07:15 - 00282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2017-05-03 09:06 - 2017-04-14 07:15 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-05-03 09:06 - 2017-04-14 07:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-03 09:06 - 2017-04-14 07:08 - 01463296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-03 09:06 - 2017-04-14 07:06 - 00987648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2017-05-03 09:06 - 2017-04-14 07:04 - 00392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2017-05-03 09:06 - 2017-04-14 07:01 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2017-05-01 23:29 - 2017-05-28 01:21 - 00000000 ____D C:\Users\elite\AppData\Roaming\DMCache
2017-05-01 23:29 - 2017-05-21 19:42 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-05-01 23:29 - 2017-05-21 12:44 - 00000000 ____D C:\Users\elite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-05-01 23:29 - 2017-05-21 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-05-01 23:29 - 2017-05-10 18:00 - 00000000 ____D C:\Users\elite\Downloads\Video
2017-05-01 23:29 - 2017-05-07 16:04 - 00000000 ____D C:\Users\elite\Downloads\Compressed
2017-05-01 23:29 - 2017-05-01 23:29 - 00000000 ____D C:\ProgramData\IDM

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 01:21 - 2017-04-21 20:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-05-28 01:19 - 2017-04-22 10:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-28 01:18 - 2017-04-21 19:36 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-05-28 01:18 - 2017-03-18 19:40 - 00524288 _____ C:\Windows\system32\config\BBI
2017-05-28 01:16 - 2017-04-21 20:50 - 00000000 ____D C:\ProgramData\McAfee
2017-05-28 00:57 - 2017-04-21 19:34 - 01392166 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-28 00:50 - 2017-04-21 20:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-28 00:33 - 2017-04-21 20:54 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-28 00:29 - 2017-03-19 05:01 - 00000000 ____D C:\Windows\INF
2017-05-28 00:29 - 2017-03-19 04:51 - 00000000 ____D C:\Windows\CbsTemp
2017-05-27 00:09 - 2017-03-19 05:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-27 00:09 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\AppReadiness
2017-05-25 23:07 - 2017-04-21 20:57 - 00000000 ____D C:\Users\elite\AppData\Roaming\MPC-HC
2017-05-25 21:58 - 2017-04-21 19:32 - 00000000 ____D C:\Users\elite
2017-05-25 21:56 - 2017-04-22 10:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-05-25 18:11 - 2017-04-22 11:27 - 00000000 ____D C:\Windows\Panther
2017-05-24 22:13 - 2017-04-21 21:18 - 00000000 ____D C:\Program Files (x86)\Origin
2017-05-24 01:43 - 2017-04-21 21:18 - 00000000 ____D C:\Users\elite\AppData\Local\Ubisoft Game Launcher
2017-05-23 19:08 - 2017-04-23 17:58 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 19:07 - 2017-04-23 17:58 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-21 20:39 - 2017-04-21 21:18 - 00000000 ____D C:\Users\elite\AppData\Roaming\Origin
2017-05-21 20:39 - 2017-04-21 21:14 - 00000000 ____D C:\ProgramData\Origin
2017-05-21 19:59 - 2017-04-21 19:39 - 00000000 ____D C:\Users\elite\AppData\Local\Google
2017-05-21 09:27 - 2017-04-21 20:55 - 00003126 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-05-21 09:27 - 2017-04-21 20:55 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-05-21 09:27 - 2017-04-21 20:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-05-21 09:27 - 2017-03-19 05:03 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-05-18 00:50 - 2017-04-21 19:33 - 00000000 ____D C:\Users\elite\AppData\Local\Packages
2017-05-17 22:05 - 2017-04-21 19:36 - 00000000 ____D C:\Program Files\AMD
2017-05-17 22:03 - 2017-04-21 19:36 - 00000000 ____D C:\AMD
2017-05-16 18:06 - 2017-04-15 03:33 - 00924544 _____ (AMD) C:\Windows\system32\coinst_17.10.dll
2017-05-16 18:06 - 2017-04-15 03:33 - 00546688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2017-05-16 18:06 - 2017-04-15 03:33 - 00478080 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2017-05-16 18:06 - 2017-04-15 03:33 - 00044920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2017-05-16 18:06 - 2017-04-15 03:33 - 00042368 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2017-05-16 18:06 - 2017-04-15 03:33 - 00029056 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2017-05-16 18:06 - 2017-04-15 03:33 - 00029048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2017-05-16 18:06 - 2017-04-15 03:31 - 00112512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2017-05-16 18:06 - 2017-04-15 03:31 - 00099192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 10320248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 08479104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 02536320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 02198400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 01516416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 01040768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00864120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00777088 _____ (AMD) C:\Windows\system32\atieclxx.exe
2017-05-16 18:06 - 2017-03-16 13:34 - 00696192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00551808 _____ C:\Windows\system32\dgtrayicon.exe
2017-05-16 18:06 - 2017-03-16 13:34 - 00551808 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2017-05-16 18:06 - 2017-03-16 13:34 - 00531328 _____ C:\Windows\system32\GameManager64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00514424 _____ C:\Windows\system32\amdgfxinfo64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00483712 _____ C:\Windows\system32\atieah64.exe
2017-05-16 18:06 - 2017-03-16 13:34 - 00467328 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00411008 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2017-05-16 18:06 - 2017-03-16 13:34 - 00365440 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00360312 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00334208 _____ C:\Windows\SysWOW64\atieah32.exe
2017-05-16 18:06 - 2017-03-16 13:34 - 00278400 _____ C:\Windows\system32\clinfo.exe
2017-05-16 18:06 - 2017-03-16 13:34 - 00276352 _____ C:\Windows\system32\hsa-thunk64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00245112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00242048 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00203648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00191360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00169856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00167808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00156704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00150912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00148440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00135040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00133504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00122744 _____ (AMD) C:\Windows\system32\atimuixx.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00115072 _____ C:\Windows\system32\atidxx64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00101760 _____ C:\Windows\SysWOW64\atidxx32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00091520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00075136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-05-16 18:06 - 2017-03-16 13:34 - 00068992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00573800 _____ C:\Windows\system32\amdmiracast.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00196176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00164400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00139080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00131280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00131280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00116072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00102520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2017-05-16 18:05 - 2017-03-16 13:34 - 00102512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2017-05-12 18:46 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\rescache
2017-05-10 09:01 - 2017-04-21 19:33 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 09:00 - 2017-04-22 10:28 - 00217000 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 04:04 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-10 04:04 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\ShellExperiences
2017-05-10 04:04 - 2017-03-19 05:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 04:04 - 2017-03-19 05:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-10 03:36 - 2017-04-21 20:29 - 00000000 ____D C:\Program Files (x86)\Intel
2017-05-10 03:36 - 2017-04-21 20:21 - 00000000 ____D C:\Program Files\Intel
2017-05-10 03:35 - 2017-04-21 19:36 - 00000000 ____D C:\Program Files\ASUS
2017-05-10 03:34 - 2017-04-21 19:35 - 00000000 ___RD C:\Users\elite\OneDrive
2017-05-10 03:33 - 2017-04-21 20:39 - 00000000 ____D C:\Users\elite\AppData\Roaming\discord
2017-05-06 21:36 - 2017-03-19 05:03 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-06 21:35 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-05-04 03:01 - 2017-03-19 05:03 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-05-04 03:01 - 2017-03-19 05:03 - 00000000 ___SD C:\Windows\system32\F12
2017-05-04 03:01 - 2017-03-19 05:03 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-05-04 03:01 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-05-04 03:01 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-05-04 03:01 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\Provisioning
2017-05-04 03:01 - 2017-03-19 05:03 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-04 03:01 - 2017-03-18 19:40 - 00000000 ____D C:\Windows\system32\Dism
2017-04-29 09:05 - 2017-03-19 05:06 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-29 09:05 - 2017-03-19 05:06 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-04-25 11:55 - 2017-04-25 11:55 - 0000101 _____ () C:\Users\elite\AppData\Roaming\net.telestream.gameshow.app_user_guid.xml
2017-04-25 11:55 - 2017-04-27 05:29 - 0006431 _____ () C:\Users\elite\AppData\Roaming\net.telestream.gameshow.xml
2017-04-25 12:00 - 2017-04-27 05:31 - 0000206 _____ () C:\Users\elite\AppData\Roaming\pc-capture-log.txt
2017-04-21 20:25 - 2017-04-21 20:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-04-23 17:49 - 2017-05-25 17:58 - 0619616 ____N () C:\Users\elite\AppData\Local\Temp\0Kraken71ChromaDevProps.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-22 19:44

==================== End of FRST.txt ============================
kintsuchi
 
Posts: 2
Joined: Sat May 27, 2017 5:16 pm

Re: Malware / Adware affecting Google Chrome, cant be delete

Postby kintsuchi » Sat May 27, 2017 5:27 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by elite (28-05-2017 01:21:28)
Running from D:\download\Programs
Windows 10 Pro Version 1703 (X64) (2017-04-21 11:29:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2141949100-3600031293-2034327126-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2141949100-3600031293-2034327126-503 - Limited - Disabled)
elite (S-1-5-21-2141949100-3600031293-2034327126-1001 - Administrator - Enabled) => C:\Users\elite
Guest (S-1-5-21-2141949100-3600031293-2034327126-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.05.00 - ASUSTeK Computer Inc.)
Asus Sonic Suite Plugins (x32 Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
BitComet 1.45 (HKLM-x32\...\BitComet_x64) (Version: 1.45 - CometNetwork)
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Discord (HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: - )
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
K-Lite Codec Pack 13.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.0 - KLCP)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
McAfee® Internet Security (HKLM-x32\...\MSC) (Version: 16.0.0 - McAfee, Inc.)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
NahimicSettingsConfigurator (Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.10.52731 - Electronic Arts, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version: - Bluehole, Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.14.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.302 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7581 - Realtek Semiconductor Corp.)
Sonic Radar II (HKLM\...\{A70B8D38-273A-4D6A-B7D5-AEBEDEEE5D28}) (Version: 2.1.2501 - ASUSTeKcomputer.Inc)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
UnHackMe 8.90 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Uplay (HKLM-x32\...\Uplay) (Version: 31.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1995E36C-04BE-4845-813D-604AC4BA34B6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-04-14] ()
Task: {2B8F4B20-A630-4C46-853F-AFFAD7D2D0FD} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-05-25] (Greatis Software)
Task: {4BF168C2-5E46-4643-9C92-B6ECCC26270E} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-04-21] (McAfee, Inc.)
Task: {5BEFA3C5-748E-42F6-A1FA-C0834B0C05B1} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-04-21] (McAfee, Inc.)
Task: {687B33B3-E100-48F1-9458-FB199E94485C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {887EB2DC-8557-4857-AD81-70A35B32CAD2} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A414384C-53E8-4A39-A192-4C5E134ADD6D} - \Microsoft\Windows\DeviceSettings\Prerviing -> No File <==== ATTENTION
Task: {AC661841-16E3-489E-81CF-0650A4857DF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.)
Task: {B85196B7-5A1E-4839-9BE8-C9DC800966F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-20] (Piriform Ltd)
Task: {B88A8465-0245-4BB7-A0F9-73688B2B647A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {E0006498-BD7D-489A-9931-50B474E65FEC} - System32\Tasks\GoogleUpdateTaskMachineUA1d2d541f1b6ff2c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.)
Task: {E6673C21-17C4-4D13-96F2-FB3494DE5C60} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {EA6C4E98-A821-4EAD-9243-75D653655C14} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-04-11] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-21 19:36 - 2017-04-21 20:24 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2017-04-21 20:24 - 2017-04-21 20:23 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-09-25 06:20 - 2016-09-25 06:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-19 04:58 - 2017-03-19 04:58 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-03-19 04:59 - 2017-03-19 10:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-25 18:30 - 2017-05-09 17:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-25 18:30 - 2017-05-09 17:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-04-21 19:36 - 2017-05-28 01:19 - 00035624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-04-21 19:36 - 2017-04-21 20:24 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-04-21 21:18 - 2017-04-21 21:18 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-02-20 16:10 - 2017-02-20 16:10 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 05:03 - 2017-05-10 03:34 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\elite\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Kraken71ChromaHelper"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2141949100-3600031293-2034327126-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{37F9D57C-3E03-45A8-B05C-2AD93C8CF4D0}] => (Allow) LPort=1487
FirewallRules: [{2DDBCB5A-B0AD-4CC9-B5E2-FB857336D461}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0BB703AF-B6D5-4C8F-A05B-CA28A3E4BC72}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{44BE689E-6CEC-497A-BE86-28D83591419E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{25A24FAB-A949-4BE6-97D7-3566980BFE5E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BC8F86E8-33DF-4D95-B256-BC37A937370B}] => (Allow) F:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D11B9F2C-4424-490E-96B6-FCC0588EDA8B}] => (Allow) F:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{826D3F32-405F-4672-9972-D31FB41B935C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4B5B022F-D94F-4029-A7F0-352D592E8325}] => (Allow) F:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{323EF928-047C-4A8B-A73D-BB111DDFE36D}] => (Allow) F:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4872E7FD-1729-4269-9136-07EE5B268AFA}] => (Allow) G:\SteamLibrary\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{54624B29-F998-4EE1-95F8-FD8DC4A497FD}] => (Allow) G:\SteamLibrary\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{23110705-3139-4E90-9FE9-0215904295D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31A6302E-2999-406C-9DC1-56B5AF4CF165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F3124AF-B2BC-4A67-BDF0-BA9F229F8C54}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{4D18F018-4790-4A5D-BE16-7E7D1B768142}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{BD219272-8117-44D2-B808-09EB8E4656E5}] => (Allow) G:\Origin Game\Battlefield 1\bf1Trial.exe
FirewallRules: [{B8372EFD-B5B2-45ED-9A9D-A8F63148599E}] => (Allow) G:\Origin Game\Battlefield 1\bf1Trial.exe
FirewallRules: [{3062D76E-BA2A-4A91-922C-9F8F9318F0DC}] => (Allow) G:\Origin Game\Battlefield 1\bf1.exe
FirewallRules: [{607996AC-0427-4C0C-A4C7-EC17CD54C88A}] => (Allow) G:\Origin Game\Battlefield 1\bf1.exe
FirewallRules: [{1D85D02F-8A62-42D3-8477-D6C6D22E9D5E}] => (Allow) LPort=12889
FirewallRules: [{C58DCB6E-AF07-4432-9EE5-89E7A7868C85}] => (Allow) LPort=12889
FirewallRules: [{998A73D9-97DE-4B0F-B5C9-66461720E6A4}] => (Allow) C:\Program Files (x86)\MIO\loader\st3320620as_5qf7m9y6xxxx5qf7m9y6.dat
FirewallRules: [{07FBED29-5860-4586-B0A7-D2B44AEE8F8B}] => (Allow) C:\Program Files (x86)\MIO\loader\st3320620as_5qf7m9y6xxxx5qf7m9y6.dat
FirewallRules: [{0A4113CF-FDC9-4D2B-8D01-73FE045CF329}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{779A0FCC-706C-4F63-B2E6-A9FAB99A37AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2017 01:16:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 01:16:02 AM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: Failed to load a dependant module.
Error Code:a7f42003

Error: (05/28/2017 01:16:00 AM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: Failed to load a dependant module.
Error Code:a7f42003

Error: (05/28/2017 01:15:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 01:00:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 01:00:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:50:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ctfmon.exe, version: 10.0.15063.0, time stamp: 0xdfddf97c
Faulting module name: InputService.dll, version: 10.0.15063.0, time stamp: 0x85700f6b
Exception code: 0xc0000005
Fault offset: 0x0005d6fc
Faulting process id: 0x314
Faulting application start time: 0x01d2d7055fa39d45
Faulting application path: C:\Windows\SysWOW64\ctfmon.exe
Faulting module path: C:\Windows\system32\InputService.dll
Report Id: ecf568e7-4f18-404e-8dbc-528ea04081c2
Faulting package full name:
Faulting package-relative application ID:

Error: (05/28/2017 12:15:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:14:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/27/2017 12:08:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/28/2017 01:21:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/28/2017 01:21:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (05/28/2017 01:19:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/28/2017 01:19:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (05/28/2017 01:18:49 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12

Error: (05/28/2017 01:07:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The terana service terminated unexpectedly. It has done this 1 time(s).

Error: (05/28/2017 01:06:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (05/28/2017 01:01:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (05/28/2017 12:56:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (05/28/2017 12:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate1d2d541f1b23a79) service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2017-05-28 00:51:22.155
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:38:25.865
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:38:25.863
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:32:53.959
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:32:53.957
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:32:41.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:32:41.171
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:32:29.581
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:32:29.579
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-28 00:15:48.967
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 16%
Total physical RAM: 16325.68 MB
Available physical RAM: 13703.73 MB
Total Virtual: 17349.68 MB
Available Virtual: 14636.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.69 GB) (Free:76.02 GB) NTFS
Drive d: (Media) (Fixed) (Total:298.09 GB) (Free:109.17 GB) NTFS
Drive e: () (Fixed) (Total:195.21 GB) (Free:52.12 GB) NTFS
Drive f: (SSD Games) (Fixed) (Total:55.9 GB) (Free:20.91 GB) NTFS
Drive g: (Games SSD) (Fixed) (Total:223.57 GB) (Free:50.66 GB) NTFS
Drive h: (Korea stuff) (Fixed) (Total:465.76 GB) (Free:113.37 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (Media) (Fixed) (Total:736.2 GB) (Free:152 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2AC4479A)
Partition 1: (Active) - (Size=298.1 GB) - (Type=06)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0BA8901B)
Partition 1: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=736.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 119.2 GB) (Disk ID: 8B28ECC0)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: F936DB43)
Partition 1: (Not Active) - (Size=55.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6907713E)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A405879)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
kintsuchi
 
Posts: 2
Joined: Sat May 27, 2017 5:16 pm

Re: Malware / Adware affecting Google Chrome, cant be delete

Postby patrik » Wed May 31, 2017 1:43 am

Hello, welcome to the Myantispyware forums.

Run Notepad, copy/paste the text in the code box below into notepad:
Code: Select all
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR DefaultSearchURL: Default -> hxxp://www.mystarting123.com/search/ind ... qae3mdq&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystarting123
Task: {A414384C-53E8-4A39-A192-4C5E134ADD6D} - \Microsoft\Windows\DeviceSettings\Prerviing -> No File <==== ATTENTION
EmptyTemp:
Reboot:

Name the Notepad file as fixlist and Save it to a folder where FRST is located.
Run FRST and press the Fix button. When the tool is finished, it will produce a report for you.

Post back with the fix log + new "scan" logs (Run FRST, click Scan).
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm


Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 4 guests

cron