Jump to content


Photo

My computer is starting to be slow


  • This topic is locked This topic is locked
16 replies to this topic

#1 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 16 November 2016 - 06:14 PM

My computer is being slow.  I just want to check if it's malware or not.

 

Below are my log files:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/16/2016
Scan Time: 4:03 PM
Logfile: Malwarebytes Scan 11-16-2016.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.16.14
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marty

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283712
Time Elapsed: 4 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E95E8E2-B988-4750-A34C-0FAB193E3EE4}, , [6e90e5db4a507cbafb32bfeb59aa867a],
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90F64814-EB07-438C-BAA3-0119183817BF}, , [0af4249c6733b87eec3f9b0f798a45bb],

Registry Values: 2
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E95E8E2-B988-4750-A34C-0FAB193E3EE4}|Path, \ReimageUpdater, , [6e90e5db4a507cbafb32bfeb59aa867a]
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90F64814-EB07-438C-BAA3-0119183817BF}|Path, \Reimage Reminder, , [0af4249c6733b87eec3f9b0f798a45bb]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
RiskWare.Tool.HCK, C:\Users\Marty\Desktop\Unconfirmed 531733.crdownload, , [6e90d2ee237768cef6dddedba95751af],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Next is my FRST64 scan with addition:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Marty (administrator) on MARTY-PC (16-11-2016 16:09:59)
Running from C:\Users\Marty\Documents\Malware removal tools
Loaded Profiles: Marty (Available Profiles: Marty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Mindzoom) C:\Program Files (x86)\Mindzoom\mindzoom.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(GameplayCrush) C:\Users\Marty\Documents\borderless gaming\WindowedBorderlessGaming_2.1.0.1\WindowedBorderlessGaming.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [7838392 2016-10-27] (Emsisoft Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [24576 2010-07-07] (Creative Technology Ltd)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [Camfrog] => C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe [15716920 2016-10-09] (Camshare, Inc.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [Discord] => C:\Users\Marty\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\MountPoints2: {71ca4d3e-49f7-11e6-9229-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-10-25]
ShortcutTarget: Curse.lnk -> C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mindzoom.lnk [2016-11-05]
ShortcutTarget: mindzoom.lnk -> C:\Program Files (x86)\Mindzoom\mindzoom.exe (Mindzoom)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C9A37F5-92A4-435E-A398-A69EB7FA054E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\0tp6dndc.default [2016-11-16]
FF NewTab: Mozilla\Firefox\Profiles\0tp6dndc.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\0tp6dndc.default -> about:home
FF Extension: (Grammarly for Firefox) - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\0tp6dndc.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-11-14]
FF Extension: (Adblock Plus) - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\0tp6dndc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-09]
FF Extension: (Asynchronous Plugin Rendering) - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\0tp6dndc.default\features\{81377665-87e9-4375-84e1-1823711c3013}\asyncrendering@mozilla.org.xpi [2016-11-10]
FF Extension: (Multi-process staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2016-11-09] [not signed]
FF Extension: (Pocket) - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2016-11-09] [not signed]
FF Extension: (Web Compat) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2016-11-09] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default [2016-11-16]
CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
CHR Extension: (Adblock Plus) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Excel Viewer, Editor) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpdiahdjhpfaafoffpoaafcmjbcfmaj [2016-07-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-14]
CHR Extension: (GAuth Authenticator) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcnhelpchnceeipipijaljkblbcobl [2016-07-14]
CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9388576 2016-10-27] (Emsisoft Ltd)
S4 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-09-22] (Camshare Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-11-12] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-10-27] (Visicom Media Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124304 2016-10-05] (Emsisoft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
U0 lswaiepn; C:\Windows\System32\drivers\brmid.sys [79064 2016-11-16] (Malwarebytes)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-11-16] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [36568 2015-08-13] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [44760 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
U0 aswVmm; no ImagePath
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-16 16:09 - 2016-11-16 16:09 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\brmid.sys
2016-11-16 16:09 - 2016-11-16 16:09 - 00000000 ____D C:\FRST
2016-11-16 15:48 - 2016-11-16 15:48 - 00001224 _____ C:\Users\Marty\Desktop\cc_20161116_154856.reg
2016-11-16 15:47 - 2016-11-16 15:47 - 00000000 ____D C:\Users\Marty\AppData\Local\TSVNCache
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Users\Marty\Desktop\d2etal1
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Subversion
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-11-15 15:14 - 2016-11-15 15:14 - 00154650 _____ (TibiaMaps.io) C:\Users\Marty\Desktop\tibia-11-maps-installer.exe
2016-11-15 14:19 - 2016-11-15 16:03 - 00000000 ____D C:\Users\Marty\AppData\Roaming\discord
2016-11-15 14:19 - 2016-11-15 14:19 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marty\Desktop\DiscordSetup.exe
2016-11-15 14:19 - 2016-11-15 14:19 - 00002164 _____ C:\Users\Marty\Desktop\Discord.lnk
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Local\SquirrelTemp
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Local\Discord
2016-11-13 02:38 - 2013-10-31 18:38 - 00000000 ____D C:\Users\Marty\Desktop\__MACOSX
2016-11-13 02:14 - 2016-11-13 02:14 - 05509001 _____ C:\Users\Marty\Desktop\Astro-Update-MA3-v3374.exe.zip
2016-11-12 22:12 - 2016-11-12 22:12 - 00015668 _____ C:\Windows\system32\.crusader
2016-11-11 20:29 - 2016-11-11 20:29 - 00000000 ____D C:\Users\Marty\AppData\Local\Privatefirewall
2016-11-11 20:23 - 2016-11-15 15:51 - 00000028 _____ C:\Windows\ODBC.INI
2016-11-11 20:23 - 2016-11-11 20:23 - 00000000 ____D C:\ProgramData\Privacyware
2016-11-11 14:22 - 2016-11-11 14:22 - 00000000 ____D C:\ProgramData\Emsisoft
2016-11-11 14:20 - 2016-11-11 14:20 - 00000896 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-11-11 14:20 - 2016-11-11 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-11-11 14:19 - 2016-11-16 15:15 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-11 14:19 - 2016-11-11 14:19 - 228054040 _____ (Emsisoft Ltd. ) C:\Users\Marty\Desktop\EmsisoftAntiMalwareSetup.exe
2016-11-11 13:39 - 2016-11-11 13:39 - 00000000 ____D C:\Windows\system32\RAPID
2016-11-11 13:39 - 2015-09-04 12:08 - 00271968 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2016-11-11 13:37 - 2016-11-11 13:37 - 00058528 _____ C:\Users\Marty\Desktop\cc_20161111_133737.reg
2016-11-11 13:37 - 2016-11-11 13:37 - 00000784 _____ C:\Users\Marty\Desktop\cc_20161111_133750.reg
2016-11-11 03:27 - 2016-11-11 03:30 - 00000000 ____D C:\Program Files (x86)\TinyWall
2016-11-11 03:27 - 2016-11-11 03:27 - 01204224 _____ C:\Users\Marty\Desktop\TinyWallInstaller.msi
2016-11-11 03:11 - 2016-11-11 03:39 - 00000000 ____D C:\Users\Marty\Documents\bluescreenview
2016-11-09 21:26 - 2016-11-11 03:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-07 18:01 - 2016-11-11 13:37 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Ventrilo
2016-11-07 18:01 - 2016-11-07 18:01 - 00000917 _____ C:\Users\Marty\Desktop\Ventrilo.lnk
2016-11-07 18:01 - 2016-11-07 18:01 - 00000262 _____ C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2016-11-07 18:01 - 2016-11-07 18:01 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2016-11-07 18:01 - 2016-11-07 18:01 - 00000000 ____D C:\Program Files\Ventrilo
2016-11-07 18:00 - 2016-11-07 18:00 - 04135696 _____ C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe
2016-11-07 17:33 - 2016-11-07 17:33 - 00000013 _____ C:\Users\Marty\Desktop\game name d2.txt
2016-11-06 19:15 - 2016-11-06 19:15 - 00000007 _____ C:\Users\Marty\Desktop\Matrix 1 stopped at.txt
2016-11-05 22:27 - 2016-11-13 05:31 - 00000013 _____ C:\Users\Marty\Desktop\game for xfer.txt
2016-11-05 18:30 - 2016-11-05 19:09 - 00000040 _____ C:\Users\Marty\Desktop\d2 lvling service username and password.txt
2016-11-03 17:03 - 2016-11-03 17:03 - 00000069 _____ C:\Users\Marty\Desktop\I did it. Small Emotional Ending. Much love guys. - Ap Shaco vs Kennen Full Game #68.url
2016-10-29 21:08 - 2016-11-06 20:51 - 00000057 _____ C:\Users\Marty\Desktop\channel f or baal runs bot.txt
2016-10-29 12:05 - 2016-10-29 12:06 - 10673352 _____ C:\Users\Marty\Downloads\D2LOD_key_utilities.zip
2016-10-27 12:14 - 2016-10-27 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2016-10-27 12:13 - 2016-10-27 12:13 - 00603640 _____ (Visicom Media inc.) C:\Users\Marty\Desktop\ManyCamWebInstaller.exe
2016-10-25 20:33 - 2016-10-25 20:34 - 00001698 _____ C:\Users\Marty\Desktop\The Hell Bat.lnk
2016-10-25 20:31 - 2016-10-25 20:31 - 00000846 _____ C:\Users\Marty\Downloads\Hellfire 32&64-Bit ColorFix.zip
2016-10-25 14:48 - 2016-11-13 02:15 - 19525632 _____ C:\Users\Marty\Desktop\AstroCommandCenter.msi
2016-10-25 14:48 - 2016-10-25 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro Gaming
2016-10-25 14:48 - 2016-10-25 14:48 - 00000000 ____D C:\Program Files (x86)\Astro Gaming
2016-10-25 09:51 - 2016-10-25 09:51 - 00000000 _____ C:\Windows\SysWOW64\Access.dat
2016-10-25 06:01 - 2016-11-16 15:43 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Curse Client
2016-10-25 06:01 - 2016-10-25 06:01 - 76670608 _____ (Curse) C:\Users\Marty\Desktop\CurseClientSetup.exe
2016-10-25 06:01 - 2016-10-25 06:01 - 00001032 _____ C:\Users\Marty\Desktop\Curse.lnk
2016-10-25 06:01 - 2016-10-25 06:01 - 00001018 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-10-25 06:01 - 2016-10-25 06:01 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Curse
2016-10-24 21:34 - 2016-10-24 21:35 - 177891288 _____ (COMODO) C:\Users\Marty\Desktop\cfw_installer_6106_53.exe
2016-10-24 21:30 - 2016-11-11 03:44 - 00000000 ____D C:\Program Files\AVAST Software
2016-10-24 21:30 - 2016-11-11 03:39 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-10-24 21:21 - 2016-11-11 03:44 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-24 21:21 - 2016-11-11 03:30 - 00002628 _____ C:\Windows\system32\InstallUtil.InstallLog
2016-10-24 21:15 - 2016-10-24 21:15 - 06334848 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-10-24 21:15 - 2016-10-24 21:15 - 06334848 _____ (AVAST Software) C:\Users\Marty\Desktop\avast_free_antivirus_setup_online.exe
2016-10-24 20:51 - 2016-10-24 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-10-24 20:29 - 2016-09-16 16:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2016-10-24 20:27 - 2016-10-24 20:27 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-10-24 20:27 - 2016-10-24 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-10-24 20:27 - 2016-10-24 20:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-24 20:20 - 2016-10-24 20:20 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2016-10-24 19:38 - 2016-10-24 19:39 - 184496160 _____ (Kaspersky Lab) C:\Users\Marty\Downloads\E370.tmp
2016-10-24 19:36 - 2016-10-24 19:39 - 00000000 ____D C:\Users\Marty\Documents\Kaspersky stuff
2016-10-24 19:17 - 2016-10-24 19:17 - 07100088 _____ (VS Revo Group ) C:\Users\Marty\Desktop\revosetup.exe
2016-10-24 19:12 - 2016-11-12 22:12 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-24 19:12 - 2016-11-12 22:10 - 11581544 _____ (SurfRight B.V.) C:\Users\Marty\Desktop\hitmanpro_x64.exe
2016-10-24 19:10 - 2016-10-24 19:10 - 11432112 _____ (VS Revo Group ) C:\Users\Marty\Desktop\RevoUninProSetup.exe
2016-10-24 19:10 - 2016-10-24 19:10 - 00001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-10-24 19:10 - 2016-10-24 19:10 - 00000000 ____D C:\Users\Marty\AppData\Local\VS Revo Group
2016-10-24 19:10 - 2016-10-24 19:10 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-10-24 19:10 - 2016-10-24 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-10-24 19:10 - 2016-10-24 19:10 - 00000000 ____D C:\Program Files\VS Revo Group
2016-10-24 19:10 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-10-24 19:08 - 2016-10-24 19:09 - 177912864 _____ (Kaspersky Lab) C:\Users\Marty\Desktop\kis17.0.0.611en_10743 (2).exe
2016-10-24 05:01 - 2016-10-24 05:01 - 00001359 _____ C:\Users\Marty\Desktop\gragas.bat
2016-10-23 13:22 - 2016-10-23 13:22 - 26005113 _____ C:\Users\Marty\Downloads\PathOfExileStashSorter-temp.zip
2016-10-23 13:15 - 2016-10-23 13:15 - 00006704 _____ C:\Users\Marty\Desktop\POEStashSorter.exe - Shortcut.lnk
2016-10-23 13:08 - 2016-10-23 13:08 - 00000099 _____ C:\Users\Marty\Desktop\fix path of exile sorter.txt
2016-10-23 13:06 - 2016-10-23 13:06 - 00000000 ____D C:\Users\Marty\AppData\Local\Ofi Labs
2016-10-23 13:05 - 2016-10-23 13:05 - 01497400 _____ (Microsoft Corporation) C:\Users\Marty\Downloads\NDP46-KB3045560-Web.exe
2016-10-23 12:49 - 2016-10-23 12:49 - 00000000 ____D C:\Users\Marty\Downloads\PathOfExileStashSorter-master
2016-10-23 12:47 - 2016-10-23 12:47 - 21500866 _____ C:\Users\Marty\Downloads\PathOfExileStashSorter-master (1).zip
2016-10-23 12:40 - 2016-10-23 13:15 - 00000000 ____D C:\Users\Marty\Documents\path of exile things
2016-10-22 15:15 - 2016-10-22 15:15 - 00001013 _____ C:\Users\Marty\Desktop\Tunngle.lnk
2016-10-22 09:09 - 2016-10-22 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kali
2016-10-22 09:09 - 2016-10-22 09:09 - 00000000 ____D C:\Program Files (x86)\Kali95
2016-10-22 09:08 - 1998-10-29 14:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-10-22 08:51 - 2016-10-22 09:38 - 00000000 ____D C:\Users\Marty\AppData\Roaming\uTorrent
2016-10-22 08:33 - 2016-10-22 08:33 - 00001859 _____ C:\Users\Marty\Desktop\The Hell.lnk
2016-10-22 08:33 - 2016-10-22 08:33 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Hell
2016-10-22 08:32 - 2016-10-28 13:26 - 00000000 ____D C:\Program Files (x86)\TheHell
2016-10-22 08:18 - 2016-10-25 20:32 - 00000000 ____D C:\Users\Marty\Documents\the hell mod
2016-10-22 08:18 - 2016-10-22 08:18 - 01528670 _____ C:\Users\Marty\Downloads\th2beta.zip
2016-10-22 08:12 - 2016-10-22 08:12 - 00000000 _____ C:\BnetLog.txt
2016-10-22 08:11 - 2016-11-08 22:57 - 00001306 _____ C:\Users\Public\Desktop\Window Mode D2 LOD.lnk
2016-10-22 08:11 - 2016-10-22 08:11 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-22 08:11 - 2016-10-22 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-10-22 08:06 - 2016-10-22 08:13 - 00000000 ____D C:\Users\Marty\Documents\Diablo II
2016-10-22 08:04 - 2016-10-22 08:04 - 00000000 ____D C:\Program Files (x86)\Diablo II Lord of destruction
2016-10-22 08:03 - 2016-11-16 15:58 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-10-22 07:55 - 2016-10-22 07:55 - 00000331 _____ C:\Users\Marty\Desktop\D2 Accounts.txt
2016-10-22 07:53 - 2016-10-22 07:53 - 00000000 ____D C:\Users\Marty\Diablo II
2016-10-19 15:32 - 2016-10-19 15:32 - 00659797 _____ C:\Users\Marty\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2016-10-19 15:31 - 2016-10-19 15:31 - 00404766 _____ C:\Users\Marty\Downloads\bgb (2).zip
2016-10-19 15:31 - 2016-10-19 15:31 - 00404766 _____ C:\Users\Marty\Desktop\bgb.zip
2016-10-19 15:31 - 2016-10-19 15:31 - 00270509 _____ C:\Users\Marty\Downloads\bgb-667.zip
2016-10-19 15:30 - 2016-10-19 15:30 - 00404766 _____ C:\Users\Marty\Downloads\bgb.zip
2016-10-19 15:30 - 2016-10-19 15:30 - 00404766 _____ C:\Users\Marty\Downloads\bgb (1).zip
2016-10-17 18:28 - 2016-10-17 18:28 - 00000000 ____D C:\Users\Marty\Documents\Diablo III
2016-10-17 18:25 - 2016-10-17 18:25 - 00001142 _____ C:\Users\Public\Desktop\Diablo III.lnk
2016-10-17 18:25 - 2016-10-17 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-16 16:09 - 2016-07-21 09:26 - 00000000 ____D C:\Users\Marty\Documents\Malware removal tools
2016-11-16 16:07 - 2016-09-21 11:44 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Skype
2016-11-16 16:02 - 2016-07-14 17:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-16 15:57 - 2016-07-14 13:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-16 15:48 - 2016-08-28 18:40 - 00000000 ____D C:\Users\Marty\AppData\Local\CrashDumps
2016-11-16 15:48 - 2016-07-25 02:14 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-16 15:48 - 2016-07-14 13:04 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-16 15:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-11-16 15:31 - 2016-07-14 12:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-16 10:10 - 2016-07-14 21:49 - 00000000 ____D C:\Users\Marty\AppData\Local\Ubisoft Game Launcher
2016-11-16 04:35 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-16 04:35 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-15 23:41 - 2016-07-23 22:28 - 00000000 ____D C:\Users\Marty\Documents\tibia
2016-11-15 23:38 - 2016-07-14 20:09 - 00000000 ____D C:\Users\Marty\AppData\Local\Battle.net
2016-11-15 23:36 - 2016-07-14 20:08 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-15 16:31 - 2016-07-14 12:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 16:11 - 2009-07-13 21:13 - 00896718 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-15 16:05 - 2016-07-22 09:09 - 00000906 __RSH C:\ProgramData\ntuser.pol
2016-11-15 16:05 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 15:52 - 2016-10-09 12:35 - 00062308 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-11-15 15:52 - 2016-10-09 12:35 - 00000820 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-11-15 15:52 - 2016-08-08 12:58 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-11-15 15:46 - 2016-10-02 16:23 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-11-15 15:46 - 2016-08-22 18:05 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-11-15 15:44 - 2016-07-14 20:10 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-11-15 15:41 - 2016-07-14 20:10 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-15 15:13 - 2016-09-25 11:39 - 00000000 ____D C:\Users\Marty\AppData\Local\acquisition
2016-11-14 19:01 - 2016-07-27 15:24 - 00000000 ____D C:\Users\Marty\AppData\Local\Tibia
2016-11-14 14:35 - 2016-07-14 12:14 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 14:35 - 2016-07-14 12:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 16:49 - 2016-07-14 13:10 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-12 01:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-11 13:39 - 2016-07-14 12:27 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-11-11 03:39 - 2016-10-09 07:40 - 00000000 ____D C:\Users\Marty\AppData\Local\LogMeIn Hamachi
2016-11-11 03:39 - 2016-08-31 01:16 - 00000000 ____D C:\Windows\pss
2016-11-11 03:39 - 2016-08-12 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-11 03:39 - 2016-07-14 20:08 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Battle.net
2016-11-11 03:39 - 2016-07-14 11:27 - 00000000 ____D C:\Users\Marty
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-11 03:10 - 2016-07-18 20:29 - 00000000 ____D C:\Windows\system32\appmgmt
2016-11-09 22:23 - 2016-07-24 15:07 - 00000000 ____D C:\Program Files (x86)\ManyCam
2016-11-09 22:01 - 2016-07-15 15:47 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 21:59 - 2016-07-15 15:47 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 23:06 - 2016-07-14 14:03 - 00000000 ____D C:\Users\Marty\AppData\Local\Jagex
2016-11-08 23:06 - 2016-07-14 14:03 - 00000000 ____D C:\ProgramData\Jagex
2016-11-08 23:01 - 2016-07-24 15:08 - 00000000 ____D C:\Users\Marty\AppData\Local\ManyCam
2016-11-08 15:57 - 2016-07-14 13:10 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 15:57 - 2016-07-14 13:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 15:57 - 2016-07-14 13:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-08 15:57 - 2016-07-14 13:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 15:57 - 2016-07-14 13:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 15:57 - 2016-07-14 13:10 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 22:18 - 2016-07-14 13:26 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Camfrog
2016-11-01 23:56 - 2016-10-09 08:59 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Tunngle
2016-11-01 23:51 - 2016-10-09 08:59 - 00000000 ____D C:\ProgramData\Tunngle
2016-10-27 13:20 - 2016-07-14 12:13 - 00000000 ____D C:\Users\Marty\AppData\Local\Google
2016-10-27 12:14 - 2016-07-24 15:08 - 00000995 _____ C:\Users\Public\Desktop\ManyCam.lnk
2016-10-27 12:14 - 2016-07-24 15:07 - 00000000 ____D C:\Users\Marty\AppData\Roaming\ManyCam
2016-10-25 09:31 - 2016-08-12 09:53 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-24 21:40 - 2016-09-21 11:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-24 21:40 - 2016-07-14 17:07 - 00000000 ____D C:\ProgramData\Skype
2016-10-24 20:26 - 2016-09-18 20:33 - 00000000 ____D C:\Users\Marty\AppData\Roaming\TS3Client
2016-10-24 19:13 - 2016-10-09 12:35 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-10-24 19:13 - 2016-10-09 12:35 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-10-22 09:26 - 2016-07-14 11:27 - 00000000 ____D C:\Users\Marty\AppData\Local\VirtualStore
2016-10-22 08:12 - 2016-07-14 20:09 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-10-19 19:42 - 2016-07-14 13:26 - 00002187 _____ C:\Users\Marty\Desktop\Camfrog Video Chat.lnk
2016-10-19 15:32 - 2005-10-01 13:08 - 01974352 _____ (None) C:\Users\Marty\Desktop\VisualBoyAdvance.exe
2016-10-19 03:08 - 2016-07-14 13:10 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-19 03:08 - 2016-07-14 13:10 - 00000000 ____D C:\ProgramData\Oracle
2016-10-19 03:08 - 2016-07-14 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-19 03:08 - 2016-07-14 13:10 - 00000000 ____D C:\Program Files\Java

==================== Files in the root of some directories =======

2016-07-21 20:08 - 2016-07-22 09:37 - 0000600 _____ () C:\Users\Marty\AppData\Local\PUTTY.RND
2016-07-14 13:48 - 2016-07-14 13:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-14 01:25

==================== End of FRST.txt ============================

 

Next is Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Marty (16-11-2016 16:10:10)
Running from C:\Users\Marty\Documents\Malware removal tools
Windows 7 Ultimate Service Pack 1 (X64) (2016-07-14 19:27:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2836415364-1053990731-2268990577-500 - Administrator - Disabled)
Guest (S-1-5-21-2836415364-1053990731-2268990577-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2836415364-1053990731-2268990577-1002 - Limited - Enabled)
Marty (S-1-5-21-2836415364-1053990731-2268990577-1000 - Administrator - Enabled) => C:\Users\Marty

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acquisition version 0.5g (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.5g - )
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.566 - Camshare, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Dasher (HKLM-x32\...\Dasher) (Version:  - Internet Chess Club)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version:  - Creative Technology Limited)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dying Light (HKLM\...\Steam App 239140) (Version:  - Techland)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 12.0 - Emsisoft Ltd.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Far Cry Primal (HKLM\...\Steam App 371660) (Version:  - Ubisoft)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kali II (HKLM-x32\...\Kali II) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.4.1 (HKLM-x32\...\ManyCam) (Version: 5.4.1 - Visicom Media Inc.)
Marvel Heroes 2016 (HKLM\...\Steam App 226320) (Version:  - Gazillion Entertainment)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MindZoom 2.2.0 Plus (HKLM-x32\...\MindZoom_is1) (Version:  - mindzoom.net)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
PlayChess  (HKLM\...\PlayChess) (Version:  - ChessBase GmbH)
RAPID Mode (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Controller Database Client (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\143ba96d0d39f1c2) (Version: 1.0.0.10 - Flaming Zonkey)
Street Fighter V (HKLM\...\Steam App 310950) (Version:  - Capcom)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Hell (HKLM-x32\...\TheHell) (Version: 1.205a - Mordor & TH Team)
Tibia (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Tibia) (Version:  - CipSoft GmbH)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wander (HKLM\...\Steam App 293280) (Version:  - Wander MMO)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000_Classes\CLSID\{e3765c78-10d8-475e-bd21-3633526f98d2}\InprocServer32 -> c:\windows\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04999245-04AC-47DB-84DA-80393FCD2BC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {19D66E5B-29D7-4A15-80D5-8EB83AA2826D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {2E95E8E2-B988-4750-A34C-0FAB193E3EE4} - \ReimageUpdater -> No File <==== ATTENTION
Task: {3D8F6540-8177-4110-85F3-FE0CE056EE9C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {50F401A7-B875-49BE-ACD3-4F346A4EA71B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {6D8F8B7F-4E70-469A-A350-36A81DBC3B69} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {71340D4D-35E3-448B-B396-5E9EAD54D629} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.)
Task: {90F64814-EB07-438C-BAA3-0119183817BF} - \Reimage Reminder -> No File <==== ATTENTION
Task: {CF2D1463-2139-4258-8F19-22CEB54E60B0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-24] (AVAST Software)
Task: {CFFE8AED-E4BE-418D-909C-E895017F9B78} - System32\Tasks\{658D4217-A2C9-47CA-A6CA-91B0BB225D9B} => pcalua.exe -a "C:\Users\Marty\Desktop\Display Driver Uninstaller.exe" -d C:\Users\Marty\Desktop
Task: {FC40276F-D1FA-4A57-954E-363D40CA1426} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Marty\Desktop\The Hell Bat.lnk -> C:\Users\Marty\Documents\the hell mod\hellfire.bat ()

ShortcutWithArgument: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2016-09-28 04:33 - 2016-09-16 14:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-24 14:20 - 2016-09-24 14:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-08-19 00:12 - 2016-08-19 00:12 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-08-11 17:02 - 2004-06-12 14:55 - 00274432 _____ () C:\Program Files (x86)\Mindzoom\lame_enc.dll
2016-07-27 18:55 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-07-27 18:55 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-08-29 00:09 - 2016-08-29 00:09 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 50656768 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-07-07 19:33 - 2010-07-07 19:33 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 50656768 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 01874944 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 00075264 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 01874944 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 00075264 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\R


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,278 posts

Posted 17 November 2016 - 08:12 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please run the Malwarebyites program and remove everthing that was reported in your last scan.
 
===
 
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Extension: (Chrome Media Router) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
U0 lswaiepn; C:\Windows\System32\drivers\brmid.sys [79064 2016-11-16] (Malwarebytes)
U0 aswVmm; no ImagePath
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
U3 iswSvc; no ImagePath
Task: {2E95E8E2-B988-4750-A34C-0FAB193E3EE4} - \ReimageUpdater -> No File <==== ATTENTION
Task: {90F64814-EB07-438C-BAA3-0119183817BF} - \Reimage Reminder -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\CurseClientSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\CurseClientSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Desktop\ikickyour6.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Desktop\ManyCamWebInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\ManyCamWebInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Downloads\D2LOD_key_utilities.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Downloads\Hellfire 32&64-Bit ColorFix.zip:$CmdZnID [26]
 
Reboot:
 
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
 
Restart Chrome.
===
 
Please post the fixlog.txt and let me know what problem persists.
 

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 17 November 2016 - 12:09 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Marty (17-11-2016 10:00:32) Run:1
Running from C:\Users\Marty\Documents\Malware removal tools
Loaded Profiles: Marty (Available Profiles: Marty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Extension: (Chrome Media Router) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
U0 lswaiepn; C:\Windows\System32\drivers\brmid.sys [79064 2016-11-16] (Malwarebytes)
U0 aswVmm; no ImagePath
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
U3 iswSvc; no ImagePath
Task: {2E95E8E2-B988-4750-A34C-0FAB193E3EE4} - \ReimageUpdater -> No File <==== ATTENTION
Task: {90F64814-EB07-438C-BAA3-0119183817BF} - \Reimage Reminder -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\CurseClientSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\CurseClientSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Desktop\ikickyour6.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Desktop\ManyCamWebInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\ManyCamWebInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Downloads\D2LOD_key_utilities.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marty\Downloads\Hellfire 32&64-Bit ColorFix.zip:$CmdZnID [26]
 
Reboot:
 
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
C:\Users\Marty\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => not found.
C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
lswaiepn => service not found.
aswVmm => service removed successfully
hitmanpro37duringboot => service removed successfully
iswSvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E95E8E2-B988-4750-A34C-0FAB193E3EE4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E95E8E2-B988-4750-A34C-0FAB193E3EE4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90F64814-EB07-438C-BAA3-0119183817BF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90F64814-EB07-438C-BAA3-0119183817BF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => key not found.
C:\Windows\system32\MRT.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\FlashPlayerApp.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Marty\Desktop\CurseClientSetup.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Marty\Desktop\CurseClientSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Marty\Desktop\ikickyour6.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Marty\Desktop\ManyCamWebInstaller.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Marty\Desktop\ManyCamWebInstaller.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Marty\Downloads\D2LOD_key_utilities.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Marty\Downloads\Hellfire 32&64-Bit ColorFix.zip => ":$CmdZnID" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5142341 B
Java, Flash, Steam htmlcache => 705319603 B
Windows/system/drivers => 3095 B
Edge => 0 B
Chrome => 3449856 B
Firefox => 321704270 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Marty => 123852332 B

RecycleBin => 8624333 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:00:44 ====



#4 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 18 November 2016 - 03:41 AM

Okay, seems good now. :-) thank you!

 

I have a question..

 

What is the best free antivirus, anti-malware or both in one that I should try out that is suggested?

 

I have been using the windows firewall that comes with windows 7..Is this a solid firewall for protection or is there another free one I could use?

 

 

I also would like to know what those two options would be if I pay for them?



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,278 posts

Posted 18 November 2016 - 08:21 AM

Your questions will be answered here.
 
If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 06 December 2016 - 03:20 PM

My browsers and applications hang and are slow.

 

Could you please check if there's malware or any fixes you can provide me with?

 

 

Bellow is FRST64.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by Marty (administrator) on MARTY-PC (06-12-2016 13:15:01)
Running from C:\Users\Marty\Documents\Malware removal tools
Loaded Profiles: Marty (Available Profiles: Marty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Mindzoom) C:\Program Files (x86)\Mindzoom\mindzoom.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Program Files\NoPing Elite v12\appmain.exe
() C:\Program Files\NoPing Elite v12\LoaderManager.exe
() C:\Program Files\NoPing Elite v12\WHModuleLoader64.exe
() C:\Program Files\NoPing Elite v12\ModuleLoader64.exe
() C:\Program Files\NoPing Elite v12\WHModuleLoader32.exe
(Curse, Inc) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Curse.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Coherent Labs) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Overlay\v7.1.6184.12525\Coherent2\Win32\host\CoherentUI_Host.exe
(Coherent Labs) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Overlay\v7.1.6184.12525\Coherent2\Win32\host\CoherentUI_Host.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [24576 2010-07-07] (Creative Technology Ltd)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [11103760 2016-11-01] (Visicom Media Inc.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\MountPoints2: {71ca4d3e-49f7-11e6-9229-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-12-03]
ShortcutTarget: Curse.lnk -> C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mindzoom.lnk [2016-12-02]
ShortcutTarget: mindzoom.lnk -> C:\Program Files (x86)\Mindzoom\mindzoom.exe (Mindzoom)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C9A37F5-92A4-435E-A398-A69EB7FA054E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\gaijw53w.default-1481027132496 [2016-12-06]
FF Extension: (All Aboard) - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\gaijw53w.default-1481027132496\Extensions\@all-aboard-v1-5 [2016-12-06]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
CHR Extension: (Adblock Plus) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Excel Viewer, Editor) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpdiahdjhpfaafoffpoaafcmjbcfmaj [2016-07-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-14]
CHR Extension: (GAuth Authenticator) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcnhelpchnceeipipijaljkblbcobl [2016-07-14]
CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S4 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-09-22] (Camshare Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-11-12] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1036512 2016-12-06] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [134880 2016-12-06] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [36568 2015-08-13] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [44760 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 05:14 - 2016-12-06 05:14 - 00286584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-06 05:07 - 2016-12-06 05:07 - 00063792 _____ C:\Users\Marty\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-06 04:25 - 2016-12-06 04:25 - 00000000 ____D C:\Users\Marty\Desktop\Old Firefox Data
2016-12-06 04:22 - 2016-12-06 04:22 - 45281416 _____ C:\Users\Marty\Downloads\Firefox Setup 50.0.2.exe
2016-12-06 04:22 - 2016-12-06 04:22 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-06 04:22 - 2016-12-06 04:22 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-06 04:22 - 2016-12-06 04:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-06 04:22 - 2016-12-06 04:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-04 21:35 - 2016-12-04 21:37 - 00000000 ____D C:\Users\Marty\AppData\Roaming\obs-studio
2016-12-04 21:35 - 2016-12-04 21:35 - 00001202 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\ProgramData\Intel Telemetry
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-12-03 16:54 - 2016-12-06 05:31 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-12-03 16:53 - 2016-12-06 11:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-03 16:53 - 2016-12-06 03:57 - 01036512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-12-03 16:53 - 2016-12-03 17:01 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-03 16:53 - 2016-12-03 16:53 - 00002135 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-12-03 16:53 - 2016-12-03 16:53 - 00002111 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-12-03 16:53 - 2016-12-03 16:53 - 00000000 ____D C:\Windows\ELAMBKUP
2016-12-03 16:53 - 2016-12-03 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-12-03 16:53 - 2016-09-12 23:03 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-12-03 16:53 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-12-03 16:53 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-12-03 16:48 - 2016-12-03 16:49 - 184386592 _____ (Kaspersky Lab) C:\Users\Marty\Desktop\kts17.0.0.611aben_11549.exe
2016-11-29 18:50 - 2016-12-06 12:49 - 00005234 _____ C:\Users\Marty\Documents\NoPing.xml
2016-11-29 18:50 - 2016-11-29 18:50 - 00000020 _____ C:\Users\Marty\AppData\Roaming\system.xml
2016-11-29 18:50 - 2016-11-29 18:50 - 00000000 ____D C:\Users\Marty\AppData\Roaming\security
2016-11-29 18:50 - 2016-11-29 18:50 - 00000000 ____D C:\Users\Marty\AppData\Roaming\pcf
2016-11-29 18:46 - 2016-12-06 12:45 - 00000000 ____D C:\Program Files\NoPing Elite v12
2016-11-29 18:46 - 2016-11-29 18:46 - 00001891 _____ C:\ProgramData\Microsoft\Windows\Start Menu\NoPing Elite v12.lnk
2016-11-29 18:46 - 2016-11-29 18:46 - 00001885 _____ C:\Users\Public\Desktop\NoPing Elite v12.lnk
2016-11-29 18:46 - 2016-11-29 18:46 - 00000000 ____D C:\Users\Marty\AppData\Roaming\1ncrivel Sistemas
2016-11-29 18:45 - 2016-11-29 18:45 - 09033512 _____ (1ncrivel Sistemas) C:\Users\Marty\Desktop\SetupNoPing_v12.exe
2016-11-28 22:22 - 2016-11-28 22:22 - 00001012 _____ C:\Users\Marty\Desktop\Tibia.lnk
2016-11-27 20:31 - 2016-11-27 20:31 - 00000222 _____ C:\Users\Marty\Desktop\Chivalry Medieval Warfare.url
2016-11-27 16:04 - 2016-11-27 16:06 - 00003980 _____ C:\Users\Marty\Desktop\updated 11-27-2016 keys d2.txt
2016-11-24 22:39 - 2016-11-24 22:39 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-11-23 22:32 - 2016-11-23 22:33 - 00000010 _____ C:\Users\Marty\Desktop\walkbaal-7.txt
2016-11-23 20:32 - 2016-11-27 16:08 - 00000000 ____D C:\Users\Marty\Documents\d2 stuff
2016-11-21 20:38 - 2016-11-21 20:38 - 00000000 ____D C:\Users\Marty\AppData\Local\RzStats
2016-11-21 14:20 - 2016-11-21 14:20 - 00000000 ____D C:\Users\Marty\AppData\Local\Package Cache
2016-11-21 14:20 - 2016-11-21 14:20 - 00000000 ____D C:\Users\Marty\AppData\Local\Grammarly
2016-11-18 01:34 - 2016-12-06 13:07 - 00000000 ____D C:\Users\Marty\AppData\LocalLow\Mozilla
2016-11-17 23:23 - 2016-11-17 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2016-11-16 16:11 - 2016-11-16 16:11 - 00000946 _____ C:\Users\Marty\Desktop\SALog.txt
2016-11-16 16:09 - 2016-12-06 13:15 - 00000000 ____D C:\FRST
2016-11-16 15:48 - 2016-11-16 15:48 - 00001224 _____ C:\Users\Marty\Desktop\cc_20161116_154856.reg
2016-11-16 15:47 - 2016-12-06 05:14 - 00000000 ____D C:\Users\Marty\AppData\Local\TSVNCache
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Users\Marty\Desktop\d2etal1
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Subversion
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-11-15 15:14 - 2016-11-15 15:14 - 00154650 _____ (TibiaMaps.io) C:\Users\Marty\Desktop\tibia-11-maps-installer.exe
2016-11-15 14:19 - 2016-11-15 16:03 - 00000000 ____D C:\Users\Marty\AppData\Roaming\discord
2016-11-15 14:19 - 2016-11-15 14:19 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marty\Desktop\DiscordSetup.exe
2016-11-15 14:19 - 2016-11-15 14:19 - 00002164 _____ C:\Users\Marty\Desktop\Discord.lnk
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Local\SquirrelTemp
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Local\Discord
2016-11-13 02:38 - 2013-10-31 18:38 - 00000000 ____D C:\Users\Marty\Desktop\__MACOSX
2016-11-13 02:14 - 2016-11-13 02:14 - 05509001 _____ C:\Users\Marty\Desktop\Astro-Update-MA3-v3374.exe.zip
2016-11-12 22:12 - 2016-11-12 22:12 - 00015668 _____ C:\Windows\system32\.crusader
2016-11-11 20:29 - 2016-11-11 20:29 - 00000000 ____D C:\Users\Marty\AppData\Local\Privatefirewall
2016-11-11 20:23 - 2016-11-15 15:51 - 00000028 _____ C:\Windows\ODBC.INI
2016-11-11 20:23 - 2016-11-11 20:23 - 00000000 ____D C:\ProgramData\Privacyware
2016-11-11 14:22 - 2016-11-11 14:22 - 00000000 ____D C:\ProgramData\Emsisoft
2016-11-11 14:19 - 2016-12-03 16:53 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-11 14:19 - 2016-11-11 14:19 - 228054040 _____ (Emsisoft Ltd. ) C:\Users\Marty\Desktop\EmsisoftAntiMalwareSetup.exe
2016-11-11 13:39 - 2016-11-11 13:39 - 00000000 ____D C:\Windows\system32\RAPID
2016-11-11 13:39 - 2015-09-04 12:08 - 00271968 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2016-11-11 13:37 - 2016-11-11 13:37 - 00058528 _____ C:\Users\Marty\Desktop\cc_20161111_133737.reg
2016-11-11 13:37 - 2016-11-11 13:37 - 00000784 _____ C:\Users\Marty\Desktop\cc_20161111_133750.reg
2016-11-11 03:27 - 2016-11-11 03:30 - 00000000 ____D C:\Program Files (x86)\TinyWall
2016-11-11 03:27 - 2016-11-11 03:27 - 01204224 _____ C:\Users\Marty\Desktop\TinyWallInstaller.msi
2016-11-11 03:11 - 2016-11-11 03:39 - 00000000 ____D C:\Users\Marty\Documents\bluescreenview
2016-11-07 18:01 - 2016-11-11 13:37 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Ventrilo
2016-11-07 18:01 - 2016-11-07 18:01 - 00000917 _____ C:\Users\Marty\Desktop\Ventrilo.lnk
2016-11-07 18:01 - 2016-11-07 18:01 - 00000262 _____ C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2016-11-07 18:01 - 2016-11-07 18:01 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2016-11-07 18:01 - 2016-11-07 18:01 - 00000000 ____D C:\Program Files\Ventrilo
2016-11-07 18:00 - 2016-11-07 18:00 - 04135696 _____ C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe
2016-11-07 17:33 - 2016-11-07 17:33 - 00000013 _____ C:\Users\Marty\Desktop\game name d2.txt
2016-11-06 19:15 - 2016-11-06 19:15 - 00000007 _____ C:\Users\Marty\Desktop\Matrix 1 stopped at.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 13:15 - 2016-07-21 09:26 - 00000000 ____D C:\Users\Marty\Documents\Malware removal tools
2016-12-06 13:10 - 2016-10-25 06:01 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Curse Client
2016-12-06 13:02 - 2016-08-28 18:40 - 00000000 ____D C:\Users\Marty\AppData\Local\CrashDumps
2016-12-06 13:01 - 2016-07-14 13:04 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-06 12:57 - 2016-07-14 13:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-06 12:31 - 2016-07-14 12:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-06 05:22 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-06 05:22 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-06 05:20 - 2016-07-14 17:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-06 05:20 - 2009-07-13 21:13 - 00896718 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-06 05:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-06 05:14 - 2016-07-24 15:08 - 00000000 ____D C:\Users\Marty\AppData\Local\ManyCam
2016-12-06 05:14 - 2016-07-14 12:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-06 05:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-06 05:13 - 2016-10-09 12:35 - 00062308 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-12-06 05:13 - 2016-10-09 12:35 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-12-06 05:13 - 2016-10-09 12:35 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-12-06 05:13 - 2016-10-09 12:35 - 00000820 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-12-06 05:13 - 2016-09-21 11:44 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Skype
2016-12-06 05:13 - 2016-08-08 12:58 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-12-06 04:14 - 2016-09-18 20:33 - 00000000 ____D C:\Users\Marty\AppData\Roaming\TS3Client
2016-12-06 03:57 - 2016-09-12 23:03 - 00134880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-12-06 03:57 - 2016-09-12 23:03 - 00057936 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-12-06 01:59 - 2016-07-27 15:24 - 00000000 ____D C:\Users\Marty\AppData\Local\Tibia
2016-12-04 21:51 - 2016-07-14 14:03 - 00000000 ____D C:\Users\Marty\AppData\Local\Jagex
2016-12-04 21:51 - 2016-07-14 14:03 - 00000000 ____D C:\ProgramData\Jagex
2016-12-04 21:35 - 2016-07-14 13:47 - 00000000 ____D C:\ProgramData\Intel
2016-12-04 21:35 - 2016-07-14 11:58 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-04 21:34 - 2016-10-23 12:40 - 00000000 ____D C:\Users\Marty\Documents\path of exile things
2016-12-04 21:01 - 2016-09-21 11:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-04 21:01 - 2016-07-14 17:07 - 00000000 ____D C:\ProgramData\Skype
2016-12-04 18:21 - 2016-07-14 21:49 - 00000000 ____D C:\Users\Marty\AppData\Local\Ubisoft Game Launcher
2016-12-04 08:43 - 2016-10-22 08:03 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-12-04 08:36 - 2016-10-02 16:23 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-12-04 08:36 - 2016-07-14 20:09 - 00000000 ____D C:\Users\Marty\AppData\Local\Battle.net
2016-12-04 08:34 - 2016-07-14 20:08 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-03 22:33 - 2016-07-14 13:26 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Camfrog
2016-12-03 17:15 - 2016-08-31 01:16 - 00000000 ____D C:\Windows\pss
2016-12-03 16:54 - 2016-08-12 09:53 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-03 16:49 - 2016-07-14 13:10 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-02 14:49 - 2016-07-14 20:10 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-28 22:22 - 2016-07-27 15:24 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia
2016-11-28 22:22 - 2016-07-23 22:28 - 00000000 ____D C:\Users\Marty\Documents\tibia
2016-11-27 21:01 - 2016-07-14 21:54 - 00000000 ____D C:\Users\Marty\Documents\My Games
2016-11-27 20:31 - 2016-07-14 13:11 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-26 19:23 - 2016-07-14 13:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-11-26 19:23 - 2016-07-14 13:23 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-11-24 22:38 - 2016-10-24 20:27 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-11-22 05:20 - 2016-07-14 15:12 - 00001708 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-11-17 23:23 - 2016-07-24 15:08 - 00000995 _____ C:\Users\Public\Desktop\ManyCam.lnk
2016-11-17 23:23 - 2016-07-24 15:07 - 00000000 ____D C:\Users\Marty\AppData\Roaming\ManyCam
2016-11-17 23:23 - 2016-07-24 15:07 - 00000000 ____D C:\Program Files (x86)\ManyCam
2016-11-17 10:01 - 2016-07-22 09:09 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-17 10:00 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-16 16:01 - 2016-08-21 19:33 - 00899072 _____ C:\Users\Marty\Desktop\RGSA.exe
2016-11-16 15:48 - 2016-07-25 02:14 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-15 15:46 - 2016-08-22 18:05 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-11-15 15:44 - 2016-07-14 20:10 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-11-15 15:13 - 2016-09-25 11:39 - 00000000 ____D C:\Users\Marty\AppData\Local\acquisition
2016-11-14 14:35 - 2016-07-14 12:14 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 14:35 - 2016-07-14 12:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 05:31 - 2016-11-05 22:27 - 00000013 _____ C:\Users\Marty\Desktop\game for xfer.txt
2016-11-13 02:15 - 2016-10-25 14:48 - 19525632 _____ C:\Users\Marty\Desktop\AstroCommandCenter.msi
2016-11-12 22:12 - 2016-10-24 19:12 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-12 22:10 - 2016-10-24 19:12 - 11581544 _____ (SurfRight B.V.) C:\Users\Marty\Desktop\hitmanpro_x64.exe
2016-11-12 01:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-11 13:39 - 2016-07-14 12:27 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-11-11 03:44 - 2016-10-24 21:30 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-11 03:44 - 2016-10-24 21:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-11 03:39 - 2016-10-24 21:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-11-11 03:39 - 2016-10-09 07:40 - 00000000 ____D C:\Users\Marty\AppData\Local\LogMeIn Hamachi
2016-11-11 03:39 - 2016-07-14 20:08 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Battle.net
2016-11-11 03:39 - 2016-07-14 11:27 - 00000000 ____D C:\Users\Marty
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-11 03:30 - 2016-10-24 21:21 - 00002628 _____ C:\Windows\system32\InstallUtil.InstallLog
2016-11-11 03:10 - 2016-07-18 20:29 - 00000000 ____D C:\Windows\system32\appmgmt
2016-11-09 22:01 - 2016-07-15 15:47 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 21:59 - 2016-07-15 15:47 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 22:57 - 2016-10-22 08:11 - 00001306 _____ C:\Users\Public\Desktop\Window Mode D2 LOD.lnk
2016-11-08 15:57 - 2016-07-14 13:10 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 15:57 - 2016-07-14 13:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 15:57 - 2016-07-14 13:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-08 15:57 - 2016-07-14 13:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 15:57 - 2016-07-14 13:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 15:57 - 2016-07-14 13:10 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-06 20:51 - 2016-10-29 21:08 - 00000057 _____ C:\Users\Marty\Desktop\channel f or baal runs bot.txt

==================== Files in the root of some directories =======

2016-11-29 18:50 - 2016-11-29 18:50 - 0000020 _____ () C:\Users\Marty\AppData\Roaming\system.xml
2016-07-21 20:08 - 2016-07-22 09:37 - 0000600 _____ () C:\Users\Marty\AppData\Local\PUTTY.RND
2016-07-14 13:48 - 2016-07-14 13:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 00:03

==================== End of FRST.txt ============================

 

 

 

Below is Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by Marty (06-12-2016 13:15:14)
Running from C:\Users\Marty\Documents\Malware removal tools
Windows 7 Ultimate Service Pack 1 (X64) (2016-07-14 19:27:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2836415364-1053990731-2268990577-500 - Administrator - Disabled)
Guest (S-1-5-21-2836415364-1053990731-2268990577-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2836415364-1053990731-2268990577-1002 - Limited - Enabled)
Marty (S-1-5-21-2836415364-1053990731-2268990577-1000 - Administrator - Enabled) => C:\Users\Marty

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acquisition version 0.5g (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.5g - )
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.566 - Camshare, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Dasher (HKLM-x32\...\Dasher) (Version:  - Internet Chess Club)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version:  - Creative Technology Limited)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dying Light (HKLM\...\Steam App 239140) (Version:  - Techland)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Far Cry Primal (HKLM\...\Steam App 371660) (Version:  - Ubisoft)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.57 - Grammarly) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kali II (HKLM-x32\...\Kali II) (Version:  - )
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.5.0 (HKLM-x32\...\ManyCam) (Version: 5.5.0 - Visicom Media Inc.)
Marvel Heroes 2016 (HKLM\...\Steam App 226320) (Version:  - Gazillion Entertainment)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MindZoom 2.2.0 Plus (HKLM-x32\...\MindZoom_is1) (Version:  - mindzoom.net)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2 - Mozilla)
NoPing Elite v12 (HKLM\...\{A055C9E5-6AB5-4A7C-8035-828B6B58DE02}) (Version: 12.0.0.1 - 1ncrivel Sistemas)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
PlayChess  (HKLM\...\PlayChess) (Version:  - ChessBase GmbH)
RAPID Mode (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Controller Database Client (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\143ba96d0d39f1c2) (Version: 1.0.0.10 - Flaming Zonkey)
Street Fighter V (HKLM\...\Steam App 310950) (Version:  - Capcom)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Hell (HKLM-x32\...\TheHell) (Version: 1.205a - Mordor & TH Team)
Tibia (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Tibia) (Version:  - CipSoft GmbH)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wander (HKLM\...\Steam App 293280) (Version:  - Wander MMO)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Marty\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.57\BCD32C3B4FD945EE9439C09346A444AE\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> c:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000_Classes\CLSID\{e3765c78-10d8-475e-bd21-3633526f98d2}\InprocServer32 -> c:\windows\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04999245-04AC-47DB-84DA-80393FCD2BC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {19D66E5B-29D7-4A15-80D5-8EB83AA2826D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {3D8F6540-8177-4110-85F3-FE0CE056EE9C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {50F401A7-B875-49BE-ACD3-4F346A4EA71B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {6D8F8B7F-4E70-469A-A350-36A81DBC3B69} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {71340D4D-35E3-448B-B396-5E9EAD54D629} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.)
Task: {CDB1433F-5156-4BF5-85F2-79664DCDCEA2} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {CF2D1463-2139-4258-8F19-22CEB54E60B0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-24] (AVAST Software)
Task: {CFFE8AED-E4BE-418D-909C-E895017F9B78} - System32\Tasks\{658D4217-A2C9-47CA-A6CA-91B0BB225D9B} => pcalua.exe -a "C:\Users\Marty\Desktop\Display Driver Uninstaller.exe" -d C:\Users\Marty\Desktop
Task: {FC40276F-D1FA-4A57-954E-363D40CA1426} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Marty\Desktop\The Hell Bat.lnk -> C:\Users\Marty\Documents\the hell mod\hellfire.bat ()

ShortcutWithArgument: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2016-09-28 04:33 - 2016-09-16 14:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-24 14:20 - 2016-09-24 14:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00308112 _____ () C:\Program Files\NoPing Elite v12\iLdr64.dll
2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-08-19 00:12 - 2016-08-19 00:12 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 03041168 _____ () C:\Program Files\NoPing Elite v12\appmain.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00485264 _____ () C:\Program Files\NoPing Elite v12\LoaderManager.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00477696 _____ () C:\Program Files\NoPing Elite v12\WHModuleLoader64.exe
2016-11-29 18:49 - 2016-11-29 18:49 - 00828304 _____ () C:\Program Files\NoPing Elite v12\ModuleLoader64.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00368528 _____ () C:\Program Files\NoPing Elite v12\WHModuleLoader32.exe
2016-07-23 16:07 - 2016-12-02 20:00 - 13372200 _____ () C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2014-10-01 01:23 - 2014-10-01 01:23 - 02140672 _____ () C:\Program Files (x86)\ManyCam\opencv_core2410.dll
2014-10-01 01:24 - 2014-10-01 01:24 - 01891840 _____ () C:\Program Files (x86)\ManyCam\opencv_imgproc2410.dll
2014-10-01 01:25 - 2014-10-01 01:25 - 00654848 _____ () C:\Program Files (x86)\ManyCam\opencv_objdetect2410.dll
2014-10-01 01:24 - 2014-10-01 01:24 - 02147840 _____ () C:\Program Files (x86)\ManyCam\opencv_highgui2410.dll
2014-10-01 01:24 - 2014-10-01 01:24 - 00360960 _____ () C:\Program Files (x86)\ManyCam\opencv_video2410.dll
2016-08-11 02:39 - 2016-08-11 02:39 - 06484480 _____ () C:\Program Files (x86)\ManyCam\p2p.dll
2016-08-11 17:02 - 2004-06-12 14:55 - 00274432 _____ () C:\Program Files (x86)\Mindzoom\lame_enc.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00252304 _____ () C:\Program Files\NoPing Elite v12\iLdr32.dll
2016-07-27 18:55 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-07-27 18:55 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-08-29 00:09 - 2016-08-29 00:09 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 50656768 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-07-07 19:33 - 2010-07-07 19:33 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 50656768 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 01874944 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 00075264 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-10-24 20:29 - 2016-09-0


#7 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 07 December 2016 - 12:23 AM

Could you please check if there's malware or any fixes you can provide me with?

 

 

Bellow is FRST64.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by Marty (administrator) on MARTY-PC (06-12-2016 13:15:01)
Running from C:\Users\Marty\Documents\Malware removal tools
Loaded Profiles: Marty (Available Profiles: Marty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Mindzoom) C:\Program Files (x86)\Mindzoom\mindzoom.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Program Files\NoPing Elite v12\appmain.exe
() C:\Program Files\NoPing Elite v12\LoaderManager.exe
() C:\Program Files\NoPing Elite v12\WHModuleLoader64.exe
() C:\Program Files\NoPing Elite v12\ModuleLoader64.exe
() C:\Program Files\NoPing Elite v12\WHModuleLoader32.exe
(Curse, Inc) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Curse.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Coherent Labs) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Overlay\v7.1.6184.12525\Coherent2\Win32\host\CoherentUI_Host.exe
(Coherent Labs) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Overlay\v7.1.6184.12525\Coherent2\Win32\host\CoherentUI_Host.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Curse, Inc.) C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [24576 2010-07-07] (Creative Technology Ltd)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [11103760 2016-11-01] (Visicom Media Inc.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\MountPoints2: {71ca4d3e-49f7-11e6-9229-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-12-03]
ShortcutTarget: Curse.lnk -> C:\Users\Marty\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mindzoom.lnk [2016-12-02]
ShortcutTarget: mindzoom.lnk -> C:\Program Files (x86)\Mindzoom\mindzoom.exe (Mindzoom)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C9A37F5-92A4-435E-A398-A69EB7FA054E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\gaijw53w.default-1481027132496 [2016-12-06]
FF Extension: (All Aboard) - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\gaijw53w.default-1481027132496\Extensions\@all-aboard-v1-5 [2016-12-06]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
CHR Extension: (Adblock Plus) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Excel Viewer, Editor) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpdiahdjhpfaafoffpoaafcmjbcfmaj [2016-07-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-14]
CHR Extension: (GAuth Authenticator) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcnhelpchnceeipipijaljkblbcobl [2016-07-14]
CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S4 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-09-22] (Camshare Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-11-12] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1036512 2016-12-06] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [134880 2016-12-06] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [36568 2015-08-13] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [44760 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 05:14 - 2016-12-06 05:14 - 00286584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-06 05:07 - 2016-12-06 05:07 - 00063792 _____ C:\Users\Marty\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-06 04:25 - 2016-12-06 04:25 - 00000000 ____D C:\Users\Marty\Desktop\Old Firefox Data
2016-12-06 04:22 - 2016-12-06 04:22 - 45281416 _____ C:\Users\Marty\Downloads\Firefox Setup 50.0.2.exe
2016-12-06 04:22 - 2016-12-06 04:22 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-06 04:22 - 2016-12-06 04:22 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-06 04:22 - 2016-12-06 04:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-06 04:22 - 2016-12-06 04:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-04 21:35 - 2016-12-04 21:37 - 00000000 ____D C:\Users\Marty\AppData\Roaming\obs-studio
2016-12-04 21:35 - 2016-12-04 21:35 - 00001202 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\ProgramData\Intel Telemetry
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-12-04 21:35 - 2016-12-04 21:35 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-12-03 16:54 - 2016-12-06 05:31 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-12-03 16:53 - 2016-12-06 11:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-03 16:53 - 2016-12-06 03:57 - 01036512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-12-03 16:53 - 2016-12-03 17:01 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-03 16:53 - 2016-12-03 16:53 - 00002135 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-12-03 16:53 - 2016-12-03 16:53 - 00002111 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-12-03 16:53 - 2016-12-03 16:53 - 00000000 ____D C:\Windows\ELAMBKUP
2016-12-03 16:53 - 2016-12-03 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-12-03 16:53 - 2016-09-12 23:03 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-12-03 16:53 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-12-03 16:53 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-12-03 16:48 - 2016-12-03 16:49 - 184386592 _____ (Kaspersky Lab) C:\Users\Marty\Desktop\kts17.0.0.611aben_11549.exe
2016-11-29 18:50 - 2016-12-06 12:49 - 00005234 _____ C:\Users\Marty\Documents\NoPing.xml
2016-11-29 18:50 - 2016-11-29 18:50 - 00000020 _____ C:\Users\Marty\AppData\Roaming\system.xml
2016-11-29 18:50 - 2016-11-29 18:50 - 00000000 ____D C:\Users\Marty\AppData\Roaming\security
2016-11-29 18:50 - 2016-11-29 18:50 - 00000000 ____D C:\Users\Marty\AppData\Roaming\pcf
2016-11-29 18:46 - 2016-12-06 12:45 - 00000000 ____D C:\Program Files\NoPing Elite v12
2016-11-29 18:46 - 2016-11-29 18:46 - 00001891 _____ C:\ProgramData\Microsoft\Windows\Start Menu\NoPing Elite v12.lnk
2016-11-29 18:46 - 2016-11-29 18:46 - 00001885 _____ C:\Users\Public\Desktop\NoPing Elite v12.lnk
2016-11-29 18:46 - 2016-11-29 18:46 - 00000000 ____D C:\Users\Marty\AppData\Roaming\1ncrivel Sistemas
2016-11-29 18:45 - 2016-11-29 18:45 - 09033512 _____ (1ncrivel Sistemas) C:\Users\Marty\Desktop\SetupNoPing_v12.exe
2016-11-28 22:22 - 2016-11-28 22:22 - 00001012 _____ C:\Users\Marty\Desktop\Tibia.lnk
2016-11-27 20:31 - 2016-11-27 20:31 - 00000222 _____ C:\Users\Marty\Desktop\Chivalry Medieval Warfare.url
2016-11-27 16:04 - 2016-11-27 16:06 - 00003980 _____ C:\Users\Marty\Desktop\updated 11-27-2016 keys d2.txt
2016-11-24 22:39 - 2016-11-24 22:39 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-11-23 22:32 - 2016-11-23 22:33 - 00000010 _____ C:\Users\Marty\Desktop\walkbaal-7.txt
2016-11-23 20:32 - 2016-11-27 16:08 - 00000000 ____D C:\Users\Marty\Documents\d2 stuff
2016-11-21 20:38 - 2016-11-21 20:38 - 00000000 ____D C:\Users\Marty\AppData\Local\RzStats
2016-11-21 14:20 - 2016-11-21 14:20 - 00000000 ____D C:\Users\Marty\AppData\Local\Package Cache
2016-11-21 14:20 - 2016-11-21 14:20 - 00000000 ____D C:\Users\Marty\AppData\Local\Grammarly
2016-11-18 01:34 - 2016-12-06 13:07 - 00000000 ____D C:\Users\Marty\AppData\LocalLow\Mozilla
2016-11-17 23:23 - 2016-11-17 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2016-11-16 16:11 - 2016-11-16 16:11 - 00000946 _____ C:\Users\Marty\Desktop\SALog.txt
2016-11-16 16:09 - 2016-12-06 13:15 - 00000000 ____D C:\FRST
2016-11-16 15:48 - 2016-11-16 15:48 - 00001224 _____ C:\Users\Marty\Desktop\cc_20161116_154856.reg
2016-11-16 15:47 - 2016-12-06 05:14 - 00000000 ____D C:\Users\Marty\AppData\Local\TSVNCache
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Users\Marty\Desktop\d2etal1
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Subversion
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-11-15 23:42 - 2016-11-15 23:42 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-11-15 15:14 - 2016-11-15 15:14 - 00154650 _____ (TibiaMaps.io) C:\Users\Marty\Desktop\tibia-11-maps-installer.exe
2016-11-15 14:19 - 2016-11-15 16:03 - 00000000 ____D C:\Users\Marty\AppData\Roaming\discord
2016-11-15 14:19 - 2016-11-15 14:19 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marty\Desktop\DiscordSetup.exe
2016-11-15 14:19 - 2016-11-15 14:19 - 00002164 _____ C:\Users\Marty\Desktop\Discord.lnk
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Local\SquirrelTemp
2016-11-15 14:19 - 2016-11-15 14:19 - 00000000 ____D C:\Users\Marty\AppData\Local\Discord
2016-11-13 02:38 - 2013-10-31 18:38 - 00000000 ____D C:\Users\Marty\Desktop\__MACOSX
2016-11-13 02:14 - 2016-11-13 02:14 - 05509001 _____ C:\Users\Marty\Desktop\Astro-Update-MA3-v3374.exe.zip
2016-11-12 22:12 - 2016-11-12 22:12 - 00015668 _____ C:\Windows\system32\.crusader
2016-11-11 20:29 - 2016-11-11 20:29 - 00000000 ____D C:\Users\Marty\AppData\Local\Privatefirewall
2016-11-11 20:23 - 2016-11-15 15:51 - 00000028 _____ C:\Windows\ODBC.INI
2016-11-11 20:23 - 2016-11-11 20:23 - 00000000 ____D C:\ProgramData\Privacyware
2016-11-11 14:22 - 2016-11-11 14:22 - 00000000 ____D C:\ProgramData\Emsisoft
2016-11-11 14:19 - 2016-12-03 16:53 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-11 14:19 - 2016-11-11 14:19 - 228054040 _____ (Emsisoft Ltd. ) C:\Users\Marty\Desktop\EmsisoftAntiMalwareSetup.exe
2016-11-11 13:39 - 2016-11-11 13:39 - 00000000 ____D C:\Windows\system32\RAPID
2016-11-11 13:39 - 2015-09-04 12:08 - 00271968 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2016-11-11 13:37 - 2016-11-11 13:37 - 00058528 _____ C:\Users\Marty\Desktop\cc_20161111_133737.reg
2016-11-11 13:37 - 2016-11-11 13:37 - 00000784 _____ C:\Users\Marty\Desktop\cc_20161111_133750.reg
2016-11-11 03:27 - 2016-11-11 03:30 - 00000000 ____D C:\Program Files (x86)\TinyWall
2016-11-11 03:27 - 2016-11-11 03:27 - 01204224 _____ C:\Users\Marty\Desktop\TinyWallInstaller.msi
2016-11-11 03:11 - 2016-11-11 03:39 - 00000000 ____D C:\Users\Marty\Documents\bluescreenview
2016-11-07 18:01 - 2016-11-11 13:37 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Ventrilo
2016-11-07 18:01 - 2016-11-07 18:01 - 00000917 _____ C:\Users\Marty\Desktop\Ventrilo.lnk
2016-11-07 18:01 - 2016-11-07 18:01 - 00000262 _____ C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2016-11-07 18:01 - 2016-11-07 18:01 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2016-11-07 18:01 - 2016-11-07 18:01 - 00000000 ____D C:\Program Files\Ventrilo
2016-11-07 18:00 - 2016-11-07 18:00 - 04135696 _____ C:\Users\Marty\Desktop\ventrilo-3.0.8-Windows-x64.exe
2016-11-07 17:33 - 2016-11-07 17:33 - 00000013 _____ C:\Users\Marty\Desktop\game name d2.txt
2016-11-06 19:15 - 2016-11-06 19:15 - 00000007 _____ C:\Users\Marty\Desktop\Matrix 1 stopped at.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 13:15 - 2016-07-21 09:26 - 00000000 ____D C:\Users\Marty\Documents\Malware removal tools
2016-12-06 13:10 - 2016-10-25 06:01 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Curse Client
2016-12-06 13:02 - 2016-08-28 18:40 - 00000000 ____D C:\Users\Marty\AppData\Local\CrashDumps
2016-12-06 13:01 - 2016-07-14 13:04 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-06 12:57 - 2016-07-14 13:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-06 12:31 - 2016-07-14 12:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-06 05:22 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-06 05:22 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-06 05:20 - 2016-07-14 17:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-06 05:20 - 2009-07-13 21:13 - 00896718 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-06 05:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-06 05:14 - 2016-07-24 15:08 - 00000000 ____D C:\Users\Marty\AppData\Local\ManyCam
2016-12-06 05:14 - 2016-07-14 12:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-06 05:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-06 05:13 - 2016-10-09 12:35 - 00062308 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-12-06 05:13 - 2016-10-09 12:35 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-12-06 05:13 - 2016-10-09 12:35 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-12-06 05:13 - 2016-10-09 12:35 - 00000820 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-12-06 05:13 - 2016-09-21 11:44 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Skype
2016-12-06 05:13 - 2016-08-08 12:58 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
2016-12-06 04:14 - 2016-09-18 20:33 - 00000000 ____D C:\Users\Marty\AppData\Roaming\TS3Client
2016-12-06 03:57 - 2016-09-12 23:03 - 00134880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-12-06 03:57 - 2016-09-12 23:03 - 00057936 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-12-06 01:59 - 2016-07-27 15:24 - 00000000 ____D C:\Users\Marty\AppData\Local\Tibia
2016-12-04 21:51 - 2016-07-14 14:03 - 00000000 ____D C:\Users\Marty\AppData\Local\Jagex
2016-12-04 21:51 - 2016-07-14 14:03 - 00000000 ____D C:\ProgramData\Jagex
2016-12-04 21:35 - 2016-07-14 13:47 - 00000000 ____D C:\ProgramData\Intel
2016-12-04 21:35 - 2016-07-14 11:58 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-04 21:34 - 2016-10-23 12:40 - 00000000 ____D C:\Users\Marty\Documents\path of exile things
2016-12-04 21:01 - 2016-09-21 11:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-04 21:01 - 2016-07-14 17:07 - 00000000 ____D C:\ProgramData\Skype
2016-12-04 18:21 - 2016-07-14 21:49 - 00000000 ____D C:\Users\Marty\AppData\Local\Ubisoft Game Launcher
2016-12-04 08:43 - 2016-10-22 08:03 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-12-04 08:36 - 2016-10-02 16:23 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-12-04 08:36 - 2016-07-14 20:09 - 00000000 ____D C:\Users\Marty\AppData\Local\Battle.net
2016-12-04 08:34 - 2016-07-14 20:08 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-03 22:33 - 2016-07-14 13:26 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Camfrog
2016-12-03 17:15 - 2016-08-31 01:16 - 00000000 ____D C:\Windows\pss
2016-12-03 16:54 - 2016-08-12 09:53 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-03 16:49 - 2016-07-14 13:10 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-02 14:49 - 2016-07-14 20:10 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-28 22:22 - 2016-07-27 15:24 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia
2016-11-28 22:22 - 2016-07-23 22:28 - 00000000 ____D C:\Users\Marty\Documents\tibia
2016-11-27 21:01 - 2016-07-14 21:54 - 00000000 ____D C:\Users\Marty\Documents\My Games
2016-11-27 20:31 - 2016-07-14 13:11 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-26 19:23 - 2016-07-14 13:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-11-26 19:23 - 2016-07-14 13:23 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-11-24 22:38 - 2016-10-24 20:27 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-11-22 05:20 - 2016-07-14 15:12 - 00001708 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-11-17 23:23 - 2016-07-24 15:08 - 00000995 _____ C:\Users\Public\Desktop\ManyCam.lnk
2016-11-17 23:23 - 2016-07-24 15:07 - 00000000 ____D C:\Users\Marty\AppData\Roaming\ManyCam
2016-11-17 23:23 - 2016-07-24 15:07 - 00000000 ____D C:\Program Files (x86)\ManyCam
2016-11-17 10:01 - 2016-07-22 09:09 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-17 10:00 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-16 16:01 - 2016-08-21 19:33 - 00899072 _____ C:\Users\Marty\Desktop\RGSA.exe
2016-11-16 15:48 - 2016-07-25 02:14 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-15 15:46 - 2016-08-22 18:05 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-11-15 15:44 - 2016-07-14 20:10 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-11-15 15:13 - 2016-09-25 11:39 - 00000000 ____D C:\Users\Marty\AppData\Local\acquisition
2016-11-14 14:35 - 2016-07-14 12:14 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 14:35 - 2016-07-14 12:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 05:31 - 2016-11-05 22:27 - 00000013 _____ C:\Users\Marty\Desktop\game for xfer.txt
2016-11-13 02:15 - 2016-10-25 14:48 - 19525632 _____ C:\Users\Marty\Desktop\AstroCommandCenter.msi
2016-11-12 22:12 - 2016-10-24 19:12 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-12 22:10 - 2016-10-24 19:12 - 11581544 _____ (SurfRight B.V.) C:\Users\Marty\Desktop\hitmanpro_x64.exe
2016-11-12 01:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-11 13:39 - 2016-07-14 12:27 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-11-11 03:44 - 2016-10-24 21:30 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-11 03:44 - 2016-10-24 21:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-11 03:39 - 2016-10-24 21:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-11-11 03:39 - 2016-10-09 07:40 - 00000000 ____D C:\Users\Marty\AppData\Local\LogMeIn Hamachi
2016-11-11 03:39 - 2016-07-14 20:08 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Battle.net
2016-11-11 03:39 - 2016-07-14 11:27 - 00000000 ____D C:\Users\Marty
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-11-11 03:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-11 03:30 - 2016-10-24 21:21 - 00002628 _____ C:\Windows\system32\InstallUtil.InstallLog
2016-11-11 03:10 - 2016-07-18 20:29 - 00000000 ____D C:\Windows\system32\appmgmt
2016-11-09 22:01 - 2016-07-15 15:47 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 21:59 - 2016-07-15 15:47 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 22:57 - 2016-10-22 08:11 - 00001306 _____ C:\Users\Public\Desktop\Window Mode D2 LOD.lnk
2016-11-08 15:57 - 2016-07-14 13:10 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 15:57 - 2016-07-14 13:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 15:57 - 2016-07-14 13:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-08 15:57 - 2016-07-14 13:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 15:57 - 2016-07-14 13:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 15:57 - 2016-07-14 13:10 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-06 20:51 - 2016-10-29 21:08 - 00000057 _____ C:\Users\Marty\Desktop\channel f or baal runs bot.txt

==================== Files in the root of some directories =======

2016-11-29 18:50 - 2016-11-29 18:50 - 0000020 _____ () C:\Users\Marty\AppData\Roaming\system.xml
2016-07-21 20:08 - 2016-07-22 09:37 - 0000600 _____ () C:\Users\Marty\AppData\Local\PUTTY.RND
2016-07-14 13:48 - 2016-07-14 13:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 00:03

==================== End of FRST.txt ============================

 

Below is Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by Marty (06-12-2016 13:15:14)
Running from C:\Users\Marty\Documents\Malware removal tools
Windows 7 Ultimate Service Pack 1 (X64) (2016-07-14 19:27:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2836415364-1053990731-2268990577-500 - Administrator - Disabled)
Guest (S-1-5-21-2836415364-1053990731-2268990577-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2836415364-1053990731-2268990577-1002 - Limited - Enabled)
Marty (S-1-5-21-2836415364-1053990731-2268990577-1000 - Administrator - Enabled) => C:\Users\Marty

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acquisition version 0.5g (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.5g - )
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.566 - Camshare, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Dasher (HKLM-x32\...\Dasher) (Version:  - Internet Chess Club)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version:  - Creative Technology Limited)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dying Light (HKLM\...\Steam App 239140) (Version:  - Techland)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Far Cry Primal (HKLM\...\Steam App 371660) (Version:  - Ubisoft)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.57 - Grammarly) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kali II (HKLM-x32\...\Kali II) (Version:  - )
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.5.0 (HKLM-x32\...\ManyCam) (Version: 5.5.0 - Visicom Media Inc.)
Marvel Heroes 2016 (HKLM\...\Steam App 226320) (Version:  - Gazillion Entertainment)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MindZoom 2.2.0 Plus (HKLM-x32\...\MindZoom_is1) (Version:  - mindzoom.net)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2 - Mozilla)
NoPing Elite v12 (HKLM\...\{A055C9E5-6AB5-4A7C-8035-828B6B58DE02}) (Version: 12.0.0.1 - 1ncrivel Sistemas)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
PlayChess  (HKLM\...\PlayChess) (Version:  - ChessBase GmbH)
RAPID Mode (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Controller Database Client (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\143ba96d0d39f1c2) (Version: 1.0.0.10 - Flaming Zonkey)
Street Fighter V (HKLM\...\Steam App 310950) (Version:  - Capcom)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Hell (HKLM-x32\...\TheHell) (Version: 1.205a - Mordor & TH Team)
Tibia (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Tibia) (Version:  - CipSoft GmbH)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wander (HKLM\...\Steam App 293280) (Version:  - Wander MMO)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Marty\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.57\BCD32C3B4FD945EE9439C09346A444AE\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> c:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000_Classes\CLSID\{e3765c78-10d8-475e-bd21-3633526f98d2}\InprocServer32 -> c:\windows\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04999245-04AC-47DB-84DA-80393FCD2BC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {19D66E5B-29D7-4A15-80D5-8EB83AA2826D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {3D8F6540-8177-4110-85F3-FE0CE056EE9C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {50F401A7-B875-49BE-ACD3-4F346A4EA71B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {6D8F8B7F-4E70-469A-A350-36A81DBC3B69} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {71340D4D-35E3-448B-B396-5E9EAD54D629} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.)
Task: {CDB1433F-5156-4BF5-85F2-79664DCDCEA2} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {CF2D1463-2139-4258-8F19-22CEB54E60B0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-24] (AVAST Software)
Task: {CFFE8AED-E4BE-418D-909C-E895017F9B78} - System32\Tasks\{658D4217-A2C9-47CA-A6CA-91B0BB225D9B} => pcalua.exe -a "C:\Users\Marty\Desktop\Display Driver Uninstaller.exe" -d C:\Users\Marty\Desktop
Task: {FC40276F-D1FA-4A57-954E-363D40CA1426} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Marty\Desktop\The Hell Bat.lnk -> C:\Users\Marty\Documents\the hell mod\hellfire.bat ()

ShortcutWithArgument: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2016-09-28 04:33 - 2016-09-16 14:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-24 14:20 - 2016-09-24 14:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00308112 _____ () C:\Program Files\NoPing Elite v12\iLdr64.dll
2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-08-19 00:12 - 2016-08-19 00:12 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 03041168 _____ () C:\Program Files\NoPing Elite v12\appmain.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00485264 _____ () C:\Program Files\NoPing Elite v12\LoaderManager.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00477696 _____ () C:\Program Files\NoPing Elite v12\WHModuleLoader64.exe
2016-11-29 18:49 - 2016-11-29 18:49 - 00828304 _____ () C:\Program Files\NoPing Elite v12\ModuleLoader64.exe
2016-11-29 18:50 - 2016-11-29 18:50 - 00368528 _____ () C:\Program Files\NoPing Elite v12\WHModuleLoader32.exe
2016-07-23 16:07 - 2016-12-02 20:00 - 13372200 _____ () C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2014-10-01 01:23 - 2014-10-01 01:23 - 02140672 _____ () C:\Program Files (x86)\ManyCam\opencv_core2410.dll
2014-10-01 01:24 - 2014-10-01 01:24 - 01891840 _____ () C:\Program Files (x86)\ManyCam\opencv_imgproc2410.dll
2014-10-01 01:25 - 2014-10-01 01:25 - 00654848 _____ () C:\Program Files (x86)\ManyCam\opencv_objdetect2410.dll
2014-10-01 01:24 - 2014-10-01 01:24 - 02147840 _____ () C:\Program Files (x86)\ManyCam\opencv_highgui2410.dll
2014-10-01 01:24 - 2014-10-01 01:24 - 00360960 _____ () C:\Program Files (x86)\ManyCam\opencv_video2410.dll
2016-08-11 02:39 - 2016-08-11 02:39 - 06484480 _____ () C:\Program Files (x86)\ManyCam\p2p.dll
2016-08-11 17:02 - 2004-06-12 14:55 - 00274432 _____ () C:\Program Files (x86)\Mindzoom\lame_enc.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00252304 _____ () C:\Program Files\NoPing Elite v12\iLdr32.dll
2016-07-27 18:55 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-07-27 18:55 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-08-29 00:09 - 2016-08-29 00:09 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 50656768 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-07-07 19:33 - 2010-07-07 19:33 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 50656768 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 01874944 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 00075264 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-10-24 20:29 - 2016-09-07 12:42 - 01874944 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzS

Edited by psychicguy, 07 December 2016 - 12:25 AM.


#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,278 posts

Posted 07 December 2016 - 06:42 AM

Nothing suspicious was found in your logs.

 

Check the integrity of the operating system files.
How to run sfc /Scannow
 
When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process
 
Post the contents of the  sfcdetails.txt file for my review.
 
Let me know if the problem persists.
<<<>>>

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 07 December 2016 - 04:46 PM

2016-12-07 14:31:43, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:43, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:44, Info                  CSI    0000000c [SR] Verify complete
2016-12-07 14:31:44, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:44, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:44, Info                  CSI    00000010 [SR] Verify complete
2016-12-07 14:31:44, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:44, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:44, Info                  CSI    00000014 [SR] Verify complete
2016-12-07 14:31:44, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:44, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:45, Info                  CSI    00000018 [SR] Verify complete
2016-12-07 14:31:45, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:45, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:45, Info                  CSI    0000001c [SR] Verify complete
2016-12-07 14:31:45, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:45, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:45, Info                  CSI    00000020 [SR] Verify complete
2016-12-07 14:31:45, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:45, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:46, Info                  CSI    00000024 [SR] Verify complete
2016-12-07 14:31:46, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:46, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:46, Info                  CSI    00000028 [SR] Verify complete
2016-12-07 14:31:46, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:46, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:46, Info                  CSI    0000002c [SR] Verify complete
2016-12-07 14:31:47, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:47, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:47, Info                  CSI    00000030 [SR] Verify complete
2016-12-07 14:31:47, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:47, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:47, Info                  CSI    00000034 [SR] Verify complete
2016-12-07 14:31:47, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:47, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:48, Info                  CSI    00000038 [SR] Verify complete
2016-12-07 14:31:48, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:48, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:48, Info                  CSI    0000003c [SR] Verify complete
2016-12-07 14:31:48, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:48, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:49, Info                  CSI    00000040 [SR] Verify complete
2016-12-07 14:31:49, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:49, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:50, Info                  CSI    00000044 [SR] Verify complete
2016-12-07 14:31:50, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:50, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:50, Info                  CSI    00000048 [SR] Verify complete
2016-12-07 14:31:50, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:50, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:51, Info                  CSI    0000004c [SR] Verify complete
2016-12-07 14:31:51, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:51, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:52, Info                  CSI    00000050 [SR] Verify complete
2016-12-07 14:31:52, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:52, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:52, Info                  CSI    00000054 [SR] Verify complete
2016-12-07 14:31:52, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:52, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:52, Info                  CSI    00000058 [SR] Verify complete
2016-12-07 14:31:52, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:52, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:53, Info                  CSI    0000005c [SR] Verify complete
2016-12-07 14:31:53, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:53, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:54, Info                  CSI    00000060 [SR] Verify complete
2016-12-07 14:31:55, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:55, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:55, Info                  CSI    00000064 [SR] Verify complete
2016-12-07 14:31:55, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:55, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:56, Info                  CSI    00000068 [SR] Verify complete
2016-12-07 14:31:56, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:56, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2016-12-07 14:31:58, Info                  CSI    0000006e [SR] Verify complete
2016-12-07 14:31:58, Info                  CSI    0000006f [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:31:58, Info                  CSI    00000070 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:00, Info                  CSI    00000074 [SR] Verify complete
2016-12-07 14:32:00, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:00, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:01, Info                  CSI    00000079 [SR] Verify complete
2016-12-07 14:32:01, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:01, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:03, Info                  CSI    0000007e [SR] Verify complete
2016-12-07 14:32:03, Info                  CSI    0000007f [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:03, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:04, Info                  CSI    00000082 [SR] Verify complete
2016-12-07 14:32:05, Info                  CSI    00000083 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:05, Info                  CSI    00000084 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:07, Info                  CSI    000000a6 [SR] Verify complete
2016-12-07 14:32:07, Info                  CSI    000000a7 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:07, Info                  CSI    000000a8 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:08, Info                  CSI    000000ad [SR] Verify complete
2016-12-07 14:32:08, Info                  CSI    000000ae [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:08, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:10, Info                  CSI    000000b1 [SR] Verify complete
2016-12-07 14:32:10, Info                  CSI    000000b2 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:10, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:11, Info                  CSI    000000b5 [SR] Verify complete
2016-12-07 14:32:11, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:11, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:13, Info                  CSI    000000b9 [SR] Verify complete
2016-12-07 14:32:13, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:13, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:14, Info                  CSI    000000bd [SR] Verify complete
2016-12-07 14:32:14, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:14, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:16, Info                  CSI    000000c1 [SR] Verify complete
2016-12-07 14:32:16, Info                  CSI    000000c2 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:16, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:19, Info                  CSI    000000e6 [SR] Verify complete
2016-12-07 14:32:19, Info                  CSI    000000e7 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:19, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:21, Info                  CSI    000000ea [SR] Verify complete
2016-12-07 14:32:21, Info                  CSI    000000eb [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:21, Info                  CSI    000000ec [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:25, Info                  CSI    000000ee [SR] Verify complete
2016-12-07 14:32:25, Info                  CSI    000000ef [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:25, Info                  CSI    000000f0 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:27, Info                  CSI    000000f4 [SR] Verify complete
2016-12-07 14:32:27, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:27, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:28, Info                  CSI    000000f8 [SR] Verify complete
2016-12-07 14:32:28, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:28, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:29, Info                  CSI    000000fc [SR] Verify complete
2016-12-07 14:32:29, Info                  CSI    000000fd [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:29, Info                  CSI    000000fe [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:30, Info                  CSI    00000100 [SR] Verify complete
2016-12-07 14:32:30, Info                  CSI    00000101 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:30, Info                  CSI    00000102 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:33, Info                  CSI    00000115 [SR] Verify complete
2016-12-07 14:32:33, Info                  CSI    00000116 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:33, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:34, Info                  CSI    00000119 [SR] Verify complete
2016-12-07 14:32:34, Info                  CSI    0000011a [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:34, Info                  CSI    0000011b [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:35, Info                  CSI    0000011d [SR] Verify complete
2016-12-07 14:32:35, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:35, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:36, Info                  CSI    00000121 [SR] Verify complete
2016-12-07 14:32:36, Info                  CSI    00000122 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:36, Info                  CSI    00000123 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:37, Info                  CSI    00000125 [SR] Verify complete
2016-12-07 14:32:37, Info                  CSI    00000126 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:37, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:40, Info                  CSI    0000012b [SR] Verify complete
2016-12-07 14:32:40, Info                  CSI    0000012c [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:40, Info                  CSI    0000012d [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:42, Info                  CSI    0000012f [SR] Verify complete
2016-12-07 14:32:42, Info                  CSI    00000130 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:42, Info                  CSI    00000131 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:43, Info                  CSI    00000133 [SR] Verify complete
2016-12-07 14:32:43, Info                  CSI    00000134 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:43, Info                  CSI    00000135 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:44, Info                  CSI    00000137 [SR] Verify complete
2016-12-07 14:32:44, Info                  CSI    00000138 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:44, Info                  CSI    00000139 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:46, Info                  CSI    0000013b [SR] Verify complete
2016-12-07 14:32:46, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:46, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:47, Info                  CSI    0000013f [SR] Verify complete
2016-12-07 14:32:47, Info                  CSI    00000140 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:47, Info                  CSI    00000141 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:50, Info                  CSI    00000143 [SR] Verify complete
2016-12-07 14:32:50, Info                  CSI    00000144 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:50, Info                  CSI    00000145 [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:53, Info                  CSI    0000015d [SR] Verify complete
2016-12-07 14:32:53, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:53, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2016-12-07 14:32:55, Info                  CSI    00000161 [SR] Verify complete
2016-12-07 14:32:55, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:32:55, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:02, Info                  CSI    00000165 [SR] Verify complete
2016-12-07 14:33:02, Info                  CSI    00000166 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:02, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:05, Info                  CSI    0000016a [SR] Verify complete
2016-12-07 14:33:05, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:05, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:08, Info                  CSI    0000016e [SR] Verify complete
2016-12-07 14:33:08, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:08, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:10, Info                  CSI    00000172 [SR] Verify complete
2016-12-07 14:33:10, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:10, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:11, Info                  CSI    00000176 [SR] Verify complete
2016-12-07 14:33:11, Info                  CSI    00000177 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:11, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:12, Info                  CSI    0000017a [SR] Verify complete
2016-12-07 14:33:13, Info                  CSI    0000017b [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:13, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:14, Info                  CSI    00000180 [SR] Verify complete
2016-12-07 14:33:14, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:14, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:15, Info                  CSI    00000184 [SR] Verify complete
2016-12-07 14:33:15, Info                  CSI    00000185 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:15, Info                  CSI    00000186 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:20, Info                  CSI    00000188 [SR] Verify complete
2016-12-07 14:33:20, Info                  CSI    00000189 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:20, Info                  CSI    0000018a [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:23, Info                  CSI    0000018d [SR] Verify complete
2016-12-07 14:33:23, Info                  CSI    0000018e [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:23, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:24, Info                  CSI    00000192 [SR] Verify complete
2016-12-07 14:33:24, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:24, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:26, Info                  CSI    00000196 [SR] Verify complete
2016-12-07 14:33:26, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:26, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:29, Info                  CSI    0000019b [SR] Verify complete
2016-12-07 14:33:29, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:29, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:31, Info                  CSI    0000019f [SR] Verify complete
2016-12-07 14:33:31, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:31, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:32, Info                  CSI    000001a3 [SR] Verify complete
2016-12-07 14:33:32, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:32, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:34, Info                  CSI    000001a7 [SR] Verify complete
2016-12-07 14:33:34, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:34, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:35, Info                  CSI    000001ac [SR] Verify complete
2016-12-07 14:33:35, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:35, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:37, Info                  CSI    000001b0 [SR] Verify complete
2016-12-07 14:33:37, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:37, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:38, Info                  CSI    000001b4 [SR] Verify complete
2016-12-07 14:33:38, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:38, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:40, Info                  CSI    000001b9 [SR] Verify complete
2016-12-07 14:33:40, Info                  CSI    000001ba [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:40, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:41, Info                  CSI    000001bd [SR] Verify complete
2016-12-07 14:33:41, Info                  CSI    000001be [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:41, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:43, Info                  CSI    000001c3 [SR] Verify complete
2016-12-07 14:33:43, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:43, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:45, Info                  CSI    000001c7 [SR] Verify complete
2016-12-07 14:33:45, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:45, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:47, Info                  CSI    000001cc [SR] Verify complete
2016-12-07 14:33:47, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:47, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:48, Info                  CSI    000001d0 [SR] Verify complete
2016-12-07 14:33:48, Info                  CSI    000001d1 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:48, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:49, Info                  CSI    000001d4 [SR] Verify complete
2016-12-07 14:33:49, Info                  CSI    000001d5 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:49, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:51, Info                  CSI    000001d8 [SR] Verify complete
2016-12-07 14:33:51, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:51, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:52, Info                  CSI    000001dc [SR] Verify complete
2016-12-07 14:33:52, Info                  CSI    000001dd [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:52, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:54, Info                  CSI    000001e0 [SR] Verify complete
2016-12-07 14:33:54, Info                  CSI    000001e1 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:54, Info                  CSI    000001e2 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:55, Info                  CSI    000001e4 [SR] Verify complete
2016-12-07 14:33:55, Info                  CSI    000001e5 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:55, Info                  CSI    000001e6 [SR] Beginning Verify and Repair transaction
2016-12-07 14:33:57, Info                  CSI    000001e8 [SR] Verify complete
2016-12-07 14:33:57, Info                  CSI    000001e9 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:33:57, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:01, Info                  CSI    000001ec [SR] Verify complete
2016-12-07 14:34:01, Info                  CSI    000001ed [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:01, Info                  CSI    000001ee [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:10, Info                  CSI    000001f0 [SR] Verify complete
2016-12-07 14:34:10, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:10, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:12, Info                  CSI    000001f4 [SR] Verify complete
2016-12-07 14:34:12, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:12, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:14, Info                  CSI    000001f8 [SR] Verify complete
2016-12-07 14:34:14, Info                  CSI    000001f9 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:14, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:16, Info                  CSI    000001fb [SR] Repairing corrupted file [ml:520{260},l:74{37}]"\??\C:\Program Files\Windows Defender"\[l:18{9}]"MpSvc.dll" from store
2016-12-07 14:34:16, Info                  CSI    000001fd [SR] Verify complete
2016-12-07 14:34:16, Info                  CSI    000001fe [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:16, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:17, Info                  CSI    00000201 [SR] Verify complete
2016-12-07 14:34:17, Info                  CSI    00000202 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:17, Info                  CSI    00000203 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:18, Info                  CSI    00000205 [SR] Verify complete
2016-12-07 14:34:19, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:19, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:20, Info                  CSI    00000209 [SR] Verify complete
2016-12-07 14:34:20, Info                  CSI    0000020a [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:20, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:21, Info                  CSI    0000020d [SR] Verify complete
2016-12-07 14:34:21, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:21, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:22, Info                  CSI    00000217 [SR] Verify complete
2016-12-07 14:34:22, Info                  CSI    00000218 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:22, Info                  CSI    00000219 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:24, Info                  CSI    0000021b [SR] Verify complete
2016-12-07 14:34:24, Info                  CSI    0000021c [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:24, Info                  CSI    0000021d [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:25, Info                  CSI    0000021f [SR] Verify complete
2016-12-07 14:34:25, Info                  CSI    00000220 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:25, Info                  CSI    00000221 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:26, Info                  CSI    00000223 [SR] Verify complete
2016-12-07 14:34:26, Info                  CSI    00000224 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:26, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:28, Info                  CSI    00000227 [SR] Verify complete
2016-12-07 14:34:28, Info                  CSI    00000228 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:28, Info                  CSI    00000229 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:29, Info                  CSI    0000022b [SR] Verify complete
2016-12-07 14:34:29, Info                  CSI    0000022c [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:29, Info                  CSI    0000022d [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:32, Info                  CSI    00000230 [SR] Verify complete
2016-12-07 14:34:32, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:32, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:33, Info                  CSI    00000234 [SR] Verify complete
2016-12-07 14:34:33, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:33, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:34, Info                  CSI    00000238 [SR] Verify complete
2016-12-07 14:34:34, Info                  CSI    00000239 [SR] Verifying 100 (0x0000000000000064) components
2016-12-07 14:34:34, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
2016-12-07 14:34:37, Info                  CSI    0000023d [SR] Repairing corrupted file [ml:520{260},l:88{44}]"\??\C:\Program Files (x86)\Internet Explorer"\[l:34{17}]"ie9props.propdesc" from store
2016-12-07 14:34:38, Info                  CSI    00000240 [SR] Verify complete
2016-12-07 14:34:38, Info           


#10 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 07 December 2016 - 06:50 PM

Now I notice my  C:\ drive which is the only one I really use is almost completely full.

 

I do have a lot of games on it  but I would  think 512 GB would be enough to  use for many games. 

 

I've tried a disc clean up and still only 304kb remain on the drive that's free.

 

 

I'm also having  trouble resetting my keyboard to default speed..  If i hold a key down when typing it makes it super sensitive I messed with the settings to see if i could get faster response time and I must of made a mistake somewhere.

 

Can you please help me with these two issues if possible?

 

Thanks! :-)



#11 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 07 December 2016 - 08:11 PM

My computer is still hanging on programs then I have to close them so they aren't frozen



#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,278 posts

Posted 08 December 2016 - 07:30 AM

 
There is a difference betwee what the Farbar log reports 
Drive c: () (Fixed) (Total:419.18 GB) (Free:21.78 GB) NTFS
 
and the Cleaner tool.
I've tried a disc clean up and still only 304kb remain on the drive that's free.
===
 
Run the CHKDSK with the /f switch.
 
How to:
 
Let me know the result.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 09 December 2016 - 11:55 PM

I have chkdsk with /f switch and restarted the computer.  It fixed files that I can't show you because there was no log afterwards in a txt file.

 

Although im still having issues with opening chrome and firefox..It seems they load but don't show themselves visible.  They are opening in the background because I can see them open how any amount of times I have opened it in my task manager using ctrl + shift + esc.processes.

 

This hasn't happend before.  But I noticed I have recently bought Kaspersky total protection which contains a firewall, anti virus and browser phishing link protection.

 

Perhaps the problem is caused by incorrect settings or setup when Kaspersky is running.  I also use malwarebytes just as a scanner for malware and spyware.

 

Is there anything else you can have me try to make it work more smoothly?

 

All your help and time is very much appreciated,

 

Thank You!



#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,278 posts

Posted 10 December 2016 - 06:24 AM

 
Remove completely the old AVAST programs with their uninstaller.
 
===
 
Let remove Chrome and reinstall the Browser.
 
Remove Chrome using the the instructions on this page.
 
Clear your Chrome cache and cookies
 
Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
 
Re-install Chrome and the Bookmarks.
 
If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
<<<>>>
 
Will take care of Firefox if Chrome works.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 11 December 2016 - 12:25 AM

Thanks for the help.

 

It seems to be working now because I figured out the problem.  It had to do with one of my software I installed and now it works perfectly.

 

thanks!



#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,278 posts

Posted 11 December 2016 - 06:51 AM

If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,278 posts

Posted 26 December 2016 - 06:22 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button