1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Downloaded something I shouldnt have

Discussion in 'Malware and Virus Removal' started by JusticeNY, 2017/02/24.

  1. 2017/02/24
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    I downloaded a program for free that i shouldn't have simply because i didnt have the money to purchase the program and now i feel paranoid and realized i should have found a lowercost or free alternative

    when i downloaded the program it said click something called a host modifier (Run "Host Modifier.bat" As Admin ) and when i clicked it it a the black cmd screen came up did a few things then disappeared but the program still didnt unlock so here i am worried regretting this stupid mistake about an hour later something called

    ntkmlmp.exe had high cpu usage until i restarted my computer then it seemed to calm down

    Dont really have any main symptoms everything seems to look fine just want to make sure i dont have a hidden remote access tool on my computer or something hidden like that that i cant find

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
    Ran by tne (administrator) on DESKTOP-08I2K4U (24-02-2017 12:04:10)
    Running from C:\Users\tne\Desktop
    Loaded Profiles: tne (Available Profiles: tne)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
    (American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Evaer Technology) C:\Program Files (x86)\Evaer\videochannel.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
    (Andy OS, inc.) C:\Program Files\Andy\HandyAndy.exe
    (Andy OS, inc.) C:\Program Files\Andy\AndyADB.exe
    (Andy OS, inc.) C:\Program Files\Andy\AndyDnD.exe
    (Andy OS, inc.) C:\Program Files\Andy\AndyConsole.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe
    () C:\Program Files\Andy\adb.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-23] (Realtek Semiconductor)
    HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1259520 2016-09-15] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [replay_telecorder_skype] => [X]
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [Google Update] => C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-22] (Google Inc.)
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [avichannel] => C:\Program Files (x86)\Evaer\videochannel.exe [1741808 2016-10-25] (Evaer Technology)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-02-22]
    ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2017-01-02]
    ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-22]
    ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-22]
    ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{a3e681ff-2d01-47d9-be5e-f1e135136359}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-21] (AO Kaspersky Lab)
    BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-21] (AO Kaspersky Lab)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
    Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-21] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-21] (AO Kaspersky Lab)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: s0cv5wux.default
    FF ProfilePath: C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default [2017-02-24]
    FF Extension: (All Aboard) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\@all-aboard-v1-2 [2016-10-08]
    FF Extension: (New XKit) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\@new-xkit.xpi [2017-01-05]
    FF Extension: (Hide My IP) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\admin@hide-my-ip.org.xpi [2017-01-20]
    FF Extension: (Everplex YouTube Dark Black Theme) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\jid0-sUJ6HxrOADekM82af7ZS99zumXI@jetpack.xpi [2016-12-27]
    FF Extension: (Dark YouTube Theme) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2017-01-18]
    FF Extension: (LastPass) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\support@lastpass.com [2016-12-21]
    FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2016-12-30]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
    FF Extension: (Video DownloadHelper) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
    FF Extension: (Adblock Plus) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-21]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\features\{3b45a7dc-ad70-499c-ac49-3cb0289d8ddf}\disableSHA1rollout@mozilla.org.xpi [2017-02-16]
    FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-21]
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\tne\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
    FF Extension: (Ace Stream Web Extension) - C:\Users\tne\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @acestream.net/acestreamplugin,version=3.1.9 -> C:\Users\tne\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-31] (Innovative Digital Technologies)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\tne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @talk.google.com/O1DPlugin -> C:\Users\tne\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @tools.google.com/Google Update;version=3 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @tools.google.com/Google Update;version=9 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\tne\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\tne\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKU\S-1-5-21-101921894-4199600636-1730465535-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
    R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [81872 2015-08-13] (American Megatrends Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
    R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
    R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
    R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [13848 2016-12-23] (Advanced Micro Devices Inc.)
    S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmdag.sys [28729240 2016-12-07] (Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmpag.sys [530328 2016-12-07] (Advanced Micro Devices, Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
    S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
    R1 DuoVMDrv; C:\WINDOWS\system32\DRIVERS\DuoVMDrv.sys [239536 2015-08-06] (American Megatrends Inc.)
    S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [531424 2015-08-13] (Intel Corporation)
    S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43488 2015-11-06] (UB658)
    R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [38152 2016-08-16] (Elgato Systems GmbH)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
    R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-23] (REALiX(tm))
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
    R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-10-08] (AO Kaspersky Lab)
    R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-03] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-21] (AO Kaspersky Lab)
    R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-21] (AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
    R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
    R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2016-12-21] (AO Kaspersky Lab)
    R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2017-02-01] ()
    R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2016-12-21] (AO Kaspersky Lab)
    R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2016-12-21] (AO Kaspersky Lab)
    R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2016-12-21] (AO Kaspersky Lab)
    R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-21] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-23] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-23] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-23] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-23] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-24] (Malwarebytes)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-12-23] (Realtek )
    R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2016-10-09] (Windows (R) Win 7 DDK provider)
    R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2016-10-09] (Windows (R) Win 7 DDK provider)
    R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-10-08] (Windows (R) Win 7 DDK provider)
    R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
    R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    S3 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-02-19] (BigNox Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-24 12:04 - 2017-02-24 12:05 - 00023322 _____ C:\Users\tne\Desktop\FRST.txt
    2017-02-24 12:02 - 2017-02-24 12:04 - 00000000 ____D C:\FRST
    2017-02-24 12:00 - 2017-02-24 12:01 - 00000000 ___RD C:\Users\tne\Desktop\march 1st desktop
    2017-02-24 11:59 - 2017-02-24 12:02 - 00000000 ____D C:\Users\tne\Desktop\mal
    2017-02-24 11:56 - 2017-02-24 11:56 - 02423296 _____ (Farbar) C:\Users\tne\Desktop\FRST64.exe
    2017-02-24 10:24 - 2017-02-24 10:24 - 04328941 _____ C:\Users\tne\Downloads\HIV vaccine therapy lets five people control virus without drugs.mp4
    2017-02-23 19:02 - 2017-02-23 19:02 - 32273527 _____ C:\Users\tne\Downloads\Meek Mill _ Friends get ATTACKED by Love and Hip Hop Ratchet during a Birthday Dinner in Atlanta!.mp4
    2017-02-23 17:09 - 2017-02-23 17:09 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
    2017-02-23 15:15 - 2017-02-23 15:15 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-02-23 15:14 - 2017-02-24 10:38 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-02-23 15:14 - 2017-02-23 16:53 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-02-23 15:14 - 2017-02-23 16:53 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-02-23 15:14 - 2017-02-23 16:53 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-02-23 15:14 - 2017-02-23 15:14 - 55566792 _____ (Malwarebytes ) C:\Users\tne\Downloads\mb3-setup-consumer-3.0.6.1469.exe
    2017-02-23 15:14 - 2017-02-23 15:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-02-23 15:14 - 2017-02-23 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-02-23 15:14 - 2017-02-23 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-02-23 15:14 - 2017-02-23 15:14 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-02-23 15:14 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-02-22 19:44 - 2017-02-22 19:48 - 00000000 ____D C:\Users\tne\AppData\Local\WinZip
    2017-02-22 19:44 - 2017-02-22 19:44 - 00003610 _____ C:\WINDOWS\System32\Tasks\WinZipBackGroundToolsTask
    2017-02-22 19:44 - 2017-02-22 19:44 - 00003522 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip Background Tools.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002181 _____ C:\Users\Public\Desktop\WinZip.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
    2017-02-22 19:43 - 2017-02-22 19:44 - 00000000 ____D C:\ProgramData\WinZip
    2017-02-22 19:43 - 2017-02-22 19:43 - 00723032 _____ (WinZip Computing, S.L.) C:\Users\tne\Downloads\winzip21-lan.exe
    2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
    2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\ProgramData\UniqueId
    2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\Program Files\WinZip
    2017-02-22 19:39 - 2017-02-22 19:39 - 00000000 ____D C:\Users\tne\Downloads\Bandicam 3.1.1.1073 Multilingual + Keymaker [SadeemPC]
    2017-02-22 17:09 - 2017-02-22 17:09 - 24787508 _____ C:\Users\tne\Downloads\Jim Jones Responds To Cam'Ron's Instagram Live Show, Talks RocNation, Jay Z.mp4
    2017-02-22 00:57 - 2017-02-22 00:57 - 11964605 _____ C:\Users\tne\Downloads\The Flash 3x13 Solovar meets the Team (2017) 1080p.mp4
    2017-02-21 14:36 - 2017-02-21 14:37 - 162245994 _____ C:\Users\tne\Downloads\TOLIET SEAT PRANK _ HICKEY PRANK (GONE WRONG !!).mp4
    2017-02-20 12:22 - 2017-02-20 12:22 - 22255418 _____ C:\Users\tne\Downloads\Kevin Durant to Russell Westbrook Ally-OOP! NBA All Star Game 2017 Highlight.mp4
    2017-02-20 12:17 - 2017-02-20 12:17 - 31991485 _____ C:\Users\tne\Downloads\Russell Westbrook talks about Kevin Durant, NBA All Star Game 2017 Postgame Interview.mp4
    2017-02-20 02:57 - 2017-02-20 02:57 - 00000000 ____D C:\Users\tne\AppData\Roaming\Audacity
    2017-02-20 02:57 - 2017-02-20 02:57 - 00000000 ____D C:\Users\tne\AppData\Local\Audacity
    2017-02-20 01:56 - 2017-02-20 02:57 - 00000000 ____D C:\Program Files (x86)\Audacity
    2017-02-20 01:56 - 2017-02-20 01:56 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2017-02-20 01:56 - 2017-02-20 01:56 - 00001076 _____ C:\Users\Public\Desktop\Audacity.lnk
    2017-02-20 01:55 - 2017-02-20 01:55 - 26496761 _____ (Audacity Team ) C:\Users\tne\Downloads\audacity-win-2.1.2.exe
    2017-02-20 01:55 - 2017-02-20 01:55 - 26496761 _____ (Audacity Team ) C:\Users\tne\Downloads\audacity-win-2.1.2 (1).exe
    2017-02-19 02:56 - 2017-02-19 02:56 - 00000000 ____D C:\Users\tne\Nox_share
    2017-02-19 02:55 - 2017-02-19 02:55 - 00000045 _____ C:\Users\tne\nuuid.ini
    2017-02-19 02:55 - 2017-02-19 02:55 - 00000041 _____ C:\Users\tne\inst.ini
    2017-02-19 02:54 - 2017-02-22 23:27 - 00000000 ____D C:\Users\tne\AppData\Local\Nox
    2017-02-19 02:54 - 2017-02-22 19:22 - 00000000 ____D C:\Users\tne\vmlogs
    2017-02-19 02:54 - 2017-02-22 19:22 - 00000000 ____D C:\Users\tne\.BigNox
    2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
    2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Program Files (x86)\Nox
    2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Program Files (x86)\Bignox
    2017-02-19 02:51 - 2017-02-19 02:52 - 295830920 _____ (Duodian Technology Co. Ltd.) C:\Users\tne\Downloads\nox_setup_v3.8.0.3_full_intl.exe
    2017-02-19 02:24 - 2017-02-19 02:24 - 00000000 ___HD C:\Users\tne\.DuOS
    2017-02-19 02:24 - 2017-02-19 02:24 - 00000000 ____D C:\Users\tne\DuOSShare
    2017-02-19 02:15 - 2017-02-19 02:15 - 00002626 _____ C:\Users\Public\Desktop\DuOS.lnk
    2017-02-19 02:15 - 2017-02-19 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DuOS
    2017-02-19 02:15 - 2017-02-19 02:15 - 00000000 ____D C:\ProgramData\AMI
    2017-02-19 02:15 - 2017-02-19 02:15 - 00000000 ____D C:\Program Files\AMI
    2017-02-19 02:15 - 2015-08-06 19:40 - 00239536 _____ (American Megatrends Inc.) C:\WINDOWS\system32\Drivers\DuoVMDrv.sys
    2017-02-19 02:13 - 2017-02-19 02:13 - 02971600 _____ (American Megatrends Inc.) C:\Users\tne\Downloads\DuOSInstaller-jb-lite.exe
    2017-02-19 01:54 - 2017-02-19 01:54 - 52378886 _____ C:\Users\tne\Downloads\brittany renner instagram live highlights.mp4
    2017-02-17 19:39 - 2017-02-17 19:40 - 75815120 _____ C:\Users\tne\Downloads\SHT DURING SEX PRANK!!! (HILARIOUS) _ LOVEMONTH.mp4
    2017-02-16 12:16 - 2017-02-16 12:16 - 67722077 _____ C:\Users\tne\Downloads\Billy_Gatz_Presentz_Uncle_Murda_Best_Of-(DatPiff.com).zip
    2017-02-16 12:16 - 2017-02-16 12:16 - 42548656 _____ C:\Users\tne\Downloads\The_Best_Of_Uncle_Murda-(DatPiff.com).zip
    2017-02-15 22:12 - 2017-02-15 22:12 - 13207286 _____ C:\Users\tne\Downloads\21 Savage CLOWNS 22 Savage NEW CHAIN.mp4
    2017-02-15 15:53 - 2017-02-15 15:53 - 00449668 _____ C:\WINDOWS\Minidump\021517-25625-01.dmp
    2017-02-14 17:30 - 2017-02-14 18:05 - 107951155 _____ C:\Users\tne\Downloads\aj180__13_August_2015.mp4
    2017-02-13 11:17 - 2017-02-13 11:17 - 00465788 _____ C:\WINDOWS\Minidump\021317-34406-01.dmp
    2017-02-09 23:49 - 2017-02-10 17:38 - 00000000 ____D C:\Users\tne\Desktop\vlc recording
    2017-02-09 23:49 - 2017-02-09 23:56 - 00000000 ____D C:\Users\tne\AppData\Roaming\vlc
    2017-02-09 23:44 - 2017-02-09 23:44 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-02-09 23:44 - 2017-02-09 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2017-02-09 23:44 - 2017-02-09 23:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2017-02-09 23:43 - 2017-02-09 23:43 - 30533688 _____ C:\Users\tne\Downloads\vlc-2.2.4-win32.exe
    2017-02-09 16:39 - 2017-02-09 16:40 - 49809739 _____ C:\Users\tne\Downloads\HORIZON ZERO DAWN Machines Trailer PS4 (2017).mp4
    2017-02-09 11:57 - 2017-02-09 11:57 - 17967787 _____ C:\Users\tne\Downloads\Gucci Mane RESPONDS BACK to Waka Flocka with shots of his own.mp4
    2017-02-07 16:23 - 2017-02-07 16:23 - 33327603 _____ C:\Users\tne\Downloads\Tremaine The Playboy _ Exclusive Web Series Trailer _ VH1.mp4
    2017-02-07 16:07 - 2017-02-07 16:07 - 20242049 _____ C:\Users\tne\Downloads\Danielle Cash Me Outside girl Explains The Airplane Fight!.mp4
    2017-02-03 02:16 - 2017-02-03 02:16 - 16822578 _____ C:\Users\tne\Downloads\NuNu Nellz Exposes T-Rex! Lives @ Home With Mom _ Goodz owns a House! @ URL _ SMACK Born Legacy 4.mp4
    2017-02-03 00:43 - 2017-02-03 00:44 - 172742355 _____ C:\Users\tne\Downloads\Katie.zip
    2017-02-02 20:04 - 2017-02-02 20:04 - 46969729 _____ C:\Users\tne\Downloads\Catch me outside how bout dat girl GOES CRAZY during Live Stream.mp4
    2017-02-02 19:52 - 2017-02-02 19:52 - 89801714 _____ C:\Users\tne\Downloads\Catch Me Outside Girls MENTAL BREAKDOWN Live On Instagram.mp4
    2017-02-02 19:18 - 2017-02-02 19:19 - 514761502 _____ C:\Users\tne\Downloads\Charlamagne Tha God's Funniest Moments Ever (Pt 1).mp4
    2017-02-02 18:53 - 2017-02-02 18:53 - 10227277 _____ C:\Users\tne\Downloads\Chris Brown Responds to Soulja Boy Saying Chris Never Signed the Contract to Fight.mp4
    2017-02-02 17:03 - 2017-02-02 17:04 - 00453396 _____ C:\WINDOWS\Minidump\020217-24312-01.dmp
    2017-02-02 12:13 - 2017-02-02 12:13 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-02-02 12:07 - 2017-02-02 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-02-02 12:07 - 2017-02-02 12:07 - 00000000 ____D C:\Program Files\iTunes
    2017-02-02 12:07 - 2017-02-02 12:07 - 00000000 ____D C:\Program Files\iPod
    2017-02-02 12:05 - 2017-02-02 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-02-01 02:32 - 2017-02-01 02:32 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
    2017-01-31 12:35 - 2017-01-31 12:35 - 04956971 _____ C:\Users\tne\Downloads\Chris Brown ADMITS to being a CRAZY STALKER BOYFRIEND.mp4

    2017-01-27 15:28 - 2017-01-27 15:28 - 25969389 _____ C:\Users\tne\Downloads\Alkaline - Fleek.mp4
    2017-01-27 15:22 - 2017-01-27 15:22 - 45774817 _____ C:\Users\tne\Downloads\Casanova - Don't Run (Official Video).mp4
    2017-01-27 14:22 - 2017-01-27 14:22 - 30694501 _____ C:\Users\tne\Downloads\Young Chop Goes On A Rant About Chief Keef Being Arrested.mp4
    2017-01-26 10:37 - 2017-01-26 10:37 - 28810112 _____ C:\Users\tne\Downloads\50 Cent training Tom Hardy This is How Rich People Work Out Pain_Gain.mp4
    2017-01-25 15:50 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2017-01-25 15:50 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2017-01-25 14:52 - 2017-01-25 14:52 - 14537084 _____ C:\Users\tne\Downloads\File Jan 25, 2 39 56 PM.mov


    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-24 12:02 - 2016-12-21 11:09 - 00000000 ____D C:\Users\tne\AppData\LocalLow\Mozilla
    2017-02-24 12:02 - 2016-10-09 11:20 - 00000000 ____D C:\Users\tne\AppData\LocalLow\LastPass
    2017-02-24 11:20 - 2017-01-02 00:32 - 00000000 ____D C:\Users\tne\AppData\Roaming\VMware
    2017-02-24 11:20 - 2017-01-02 00:30 - 00000000 ____D C:\ProgramData\VMware
    2017-02-24 11:20 - 2017-01-02 00:26 - 00000000 ____D C:\Users\tne\AppData\Roaming\Andy
    2017-02-24 10:35 - 2016-10-08 15:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2017-02-24 10:21 - 2016-10-11 10:08 - 00000000 ____D C:\Users\tne\AppData\Local\Adobe
    2017-02-24 10:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-02-24 01:19 - 2016-10-18 15:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-02-23 19:06 - 2016-10-09 16:53 - 00000000 ____D C:\Users\tne\Desktop\OBS
    2017-02-23 17:09 - 2016-10-08 15:44 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-02-23 16:53 - 2016-10-18 15:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-02-23 16:52 - 2016-10-18 15:12 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2017-02-23 16:52 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-02-23 16:22 - 2016-10-09 12:11 - 00000000 ____D C:\Users\tne\AppData\Roaming\.ACEStream
    2017-02-23 11:51 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-23 11:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-02-23 01:27 - 2016-10-09 10:13 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-02-23 01:27 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-02-23 01:24 - 2016-10-18 15:16 - 00000000 ____D C:\Users\tne
    2017-02-23 01:24 - 2016-10-09 10:12 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-02-23 00:54 - 2017-01-07 01:09 - 00000000 ____D C:\Users\tne\AppData\Roaming\Skype
    2017-02-22 23:14 - 2016-12-30 21:59 - 00000000 ____D C:\Users\tne\Desktop\God ****
    2017-02-22 19:40 - 2016-12-22 01:28 - 00001057 _____ C:\Users\Public\Desktop\Bandicam.lnk
    2017-02-22 19:39 - 2016-12-22 01:28 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
    2017-02-22 19:39 - 2016-12-22 01:28 - 00000000 ____D C:\Program Files (x86)\Bandicam
    2017-02-22 19:23 - 2016-12-25 20:02 - 00000000 ____D C:\Users\tne\.android
    2017-02-22 02:13 - 2016-12-22 13:11 - 00000000 ____D C:\Users\tne\Documents\Evaer
    2017-02-20 00:20 - 2017-01-01 19:53 - 00000000 ____D C:\Users\tne\AppData\Local\TinderPlusPlus
    2017-02-19 02:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Registration
    2017-02-15 15:53 - 2016-10-30 11:51 - 00000000 ____D C:\WINDOWS\Minidump
    2017-02-15 15:53 - 2016-10-11 10:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2017-02-15 15:52 - 2016-10-30 11:51 - 907071970 _____ C:\WINDOWS\MEMORY.DMP
    2017-02-14 17:09 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
    2017-02-14 11:23 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-02-14 11:23 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-02-04 00:54 - 2016-10-08 12:25 - 00000000 ____D C:\Users\tne\AppData\Local\Packages
    2017-02-02 12:07 - 2017-01-02 17:08 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-02-02 12:05 - 2017-01-02 17:10 - 00000000 ____D C:\Users\tne\AppData\Roaming\Apple Computer
    2017-02-02 12:05 - 2017-01-02 17:10 - 00000000 ____D C:\Users\tne\AppData\Local\Apple Computer
    2017-01-31 11:47 - 2017-01-01 19:30 - 00000000 ____D C:\Users\tne\Desktop\mug
    2017-01-30 21:05 - 2016-10-08 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-01-27 10:27 - 2016-10-08 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== Files in the root of some directories =======

    2016-12-22 01:14 - 2016-12-22 01:14 - 0000073 _____ () C:\Users\tne\AppData\Roaming\Camdata.ini
    2016-12-22 01:14 - 2016-12-22 01:14 - 0000408 _____ () C:\Users\tne\AppData\Roaming\CamLayout.ini
    2016-12-22 01:14 - 2016-12-22 01:14 - 0000408 _____ () C:\Users\tne\AppData\Roaming\CamShapes.ini
    2016-12-22 01:14 - 2016-12-22 01:14 - 0004546 _____ () C:\Users\tne\AppData\Roaming\CamStudio.cfg
    2016-12-22 01:10 - 2016-12-22 01:10 - 0000096 _____ () C:\Users\tne\AppData\Roaming\version2.xml
    2016-10-08 14:48 - 2016-11-08 02:52 - 0032744 _____ () C:\Users\tne\AppData\Roaming\VoiceMeeterDefault.xml
    2016-10-08 15:25 - 2016-10-08 15:25 - 0007601 _____ () C:\Users\tne\AppData\Local\Resmon.ResmonCfg
    2016-12-23 23:32 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\tne\AppData\Local\TroubleshooterConfig.json
    2016-10-18 15:12 - 2016-10-18 15:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2016-11-23 20:52 - 2016-11-23 20:52 - 1040816 _____ (www.Bandisoft.com) C:\Users\tne\AppData\Local\Temp\bdcam64_0.dll
    2016-11-23 20:52 - 2016-11-23 20:52 - 0875440 _____ (www.Bandisoft.com) C:\Users\tne\AppData\Local\Temp\bdcam_0.dll
    2013-08-05 01:15 - 2013-08-05 01:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\tne\AppData\Local\Temp\bdfilters.dll
    2017-01-13 00:49 - 2017-01-13 00:49 - 0192512 _____ () C:\Users\tne\AppData\Local\Temp\sfamcc00001.dll
    2017-01-13 00:51 - 2017-01-13 00:51 - 0192512 _____ () C:\Users\tne\AppData\Local\Temp\sfamcc00002.dll
    2017-01-13 00:49 - 2017-01-13 00:49 - 0158720 _____ () C:\Users\tne\AppData\Local\Temp\sfareca00001.dll
    2017-01-13 00:51 - 2017-01-13 00:51 - 0158720 _____ () C:\Users\tne\AppData\Local\Temp\sfareca00002.dll
    2017-01-07 01:10 - 2017-02-11 21:01 - 44047840 _____ (Skype Technologies S.A.) C:\Users\tne\AppData\Local\Temp\SkypeSetup.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-23 01:23

    ==================== End of FRST.txt ============================

     
    Last edited: 2017/02/24
  2. 2017/02/24
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
    Ran by tne (24-02-2017 12:40:08)
    Running from C:\Users\tne\Desktop
    Windows 10 Home Version 1607 (X64) (2016-10-18 20:30:10)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-101921894-4199600636-1730465535-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-101921894-4199600636-1730465535-503 - Limited - Disabled)
    Guest (S-1-5-21-101921894-4199600636-1730465535-501 - Limited - Disabled)
    tne (S-1-5-21-101921894-4199600636-1730465535-1003 - Administrator - Enabled) => C:\Users\tne

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ace Stream Media 3.1.9 (HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\AceStream) (Version: 3.1.9 - Ace Stream Media) <==== ATTENTION
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2015.3 (HKLM-x32\...\PPRO_10_4_0) (Version: 10.4.0 - Adobe Systems Incorporated)
    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
    Andy OS (HKLM\...\Andy OS) (Version: 46.16 - Andy OS, Inc)
    Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Auto Mouse Click v15.1 (HKLM-x32\...\{F5E3859D-0720-41F0-BAF5-4CBCDFD8F406}_is1) (Version: 15.1 - MurGee.com)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
    Catalyst Control Center Next Localization BR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    DuOS (HKLM\...\{E4CEC959-9A90-4391-86D0-76B518171F9D}) (Version: 1.1.0.7525 - American Megatrends Inc.)
    Elgato Game Capture HD (HKLM\...\{4281A206-158E-4C28-B078-397188759F60}) (Version: 3.20.33.1533 - Elgato Systems GmbH)
    Evaer Video Recorder for Skype 1.6.6.22 (HKLM-x32\...\Evaer Video Recorder for Skype) (Version: 1.6.6.22 - Evaer Technology)
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
    Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
    Game Capture HD60 S v1.1.0.160 (HKLM-x32\...\Software_Elgato_Game Capture HD60 S) (Version: 1.1.0.160 - Elgato Systems)
    Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
    iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
    IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
    iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    K-Lite Mega Codec Pack 12.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    ManyCam 2.6.65 (remove only) (HKLM-x32\...\ManyCam) (Version: 2.6.65 - ManyCam LLC)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.3 - Duodian Technology Co. Ltd.)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
    Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.7.1001 - ooVoo LLC.)
    PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1001.0 - Passmark Software)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
    Replay Telecorder for Skype 1.3.0.12 (HKLM-x32\...\Replay Telecorder for Skype_is1) (Version: 1.3.0.12 - Applian Technologies Inc.)
    Skype Launcher (HKLM-x32\...\{82799854-39DF-4EC3-8778-918CE0C81A3F}_is1) (Version: 1.6.5 - binaerkombinat)
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Tinder++ version 1.3.0 (HKLM-x32\...\{CCD04A62-CD9B-4962-A36A-0F18FC7A8D52}_is1) (Version: 1.3.0 - VibraMedia, LLC)
    VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VMware Player (HKLM\...\{6D211A09-EB2A-4B83-ACCB-13B1BC12AF4E}) (Version: 12.5.2 - VMware, Inc.)
    VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.6.00000 - VMware, Inc.)
    Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
    Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
    WebM Project Directshow Filters (HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
    WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - Xvid Development Team)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C286DD87171A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {004F103E-0EF8-4F46-B249-1E8160CF8D1F} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-08I2K4U-tne => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {083F552E-C8E7-44F1-959C-10D4AACBCBC1} - System32\Tasks\Driver Booster SkipUAC (tne) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
    Task: {251A5465-9D65-44FC-9187-275795B6150B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
    Task: {315B9176-89DA-4895-A583-D785FB8FF6EC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {334B463E-F23A-4778-A8EC-3BF0AD62B3F0} - System32\Tasks\{6D7EDC90-8124-4D49-9303-7DA6148010B0} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {4473A86B-4C4B-4D2E-9803-7E787863FED0} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2017-02-10] (WinZip Computing, S.L.)
    Task: {4A5668A3-2F2B-4A88-8B6C-51060D1418D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {53E5EFB0-5B39-4408-A019-4915C475FECC} - System32\Tasks\{A878B077-424C-4F63-91DB-DAB3DAA3D815} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {6B2F7222-9568-4089-8DE1-D9903B278BEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-101921894-4199600636-1730465535-1003Core => C:\Users\tne\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-22] (Google Inc.)
    Task: {6E559352-AE8E-4741-95F1-9FFB48B07511} - System32\Tasks\{EB3AD9AE-76CB-403C-B98F-19991C45FA1B} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {7A41503B-EE1C-4328-90B8-31A0FE842B37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-101921894-4199600636-1730465535-1003UA => C:\Users\tne\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-22] (Google Inc.)
    Task: {7F28695E-D93B-405F-80F1-48AC50A71DD3} - System32\Tasks\{6882B8E9-8727-4FF9-9E07-D24FEFCF6838} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {846845A7-236F-495B-A615-815380491C24} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-10] (WinZip)
    Task: {9CB5D5AB-4C2D-406A-984C-2E94440EF58D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-04] (Advanced Micro Devices, Inc.)
    Task: {9F594453-5356-4D92-8C4D-7C39A0F1272A} - System32\Tasks\IU Task (One-Time) => C:\Program Files (x86)\IObit\IObit Uninstaller\XmasPromote.exe
    Task: {B4AAAB41-EC40-4EBC-B36B-FE689BA0EC85} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
    Task: {C38CD769-087D-4A25-8AB5-4B533BDFBCDE} - System32\Tasks\Uninstaller_SkipUac_tne => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {D6E1B261-1B65-4455-9A19-CCC378737630} - System32\Tasks\{6CE18DE3-CE2A-4038-B6CE-6B9DBE7D5F91} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe"
    Task: {D6ED83AF-C55D-4775-B179-5F45D2048A71} - System32\Tasks\{433FF9F7-76A9-42D3-9691-EB7D43AE56A1} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {D92867D5-8E8C-4576-8654-09530F739F97} - System32\Tasks\{796DBF8F-C322-4CD3-9E8B-74B045C82DA9} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {DBDFF187-EA02-4603-AA23-8F2915156C26} - System32\Tasks\ASC Task (One-Time) => C:\Program Files (x86)\IObit\Advanced SystemCare\XmasPromote.exe
    Task: {FAEF0B44-372F-4942-AFC3-D69447D4DA6D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {FD4C94A6-3232-45E7-B6E9-DD368AE5D18B} - System32\Tasks\{EC0F6296-87AC-4073-9354-9B6A66521918} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_tne.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-02-23 15:14 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-02-23 15:14 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
    2017-02-23 15:14 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-21 00:32 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-12-21 00:32 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-21 00:32 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2016-09-14 22:30 - 2016-09-14 22:30 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2016-09-14 22:30 - 2016-09-14 22:30 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2016-09-14 22:30 - 2016-09-14 22:30 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2016-09-14 22:30 - 2016-09-14 22:30 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2016-09-14 22:30 - 2016-09-14 22:30 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
    2016-10-18 19:05 - 2016-10-18 19:05 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-10 15:22 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-01-10 15:21 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-10 15:21 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-09-15 21:12 - 2016-09-15 21:12 - 01259520 _____ () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
    2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2017-01-02 00:26 - 2016-12-16 20:26 - 00310688 _____ () C:\Program Files\Andy\jpeg.dll
    2017-01-02 00:26 - 2016-12-16 20:25 - 00075848 _____ () C:\Program Files\Andy\psutil._psutil_windows.pyd
    2017-01-02 00:27 - 2016-12-16 20:26 - 01273288 _____ () C:\Program Files\Andy\SDL2.dll
    2017-01-02 00:26 - 2016-12-16 20:25 - 00157368 _____ () C:\Program Files\Andy\multidict._multidict.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00064912 _____ () C:\Program Files\Andy\yarl._quoting.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00043168 _____ () C:\Program Files\Andy\aiohttp._websocket.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00068048 _____ () C:\Program Files\Andy\zmq.backend.cython.constants.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00042144 _____ () C:\Program Files\Andy\zmq.backend.cython.error.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00078408 _____ () C:\Program Files\Andy\zmq.backend.cython.message.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00062864 _____ () C:\Program Files\Andy\zmq.backend.cython.context.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00112224 _____ () C:\Program Files\Andy\zmq.backend.cython.socket.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00050968 _____ () C:\Program Files\Andy\zmq.backend.cython.utils.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00059792 _____ () C:\Program Files\Andy\zmq.backend.cython._poll.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00037928 _____ () C:\Program Files\Andy\zmq.backend.cython._version.pyd
    2017-01-02 00:26 - 2016-12-16 20:25 - 00054616 _____ () C:\Program Files\Andy\zmq.backend.cython._device.pyd
    2017-01-02 00:26 - 2016-12-16 20:26 - 00085240 _____ () C:\Program Files\Andy\app.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00363184 _____ () C:\Program Files\Andy\gobject.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 01509784 _____ () C:\Program Files\Andy\glib.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00946048 _____ () C:\Program Files\Andy\gstreamer.dll
    2017-01-02 00:27 - 2016-12-16 20:26 - 00471752 _____ () C:\Program Files\Andy\video.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00313880 _____ () C:\Program Files\Andy\gstbase.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00057296 _____ () C:\Program Files\Andy\gmodule.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00046872 _____ () C:\Program Files\Andy\plugins\gstreamer\gstapp.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00096688 _____ () C:\Program Files\Andy\plugins\gstreamer\gstvideofilter.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00070216 _____ () C:\Program Files\Andy\plugins\gstreamer\gstvideoscale.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00069704 _____ () C:\Program Files\Andy\plugins\gstreamer\gstautoconvert.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00294064 _____ () C:\Program Files\Andy\plugins\gstreamer\gstcoreelements.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00079608 _____ () C:\Program Files\Andy\plugins\gstreamer\gstjpeg.dll
    2017-01-02 00:26 - 2016-12-16 20:25 - 02629800 _____ () C:\Program Files\Andy\exiv2.dll
    2017-01-02 00:26 - 2016-12-16 20:26 - 00060880 _____ () C:\Program Files\Andy\plugins\gstreamer\gstvideoconvert.dll
    2017-01-02 00:27 - 2016-12-19 15:37 - 01432880 _____ () C:\Program Files\Andy\adb.exe
    2016-12-23 22:16 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2016-12-23 22:16 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2016-12-23 22:16 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2016-06-27 23:19 - 2016-06-27 23:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
    2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
    2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
    2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
    2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
    2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
    2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
    2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
    2016-12-21 00:12 - 2016-12-21 00:12 - 01114136 _____ () C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ___RA C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{8E9CC5DF-82D9-4483-A841-49588F1F4D0D}] => (Allow) C:\Users\tne\AppData\Roaming\ACEStream\engine\ace_engine.exe
    FirewallRules: [{9BF3C1DC-0BA2-46E6-AF70-3AA5617BAE2D}] => (Allow) C:\Users\tne\AppData\Roaming\ACEStream\engine\ace_engine.exe
    FirewallRules: [{0831A072-8CD3-4536-9781-9519660E5370}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{37C8587A-2C23-4A19-A2EB-BABD2C724575}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2A874968-A166-47B2-8710-E02FF99A71DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{260777D5-F7F0-42B6-BB7E-289856E799C3}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
    FirewallRules: [{0FB10075-CA77-463D-8BF6-0D753E331125}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
    FirewallRules: [{3A1260EB-C38D-409E-AFE3-51551CBFF0D7}] => (Allow) C:\Users\tne\AppData\Local\Temp\andy-x64\Setup.exe
    FirewallRules: [{84093DB7-3B94-4DBC-AAD7-7C70A96F9227}] => (Allow) C:\Users\tne\AppData\Local\Temp\andy-x64\Setup.exe
    FirewallRules: [{D8CA7D48-6948-431B-BF23-082128B6044E}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{16EB9DEA-250D-434F-ABE1-7C4ADC8CA9CB}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{6B69A162-756E-4249-8FAD-953FBB2A5C16}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{2785FCF1-09ED-44E8-A231-5CA212D5BC0B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{C4F2840F-4947-43E5-A143-61D8C13ACF6A}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{6C363471-0948-42C2-B15A-9D36D3B11250}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{B14185EE-C6CD-43D7-A693-0FA30EEDE029}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{A992295E-47F1-4249-82B8-97205A03E26B}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{0D8443E6-CE4C-4F1A-BCCF-E455C23E5734}] => (Allow) C:\Users\tne\AppData\Local\Temp\RemoveTemp.exe
    FirewallRules: [{5D442FB6-1E8F-49B3-9D02-EDEA14B4C781}] => (Allow) C:\Users\tne\AppData\Local\Temp\RemoveTemp.exe
    FirewallRules: [{F53D1F21-11A3-4F22-9139-58DC57CAFC36}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
    FirewallRules: [{646DF58E-859A-4114-B307-46F5525EFFDE}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
    FirewallRules: [{61BB0736-6D0C-4B2E-94A5-974C3F5C1CAC}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
    FirewallRules: [{4B6D9326-1F84-4565-BFFB-0DDA0735B3BD}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
    FirewallRules: [{B4C727AF-B854-4AD4-BD62-31A447754218}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [{BC45CD27-4599-47A8-BFCF-AE720459642D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [{2F69ABE2-055A-4768-8DE5-2F748BAE71FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{665B7564-901C-410B-870D-5835EDAAD795}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C4A063A3-43A5-4773-A140-4E586C2598EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4053D5E0-7B24-4846-8B28-356D0C86EDE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{05445C12-7DAD-40D2-9A75-147F044D1E0F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{1EBCEBE5-FB8E-4A11-8125-9DE3AEA23A75}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{E3CFBCC4-A87F-482D-AF29-369570B0EAC0}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
    FirewallRules: [{6A187401-CBA0-4171-A1CC-A154666C3108}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
    FirewallRules: [{03CAC2C8-CFC5-4B99-8384-CB3084FB272A}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
    FirewallRules: [{312346F9-6FF1-4D3A-9924-27EE94906D5B}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
    FirewallRules: [{92F4319D-9BBF-4517-8636-8D5604C28AC1}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
    FirewallRules: [{0BEDEF41-7343-4788-9E1B-ADE7B8261DEF}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
    FirewallRules: [{3C28204E-A3A1-4259-A714-4E32AE344C2E}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
    FirewallRules: [{D8D2CC85-D257-46A0-9B43-DA30D0F223FB}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
    FirewallRules: [{EF11EC4C-52C7-48EC-A91E-D615A91D2AC1}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
    FirewallRules: [{182623B4-D3C3-4EDE-95F3-4ED4F6EE6BB5}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
    FirewallRules: [{5EEA9552-1A57-47D5-89CB-9596C8D31C80}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
    FirewallRules: [{11FEF774-E2DF-4AE7-A06E-F5D3DC88E75D}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
    FirewallRules: [{E451BACD-130A-4D55-8B83-A3AD8AC49417}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
    FirewallRules: [{10E7591F-97A6-4423-AA07-A2BD6C4FC3A2}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
    FirewallRules: [{EDE29B49-E80D-41D7-9B18-80D5DBE1EF41}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
    FirewallRules: [{9633A367-28E4-442E-9323-37B0AF1897AB}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe

    ==================== Restore Points =========================

    31-01-2017 16:10:35 Scheduled Checkpoint
    09-02-2017 18:58:12 Scheduled Checkpoint
    20-02-2017 01:39:13 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/24/2017 10:19:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004C003
    Command-line arguments:
    RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

    Error: (02/24/2017 10:19:41 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0xC004C003
    Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

    Error: (02/24/2017 10:19:41 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0xC004C003

    Error: (02/24/2017 10:18:24 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007139F
    Command-line arguments:
    RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (02/24/2017 10:18:24 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0xC004C003
    Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

    Error: (02/24/2017 10:18:24 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0xC004C003

    Error: (02/23/2017 09:36:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 51.0.1.6234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1ac4

    Start Time: 01d28e201a5c97e1

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: 0c3b9501-fa3a-11e6-9dbd-1c1b0d12345f

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/23/2017 09:36:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
    Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
    Exception code: 0x80000003
    Fault offset: 0x0000ec83
    Faulting process id: 0x24b4
    Faulting application start time: 0x01d28e4388e91088
    Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    Report Id: 1e480225-c324-4b58-8a7e-af78ba7db916
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (02/23/2017 08:58:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004C003
    Command-line arguments:
    RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (02/23/2017 08:58:21 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0xC004C003
    Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d


    System errors:
    =============
    Error: (02/24/2017 10:19:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/24/2017 01:18:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 09:36:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 09:33:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 08:19:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 04:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 04:53:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 04:51:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 03:41:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/23/2017 03:22:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2017-02-24 12:30:26.892
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-23 15:44:24.698
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-23 15:25:18.779
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-23 15:25:18.711
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-23 15:15:05.558
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-23 15:15:05.557
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-23 15:15:05.557
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-23 15:14:43.981
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-23 15:14:00.401
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-22 19:41:49.030
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8320 Eight-Core Processor
    Percentage of memory in use: 49%
    Total physical RAM: 16365.55 MB
    Available physical RAM: 8273.73 MB
    Total Virtual: 18797.55 MB
    Available Virtual: 9028.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1862.53 GB) (Free:956.45 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: EC6E64C7)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: DCEBAFD7)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     

  3. to hide this advert.

  4. 2017/02/24
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    did a Malwarebytes scan
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/23/17
    Scan Time: 3:28 PM
    Logfile: sss.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.50
    Update Package Version: 1.0.1335
    License: Trial

    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: DESKTOP-08I2K4U\tne

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 413117
    Time Elapsed: 10 min, 37 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 12
    PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1322], [332494],1.0.1335
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1322], [332494],1.0.1335
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1322], [332494],1.0.1335
    PUP.Optional.Reimage, HKU\S-1-5-21-101921894-4199600636-1730465535-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1322], [327205],1.0.1335
    PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1322], [336077],1.0.1335
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1322], [327193],1.0.1335
    PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, Quarantined, [1322], [332504],1.0.1335
    PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1322], [327193],1.0.1335
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1322], [327193],1.0.1335
    PUP.Optional.Reimage, HKU\S-1-5-21-101921894-4199600636-1730465535-1003\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1322], [327203],1.0.1335
    PUP.Optional.Reimage, HKU\S-1-5-21-101921894-4199600636-1730465535-1003\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1322], [327204],1.0.1335
    PUP.Optional.Reimage, HKU\S-1-5-21-101921894-4199600636-1730465535-1003\SOFTWARE\Reimage, Quarantined, [1322], [357494],1.0.1335

    Registry Value: 2
    PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, Quarantined, [1322], [332504],1.0.1335
    PUP.Optional.Reimage, HKU\S-1-5-21-101921894-4199600636-1730465535-1003\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1322], [327204],1.0.1335

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 4
    PUP.Optional.Solvusoft, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft\Solvusoft Suite\Dumps, Quarantined, [448], [319820],1.0.1335
    PUP.Optional.Solvusoft, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft\Solvusoft Suite\Logs, Quarantined, [448], [319820],1.0.1335
    PUP.Optional.Solvusoft, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft\Solvusoft Suite, Quarantined, [448], [319820],1.0.1335
    PUP.Optional.Solvusoft, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\Solvusoft, Quarantined, [448], [319820],1.0.1335

    File: 13
    PUP.Optional.Solvusoft, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft\Solvusoft Suite\Logs\MachineId.log.txt, Quarantined, [448], [319820],1.0.1335
    RiskWare.CrudeTheftMarker, C:\USERS\TNE\DESKTOP\APPLIAN.TECHNOLOGIES.REPLAY.TELECORDER.FOR.SKYPE.V1.3.0.12-CRD.RAR, No Action By User, [12175], [145294],1.0.1335
    RiskWare.Tool.HCK, C:\USERS\TNE\DESKTOP\KEYMAKER.EXE, Quarantined, [2562], [64690],1.0.1335
    RiskWare.Tool.HCK, C:\USERS\TNE\APPDATA\LOCAL\TEMP\WZ9EA0\KEYMAKER.EXE, Quarantined, [2562], [64690],1.0.1335
    PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGE.LOG, Quarantined, [1322], [334717],1.0.1335
    PUP.Optional.InstallCore, C:\USERS\TNE\DOWNLOADS\ANDY_46.16_48.EXE, Quarantined, [8], [356948],1.0.1335
    RiskWare.Tool.HCK, C:\USERS\TNE\DOWNLOADS\BANDICAM 3.1.1.1073 MULTILINGUAL + KEYMAKER [SADEEMPC].ZIP, Quarantined, [2562], [64690],1.0.1335
    PUP.Optional.InstallCore, C:\USERS\TNE\DOWNLOADS\CAMSTUDIO.EXE, Quarantined, [8], [301065],1.0.1335
    HackTool.Agent.Keygen, C:\USERS\TNE\DOWNLOADS\EVAER VIDEO RECORDER FOR SKYPE 1.6.6.22 + KEYGEN.ZIP, No Action By User, [1198], [365264],1.0.1335
    PUP.Optional.Bundler, C:\USERS\TNE\DOWNLOADS\QBITTORRENT.EXE, Quarantined, [223], [310111],1.0.1335
    PUP.Optional.Solvusoft, C:\USERS\TNE\DOWNLOADS\SETUP_DRIVERDOC_2016.EXE, Quarantined, [448], [331663],1.0.1335
    PUP.Optional.Reimage, C:\USERS\TNE\DOWNLOADS\REIMAGEREPAIR.EXE, Quarantined, [1322], [331559],1.0.1335
    PUP.Optional.SpeedItUp, C:\WINDOWS\REIMAGE.INI, Quarantined, [1425], [329423],1.0.1335

    Physical Sector: 0
    (No malicious items detected)


    (end)
     
  5. 2017/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. 2017/02/25
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    RogueKiller V12.9.8.0 (x64) [Feb 21 2017] (Free) by Adlice Software
    mail : Contact - Adlice Software
    Feedback : Adlice forum - Home
    Website : RogueKiller Anti-Malware Free Download - Official Website
    Blog : Adlice Software

    Operating System : Windows 10 (10.0.14393) 64 bits version
    Started in : Normal mode
    User : tne [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 02/25/2017 20:59:33 (Duration : 00:39:22)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 13 ¤¤¤
    [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Reimage -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-101921894-4199600636-1730465535-1003\Software\AceStream -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-101921894-4199600636-1730465535-1003\Software\OCS -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-101921894-4199600636-1730465535-1003\Software\AceStream -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-101921894-4199600636-1730465535-1003\Software\OCS -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3A1260EB-C38D-409E-AFE3-51551CBFF0D7} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\tne\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupIn| [x] -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {84093DB7-3B94-4DBC-AAD7-7C70A96F9227} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\tne\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupOut| [x] -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D8443E6-CE4C-4F1A-BCCF-E455C23E5734} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\tne\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveIn| [x] -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D442FB6-1E8F-49B3-9D02-EDEA14B4C781} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\tne\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveOut| [x] -> Deleted
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 4 ¤¤¤
    [PUP.Gen1][Folder] C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media -> Not selected
    [PUP.Gen1][Folder] C:\Users\tne\AppData\Roaming\.ACEStream -> Not selected
    [PUP.Gen1][Folder] C:\Users\tne\AppData\Roaming\ACEStream -> Not selected
    [PUP.Gen1][Folder] C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media -> Not selected

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA200 ATA Device +++++
    --- User ---
    [MBR] cf7daceb08ca425494f2bac5265349ed
    [BSP] ca79fd93b93cafd3d69f5658d9b9f795 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 1907227 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: TOSHIBA External USB 3.0 USB Device +++++
    --- User ---
    [MBR] 06d1a18b65185ed015bccf92512037e8
    [BSP] 7b99521da227a462dc326c8fbcbfca67 : Unknown|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB[Invalid]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  7. 2017/02/25
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 10 Home x64
    Ran by tne (Administrator) on Sun 02/26/2017 at 0:49:04.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 5

    Successfully deleted: C:\ProgramData\productdata (Folder)
    Successfully deleted: C:\Users\tne\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (tne) (Task)
    Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_tne (Task)
    Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_tne.job (Task)



    Registry: 1

    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/26/2017 at 0:52:12.10
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. 2017/02/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Two other logs?
     
  9. 2017/02/26
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/26/17
    Scan Time: 9:57 PM
    Logfile: mbites.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.50
    Update Package Version: 1.0.1367
    License: Trial

    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: DESKTOP-08I2K4U\tne

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 412974
    Time Elapsed: 42 min, 26 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 2
    HackTool.Agent.Keygen, C:\USERS\TNE\DOWNLOADS\EVAER VIDEO RECORDER FOR SKYPE 1.6.6.22 + KEYGEN.ZIP, No Action By User, [1198], [365264],1.0.1367
    PUP.Optional.Babylon, C:\USERS\TNE\DOWNLOADS\UNLOCKER1.9.2.EXE, No Action By User, [2117], [76260],1.0.1367

    Physical Sector: 0
    (No malicious items detected)


    (end)
     
  10. 2017/02/26
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    AdwCleaner v6.043 - Logfile created 25/02/2017 at 23:48:20
    # Updated on 27/01/2017 by Malwarebytes
    # Database : 2017-02-24.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : tne - DESKTOP-08I2K4U
    # Running from : C:\Users\tne\Downloads\AdwCleaner.exe
    # Mode: Scan
    # Support : Customer Support & Help Center



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    Folder Found: C:\Users\tne\AppData\LocalLow\.acestream
    Folder Found: C:\Users\tne\AppData\Roaming\.acestream
    Folder Found: C:\Users\tne\AppData\Roaming\acestream
    Folder Found: C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
    Folder Found: C:\_acestream_cache_


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    Task Found: {6CE18DE3-CE2A-4038-B6CE-6B9DBE7D5F91}


    ***** [ Registry ] *****

    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Classes\.acelive
    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Classes\.acemedia
    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Classes\.acestream
    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Classes\.tslive
    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Classes\acestream
    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Classes\AceStream.file
    Key Found: HKCU\Software\Classes\.acelive
    Key Found: HKCU\Software\Classes\.acemedia
    Key Found: HKCU\Software\Classes\.acestream
    Key Found: HKCU\Software\Classes\.tslive
    Key Found: HKCU\Software\Classes\acestream
    Key Found: HKCU\Software\Classes\AceStream.file
    Key Found: HKLM\SOFTWARE\Classes\.acestream
    Key Found: [x64] HKCU\Software\Classes\.acelive
    Key Found: [x64] HKCU\Software\Classes\.acemedia
    Key Found: [x64] HKCU\Software\Classes\.acestream
    Key Found: [x64] HKCU\Software\Classes\.tslive
    Key Found: [x64] HKCU\Software\Classes\acestream
    Key Found: [x64] HKCU\Software\Classes\AceStream.file
    Key Found: [x64] HKLM\SOFTWARE\Classes\.acestream
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\AceStream
    Key Found: HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
    Key Found: HKCU\Software\AceStream
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
    Key Found: [x64] HKCU\Software\AceStream
    Key Found: [x64] HKLM\SOFTWARE\Reimage
    Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
    Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
    Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
    Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
    Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
    Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
    Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.c
    Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
    Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
    Key Found: HKCU\Software\Classes\Applications\ace_player.exe
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
    Key Found: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
    Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
    Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]


    ***** [ Web browsers ] *****

    Firefox pref Found: [C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\prefs.js] - "extensions.xkit7.extension_xkit_preferences" - "{\"script\":\"//* TITLE XKit Preferences **//\\n//* VERSION 7.4.4 *
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [7128 Bytes] - [25/02/2017 23:48:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7201 Bytes] ##########
     
  11. 2017/02/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  12. 2017/02/28
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
    Ran by tne (administrator) on DESKTOP-08I2K4U (28-02-2017 10:40:28)
    Running from C:\Users\tne\Desktop
    Loaded Profiles: tne (Available Profiles: tne)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Evaer Technology) C:\Program Files (x86)\Evaer\videochannel.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Andy OS, inc.) C:\Program Files\Andy\HandyAndy.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Google Inc.) C:\Users\tne\AppData\Local\Google\Update\GoogleUpdate.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-23] (Realtek Semiconductor)
    HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1259520 2016-09-15] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [replay_telecorder_skype] => [X]
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [Google Update] => C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-22] (Google Inc.)
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\Run: [avichannel] => C:\Program Files (x86)\Evaer\videochannel.exe [1741808 2016-10-25] (Evaer Technology)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-02-22]
    ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2017-02-28]
    ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-22]
    ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-22]
    ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a3e681ff-2d01-47d9-be5e-f1e135136359}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-21] (AO Kaspersky Lab)
    BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-21] (AO Kaspersky Lab)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
    Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-21] (AO Kaspersky Lab)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: s0cv5wux.default
    FF ProfilePath: C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default [2017-02-28]
    FF Extension: (All Aboard) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\@all-aboard-v1-2 [2016-10-08]
    FF Extension: (New XKit) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\@new-xkit.xpi [2017-01-05]
    FF Extension: (Everplex YouTube Dark Black Theme) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\jid0-sUJ6HxrOADekM82af7ZS99zumXI@jetpack.xpi [2016-12-27]
    FF Extension: (Dark YouTube Theme) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2017-01-18]
    FF Extension: (LastPass) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\support@lastpass.com [2016-12-21]
    FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2016-12-30]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
    FF Extension: (Video DownloadHelper) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
    FF Extension: (Adblock Plus) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-21]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Profiles\s0cv5wux.default\features\{6b29ffff-ef75-4284-9024-5c47c13e4f9a}\disableSHA1rollout@mozilla.org.xpi [2017-02-24]
    FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-21]
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @acestream.net/acestreamplugin,version=3.1.9 -> C:\Users\tne\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\tne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @talk.google.com/O1DPlugin -> C:\Users\tne\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @tools.google.com/Google Update;version=3 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-101921894-4199600636-1730465535-1003: @tools.google.com/Google Update;version=9 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\tne\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\tne\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKU\S-1-5-21-101921894-4199600636-1730465535-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
    R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [81872 2015-08-13] (American Megatrends Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
    R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
    R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
    R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [13848 2016-12-23] (Advanced Micro Devices Inc.)
    S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmdag.sys [28729240 2016-12-07] (Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmpag.sys [530328 2016-12-07] (Advanced Micro Devices, Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
    S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
    R1 DuoVMDrv; C:\WINDOWS\system32\DRIVERS\DuoVMDrv.sys [239536 2015-08-06] (American Megatrends Inc.)
    S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [531424 2015-08-13] (Intel Corporation)
    S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43488 2015-11-06] (UB658)
    R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [38152 2016-08-16] (Elgato Systems GmbH)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
    R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-23] (REALiX(tm))
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
    R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-10-08] (AO Kaspersky Lab)
    R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-03] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-21] (AO Kaspersky Lab)
    R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-21] (AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
    R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
    R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2016-12-21] (AO Kaspersky Lab)
    R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2017-02-01] ()
    R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2016-12-21] (AO Kaspersky Lab)
    R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2016-12-21] (AO Kaspersky Lab)
    R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2016-12-21] (AO Kaspersky Lab)
    R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-21] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-23] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-27] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-27] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-27] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-27] (Malwarebytes)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-12-23] (Realtek )
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2016-10-09] (Windows (R) Win 7 DDK provider)
    R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2016-10-09] (Windows (R) Win 7 DDK provider)
    R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-10-08] (Windows (R) Win 7 DDK provider)
    S1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
    R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    S3 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-02-19] (BigNox Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-28 10:40 - 2017-02-28 10:41 - 00022609 _____ C:\Users\tne\Desktop\FRST.txt
    2017-02-28 10:40 - 2017-02-28 10:40 - 00000000 ____D C:\Users\tne\Desktop\FRST-OlderVersion
    2017-02-28 10:37 - 2017-02-28 10:39 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
    2017-02-28 10:37 - 2017-02-28 10:37 - 00000886 _____ C:\Users\tne\Desktop\Addition - Shortcut.lnk
    2017-02-28 00:16 - 2017-02-28 00:16 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
    2017-02-28 00:14 - 2017-02-28 00:14 - 00001421 _____ C:\Users\Public\Desktop\Start Andy.lnk
    2017-02-28 00:14 - 2017-02-28 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
    2017-02-28 00:12 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
    2017-02-28 00:12 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
    2017-02-28 00:12 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
    2017-02-28 00:12 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
    2017-02-28 00:12 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmkbd.sys
    2017-02-28 00:12 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll
    2017-02-28 00:12 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
    2017-02-28 00:12 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
    2017-02-28 00:12 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
    2017-02-28 00:12 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
    2017-02-28 00:12 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
    2017-02-28 00:11 - 2017-02-28 01:15 - 00000000 ____D C:\ProgramData\VMware
    2017-02-28 00:11 - 2017-02-28 00:11 - 00000000 ____D C:\Program Files\Common Files\VMware
    2017-02-28 00:05 - 2017-02-28 00:07 - 00000000 ____D C:\Program Files\Andy
    2017-02-27 18:01 - 2014-05-07 01:28 - 519483155 _____ C:\Users\tne\Desktop\2014-05-07 01-36-19.mp4
    2017-02-27 14:25 - 2017-02-27 15:02 - 366586143 _____ C:\Users\tne\Desktop\bandicam 2017-02-27 14-25-10-975.mp4
    2017-02-27 14:05 - 2017-02-28 00:11 - 00000000 ____D C:\Program Files (x86)\VMware
    2017-02-27 13:54 - 2017-02-27 13:54 - 01273400 _____ ( ) C:\Users\tne\Downloads\Andy_46.16_66.exe
    2017-02-27 13:08 - 2017-02-27 13:08 - 115826987 _____ C:\Users\tne\Downloads\Funkmaster Flex SHITS On Nicki Minaj, Just Blaze, Drake _ Ebro, Plays Remy Ma's ShEther For 1 Hour!!.mp4
    2017-02-27 12:09 - 2017-02-27 12:09 - 09111540 _____ C:\Users\tne\Downloads\Nicki Minaj Spotted After Remy Ma ShEther Diss With Gucci Mane on A Music Video Set.mp4
    2017-02-27 08:28 - 2017-02-27 08:28 - 19422557 _____ C:\Users\tne\Downloads\Remy Ma Dissing Nicki Minaj From Jail The ShEther Diss Song Wasn't Written By Papoose!.mp4
    2017-02-27 05:12 - 2017-02-27 05:12 - 00453924 _____ C:\WINDOWS\Minidump\022717-25562-01.dmp
    2017-02-27 00:06 - 2017-02-27 00:06 - 11946645 _____ C:\Users\tne\Downloads\50 Cent Trolls Nicki Minaj After Remy Ma Verbal Beatdown “SHE GONNA COME WIT A HIT”.mp4
    2017-02-26 23:19 - 2017-02-26 23:19 - 00001312 _____ C:\Users\tne\Desktop\mbites.txt
    2017-02-26 14:17 - 2017-02-26 14:17 - 00000000 ____D C:\Users\tne\AppData\Local\CrashRpt
    2017-02-26 14:13 - 2017-02-26 14:14 - 09237442 _____ C:\Users\tne\Downloads\Funkmaster Flex DESTORYS Nicki Minaj, Her Child Molester Brother, Drake _ Plays Remy Ma's ShEther.mp4
    2017-02-26 12:13 - 2017-02-26 12:31 - 67021350 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 12-13-45-169.mp4
    2017-02-26 11:56 - 2017-02-26 12:11 - 86230895 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 11-56-22-906.mp4
    2017-02-26 11:14 - 2017-02-26 11:56 - 345290796 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 11-14-22-452.mp4
    2017-02-26 10:47 - 2017-02-26 11:14 - 405963930 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 10-47-55-621.mp4
    2017-02-26 10:46 - 2017-02-26 10:47 - 05685353 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 10-46-59-023.mp4
    2017-02-26 10:22 - 2017-02-26 10:22 - 18157167 _____ C:\Users\tne\Downloads\Funkmaster Flex CLOWNS Nicki Minaj, Drake _ Ebro While Dropping Bombs On Remy Ma Diss Song ShETHER.mp4
    2017-02-26 01:07 - 2017-02-26 01:23 - 26119320 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 01-07-28-469.mp4
    2017-02-26 00:55 - 2017-02-26 01:04 - 63138765 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 00-55-31-390.mp4
    2017-02-26 00:53 - 2017-02-26 00:53 - 00691708 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 00-53-56-963.mp4
    2017-02-26 00:52 - 2017-02-26 00:52 - 00001066 _____ C:\Users\tne\Desktop\JRT.txt
    2017-02-26 00:30 - 2017-02-26 00:48 - 130381206 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 00-30-22-405.mp4
    2017-02-26 00:09 - 2017-02-26 00:30 - 147103993 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 00-09-26-980.mp4
    2017-02-26 00:09 - 2017-02-26 00:09 - 02196358 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 00-09-07-623.mp4
    2017-02-26 00:07 - 2017-02-26 00:07 - 01531081 _____ C:\Users\tne\Desktop\bandicam 2017-02-26 00-07-30-077.mp4
    2017-02-25 23:43 - 2017-02-27 00:46 - 00000000 ____D C:\AdwCleaner
    2017-02-25 23:42 - 2017-02-25 23:43 - 04015056 _____ C:\Users\tne\Downloads\AdwCleaner.exe
    2017-02-25 23:42 - 2017-02-25 23:42 - 01663040 _____ (Malwarebytes) C:\Users\tne\Downloads\JRT.exe
    2017-02-25 23:40 - 2017-02-25 23:54 - 14890381 _____ C:\Users\tne\Desktop\bandicam 2017-02-25 23-40-45-585.mp4
    2017-02-25 23:20 - 2017-02-25 23:22 - 22687254 _____ C:\Users\tne\Desktop\bandicam 2017-02-25 23-20-32-708.mp4
    2017-02-25 23:19 - 2017-02-25 23:19 - 07509946 _____ C:\Users\tne\Desktop\bandicam 2017-02-25 23-19-05-228.mp4
    2017-02-25 17:44 - 2017-02-25 17:44 - 01078591 _____ C:\Users\tne\Downloads\Unlocker1.9.2.exe
    2017-02-25 17:44 - 2017-02-25 17:44 - 00000000 ____D C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2017-02-25 17:44 - 2017-02-25 17:44 - 00000000 ____D C:\Program Files\Unlocker
    2017-02-25 17:35 - 2017-02-25 17:35 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-02-25 17:35 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-02-25 17:34 - 2017-02-25 17:34 - 01629144 _____ (Skype Technologies S.A.) C:\Users\tne\Downloads\SkypeSetup.exe
    2017-02-25 17:14 - 2017-02-25 17:15 - 00000000 ____D C:\Users\tne\Desktop\kendra kurly
    2017-02-25 16:53 - 2017-02-25 20:59 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-02-25 00:58 - 2017-02-25 01:01 - 21934696 _____ C:\Users\tne\Desktop\bandicam 2017-02-25 00-58-03-968.mp4
    2017-02-25 00:48 - 2017-02-25 00:56 - 30082192 _____ C:\Users\tne\Desktop\bandicam 2017-02-25 00-48-20-677.mp4
    2017-02-24 23:45 - 2017-02-25 00:13 - 175556812 _____ C:\Users\tne\Desktop\bandicam 2017-02-24 23-45-27-424.mp4
    2017-02-24 23:28 - 2017-02-24 23:45 - 47082291 _____ C:\Users\tne\Desktop\bandicam 2017-02-24 23-28-14-555.mp4
    2017-02-24 23:23 - 2017-02-24 23:25 - 07567227 _____ C:\Users\tne\Desktop\bandicam 2017-02-24 23-23-38-132.mp4
    2017-02-24 22:58 - 2017-02-24 23:10 - 24486933 _____ C:\Users\tne\Desktop\bandicam 2017-02-24 22-58-13-894.mp4
    2017-02-24 22:12 - 2017-02-24 22:18 - 33683831 _____ C:\Users\tne\Desktop\bandicam 2017-02-24 22-12-52-325.mp4
    2017-02-24 21:49 - 2017-02-24 22:07 - 85885980 _____ C:\Users\tne\Desktop\bandicam 2017-02-24 21-49-31-177.mp4
    2017-02-24 21:39 - 2017-02-25 01:05 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-02-24 21:39 - 2017-02-24 21:39 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-02-24 21:39 - 2017-02-24 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-02-24 21:39 - 2017-02-24 21:39 - 00000000 ____D C:\Program Files\RogueKiller
    2017-02-24 21:38 - 2017-02-24 21:38 - 34820824 _____ (Adlice Software ) C:\Users\tne\Downloads\setup(2).exe
    2017-02-24 21:31 - 2017-02-24 21:32 - 10448934 _____ C:\Users\tne\Desktop\bandicam 2017-02-24 21-31-36-468.mp4
    2017-02-24 18:23 - 2017-02-24 18:23 - 85956142 _____ C:\Users\tne\Downloads\The_Best_Of_Dipset_Vol_2-(DatPiff.com).zip
    2017-02-24 18:22 - 2017-02-24 18:23 - 231188536 _____ C:\Users\tne\Downloads\Best_Of_Dipset-(DatPiff.com).zip
    2017-02-24 18:21 - 2017-02-24 18:21 - 40284293 _____ C:\Users\tne\Downloads\The_Best_Of_Ali_Vegas_Vol_2_-_The_Prince_Of_NY-(DatPiff.com).zip
    2017-02-24 18:19 - 2017-02-24 18:20 - 75238561 _____ C:\Users\tne\Downloads\The_Best_of_the_Writers_Block_Series-(DatPiff.com).zip
    2017-02-24 17:11 - 2017-02-24 17:11 - 00004975 _____ C:\Users\tne\Desktop\sss.txt
    2017-02-24 12:06 - 2017-02-24 17:07 - 00051260 _____ C:\Users\tne\Desktop\Addition.txt
    2017-02-24 12:02 - 2017-02-28 10:40 - 00000000 ____D C:\FRST
    2017-02-24 12:00 - 2017-02-25 17:13 - 00000000 ___RD C:\Users\tne\Desktop\march 1st desktop
    2017-02-24 11:59 - 2017-02-24 12:02 - 00000000 ____D C:\Users\tne\Desktop\mal
    2017-02-24 11:56 - 2017-02-28 10:40 - 02423296 _____ (Farbar) C:\Users\tne\Desktop\FRST64.exe
    2017-02-23 15:15 - 2017-02-23 15:15 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-02-23 15:14 - 2017-02-27 23:59 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-02-23 15:14 - 2017-02-27 23:59 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-02-23 15:14 - 2017-02-27 23:59 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-02-23 15:14 - 2017-02-27 23:59 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-02-23 15:14 - 2017-02-23 15:14 - 55566792 _____ (Malwarebytes ) C:\Users\tne\Downloads\mb3-setup-consumer-3.0.6.1469.exe
    2017-02-23 15:14 - 2017-02-23 15:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-02-23 15:14 - 2017-02-23 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-02-23 15:14 - 2017-02-23 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-02-23 15:14 - 2017-02-23 15:14 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-02-23 15:14 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-02-22 19:44 - 2017-02-22 19:48 - 00000000 ____D C:\Users\tne\AppData\Local\WinZip
    2017-02-22 19:44 - 2017-02-22 19:44 - 00003610 _____ C:\WINDOWS\System32\Tasks\WinZipBackGroundToolsTask
    2017-02-22 19:44 - 2017-02-22 19:44 - 00003522 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip Background Tools.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00002181 _____ C:\Users\Public\Desktop\WinZip.lnk
    2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
    2017-02-22 19:43 - 2017-02-22 19:44 - 00000000 ____D C:\ProgramData\WinZip
    2017-02-22 19:43 - 2017-02-22 19:43 - 00723032 _____ (WinZip Computing, S.L.) C:\Users\tne\Downloads\winzip21-lan.exe
    2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
    2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\ProgramData\UniqueId
    2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\Program Files\WinZip
    2017-02-22 19:39 - 2017-02-22 19:39 - 00000000 ____D C:\Users\tne\Downloads\Bandicam 3.1.1.1073 Multilingual + Keymaker [SadeemPC]
    2017-02-20 02:57 - 2017-02-20 02:57 - 00000000 ____D C:\Users\tne\AppData\Roaming\Audacity
    2017-02-20 02:57 - 2017-02-20 02:57 - 00000000 ____D C:\Users\tne\AppData\Local\Audacity
    2017-02-20 01:56 - 2017-02-20 02:57 - 00000000 ____D C:\Program Files (x86)\Audacity
    2017-02-20 01:56 - 2017-02-20 01:56 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2017-02-20 01:56 - 2017-02-20 01:56 - 00001076 _____ C:\Users\Public\Desktop\Audacity.lnk
    2017-02-20 01:55 - 2017-02-20 01:55 - 26496761 _____ (Audacity Team ) C:\Users\tne\Downloads\audacity-win-2.1.2.exe
    2017-02-20 01:55 - 2017-02-20 01:55 - 26496761 _____ (Audacity Team ) C:\Users\tne\Downloads\audacity-win-2.1.2 (1).exe
    2017-02-19 02:56 - 2017-02-19 02:56 - 00000000 ____D C:\Users\tne\Nox_share
    2017-02-19 02:55 - 2017-02-19 02:55 - 00000045 _____ C:\Users\tne\nuuid.ini
    2017-02-19 02:55 - 2017-02-19 02:55 - 00000041 _____ C:\Users\tne\inst.ini
    2017-02-19 02:54 - 2017-02-22 23:27 - 00000000 ____D C:\Users\tne\AppData\Local\Nox
    2017-02-19 02:54 - 2017-02-22 19:22 - 00000000 ____D C:\Users\tne\vmlogs
    2017-02-19 02:54 - 2017-02-22 19:22 - 00000000 ____D C:\Users\tne\.BigNox
    2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Users\tne\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
    2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Program Files (x86)\Nox
    2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Program Files (x86)\Bignox
    2017-02-19 02:51 - 2017-02-19 02:52 - 295830920 _____ (Duodian Technology Co. Ltd.) C:\Users\tne\Downloads\nox_setup_v3.8.0.3_full_intl.exe
    2017-02-19 02:24 - 2017-02-19 02:24 - 00000000 ___HD C:\Users\tne\.DuOS
    2017-02-19 02:24 - 2017-02-19 02:24 - 00000000 ____D C:\Users\tne\DuOSShare
    2017-02-19 02:15 - 2017-02-19 02:15 - 00002626 _____ C:\Users\Public\Desktop\DuOS.lnk
    2017-02-19 02:15 - 2017-02-19 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DuOS
    2017-02-19 02:15 - 2017-02-19 02:15 - 00000000 ____D C:\ProgramData\AMI
    2017-02-19 02:15 - 2017-02-19 02:15 - 00000000 ____D C:\Program Files\AMI
    2017-02-19 02:15 - 2015-08-06 19:40 - 00239536 _____ (American Megatrends Inc.) C:\WINDOWS\system32\Drivers\DuoVMDrv.sys
    2017-02-19 02:13 - 2017-02-19 02:13 - 02971600 _____ (American Megatrends Inc.) C:\Users\tne\Downloads\DuOSInstaller-jb-lite.exe
    2017-02-16 12:16 - 2017-02-16 12:16 - 67722077 _____ C:\Users\tne\Downloads\Billy_Gatz_Presentz_Uncle_Murda_Best_Of-(DatPiff.com).zip
    2017-02-16 12:16 - 2017-02-16 12:16 - 42548656 _____ C:\Users\tne\Downloads\The_Best_Of_Uncle_Murda-(DatPiff.com).zip
    2017-02-15 15:53 - 2017-02-15 15:53 - 00449668 _____ C:\WINDOWS\Minidump\021517-25625-01.dmp
    2017-02-13 11:17 - 2017-02-13 11:17 - 00465788 _____ C:\WINDOWS\Minidump\021317-34406-01.dmp
    2017-02-09 23:49 - 2017-02-27 17:55 - 00000000 ____D C:\Users\tne\AppData\Roaming\vlc
    2017-02-09 23:49 - 2017-02-10 17:38 - 00000000 ____D C:\Users\tne\Desktop\vlc recording
    2017-02-09 23:44 - 2017-02-09 23:44 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-02-09 23:44 - 2017-02-09 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2017-02-09 23:44 - 2017-02-09 23:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2017-02-09 23:43 - 2017-02-09 23:43 - 30533688 _____ C:\Users\tne\Downloads\vlc-2.2.4-win32.exe
    2017-02-08 00:49 - 2017-02-08 01:33 - 00000000 ____D C:\Users\tne\Downloads\Shaundam
    2017-02-07 17:36 - 2017-02-07 21:56 - 00000000 ____D C:\Users\tne\Desktop\tweak r
    2017-02-03 00:43 - 2017-02-03 00:44 - 172742355 _____ C:\Users\tne\Downloads\Katie.zip
    2017-02-02 17:03 - 2017-02-02 17:04 - 00453396 _____ C:\WINDOWS\Minidump\020217-24312-01.dmp
    2017-02-02 12:13 - 2017-02-02 12:13 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-02-02 12:07 - 2017-02-02 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-02-02 12:07 - 2017-02-02 12:07 - 00000000 ____D C:\Program Files\iTunes
    2017-02-02 12:07 - 2017-02-02 12:07 - 00000000 ____D C:\Program Files\iPod
    2017-02-02 12:05 - 2017-02-02 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-02-01 02:32 - 2017-02-01 02:32 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-28 10:40 - 2016-12-21 11:09 - 00000000 ____D C:\Users\tne\AppData\LocalLow\Mozilla
    2017-02-28 10:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-02-28 10:39 - 2016-10-11 10:08 - 00000000 ____D C:\Users\tne\AppData\Local\Adobe
    2017-02-28 10:38 - 2016-10-09 11:20 - 00000000 ____D C:\Users\tne\AppData\LocalLow\LastPass
    2017-02-28 10:36 - 2016-10-08 15:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2017-02-28 01:18 - 2017-01-02 00:26 - 00000000 ____D C:\Users\tne\AppData\Roaming\Andy
    2017-02-28 01:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-02-28 00:35 - 2016-02-29 20:45 - 01047244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-02-28 00:33 - 2016-10-18 15:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-02-28 00:16 - 2016-10-08 15:44 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-02-28 00:14 - 2017-01-02 00:32 - 00000000 ____D C:\Users\tne\AppData\Roaming\VMware
    2017-02-28 00:12 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
    2017-02-28 00:11 - 2017-01-02 00:30 - 01043202 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2017-02-27 23:59 - 2016-10-18 15:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-02-27 23:58 - 2016-10-18 15:12 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2017-02-27 23:58 - 2016-10-08 15:25 - 00000000 ____D C:\Users\tne\AppData\Local\CrashDumps
    2017-02-27 23:58 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-02-27 16:19 - 2016-10-09 16:53 - 00000000 ____D C:\Users\tne\Desktop\OBS
    2017-02-27 05:12 - 2016-10-30 11:51 - 1077219298 _____ C:\WINDOWS\MEMORY.DMP
    2017-02-27 05:12 - 2016-10-30 11:51 - 00000000 ____D C:\WINDOWS\Minidump
    2017-02-27 01:00 - 2016-10-18 15:16 - 00000000 ____D C:\Users\tne
    2017-02-27 00:45 - 2017-01-07 01:09 - 00000000 ____D C:\Users\tne\AppData\Roaming\Skype
    2017-02-26 16:49 - 2016-12-22 13:11 - 00000000 ____D C:\Users\tne\Documents\Evaer
    2017-02-25 23:18 - 2016-12-30 21:59 - 00000000 ____D C:\Users\tne\Desktop\God ****
    2017-02-25 17:36 - 2016-12-21 01:17 - 00000000 ____D C:\ProgramData\Skype
    2017-02-25 17:35 - 2017-01-06 23:04 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
    2017-02-25 17:35 - 2016-12-21 01:17 - 00000000 ____D C:\Users\tne\AppData\Local\Skype
    2017-02-25 17:31 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-02-25 17:00 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-23 01:27 - 2016-10-09 10:13 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-02-23 01:27 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-02-23 01:24 - 2016-10-09 10:12 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-02-22 19:40 - 2016-12-22 01:28 - 00001057 _____ C:\Users\Public\Desktop\Bandicam.lnk
    2017-02-22 19:39 - 2016-12-22 01:28 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
    2017-02-22 19:39 - 2016-12-22 01:28 - 00000000 ____D C:\Program Files (x86)\Bandicam
    2017-02-22 19:23 - 2016-12-25 20:02 - 00000000 ____D C:\Users\tne\.android
    2017-02-20 00:20 - 2017-01-01 19:53 - 00000000 ____D C:\Users\tne\AppData\Local\TinderPlusPlus
    2017-02-19 02:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Registration
    2017-02-15 15:53 - 2016-10-11 10:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2017-02-14 11:23 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-02-14 11:23 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-02-04 00:54 - 2016-10-08 12:25 - 00000000 ____D C:\Users\tne\AppData\Local\Packages
    2017-02-02 12:07 - 2017-01-02 17:08 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-02-02 12:05 - 2017-01-02 17:10 - 00000000 ____D C:\Users\tne\AppData\Roaming\Apple Computer
    2017-02-02 12:05 - 2017-01-02 17:10 - 00000000 ____D C:\Users\tne\AppData\Local\Apple Computer
    2017-01-31 11:47 - 2017-01-01 19:30 - 00000000 ____D C:\Users\tne\Desktop\mug
    2017-01-30 21:05 - 2016-10-08 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    ==================== Files in the root of some directories =======

    2016-12-22 01:14 - 2016-12-22 01:14 - 0000073 _____ () C:\Users\tne\AppData\Roaming\Camdata.ini
    2016-12-22 01:14 - 2016-12-22 01:14 - 0000408 _____ () C:\Users\tne\AppData\Roaming\CamLayout.ini
    2016-12-22 01:14 - 2016-12-22 01:14 - 0000408 _____ () C:\Users\tne\AppData\Roaming\CamShapes.ini
    2016-12-22 01:14 - 2016-12-22 01:14 - 0004546 _____ () C:\Users\tne\AppData\Roaming\CamStudio.cfg
    2016-12-22 01:10 - 2016-12-22 01:10 - 0000096 _____ () C:\Users\tne\AppData\Roaming\version2.xml
    2016-10-08 14:48 - 2016-11-08 02:52 - 0032744 _____ () C:\Users\tne\AppData\Roaming\VoiceMeeterDefault.xml
    2016-10-08 15:25 - 2016-10-08 15:25 - 0007601 _____ () C:\Users\tne\AppData\Local\Resmon.ResmonCfg
    2016-12-23 23:32 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\tne\AppData\Local\TroubleshooterConfig.json
    2016-10-18 15:12 - 2016-10-18 15:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2016-11-23 20:52 - 2016-11-23 20:52 - 1040816 _____ (www.Bandisoft.com) C:\Users\tne\AppData\Local\Temp\bdcam64_0.dll
    2016-11-23 20:52 - 2016-11-23 20:52 - 0875440 _____ (www.Bandisoft.com) C:\Users\tne\AppData\Local\Temp\bdcam_0.dll
    2013-08-05 01:15 - 2013-08-05 01:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\tne\AppData\Local\Temp\bdfilters.dll
    2017-02-24 21:39 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\tne\AppData\Local\Temp\dllnt_dump.dll
    2017-01-13 00:49 - 2017-01-13 00:49 - 0192512 _____ () C:\Users\tne\AppData\Local\Temp\sfamcc00001.dll
    2017-01-13 00:51 - 2017-01-13 00:51 - 0192512 _____ () C:\Users\tne\AppData\Local\Temp\sfamcc00002.dll
    2017-01-13 00:49 - 2017-01-13 00:49 - 0158720 _____ () C:\Users\tne\AppData\Local\Temp\sfareca00001.dll
    2017-01-13 00:51 - 2017-01-13 00:51 - 0158720 _____ () C:\Users\tne\AppData\Local\Temp\sfareca00002.dll
    2017-01-07 01:10 - 2017-02-11 21:01 - 44047840 _____ (Skype Technologies S.A.) C:\Users\tne\AppData\Local\Temp\SkypeSetup.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-23 01:23

    ==================== End of FRST.txt ============================
     
  13. 2017/02/28
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    dditional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
    Ran by tne (28-02-2017 10:42:05)
    Running from C:\Users\tne\Desktop
    Windows 10 Home Version 1607 (X64) (2016-10-18 20:30:10)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-101921894-4199600636-1730465535-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-101921894-4199600636-1730465535-503 - Limited - Disabled)
    Guest (S-1-5-21-101921894-4199600636-1730465535-501 - Limited - Disabled)
    tne (S-1-5-21-101921894-4199600636-1730465535-1003 - Administrator - Enabled) => C:\Users\tne

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2015.3 (HKLM-x32\...\PPRO_10_4_0) (Version: 10.4.0 - Adobe Systems Incorporated)
    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
    Andy OS (HKLM\...\Andy OS) (Version: 46.16 - Andy OS, Inc)
    Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Auto Mouse Click v15.1 (HKLM-x32\...\{F5E3859D-0720-41F0-BAF5-4CBCDFD8F406}_is1) (Version: 15.1 - MurGee.com)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
    Catalyst Control Center Next Localization BR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
    CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    DuOS (HKLM\...\{E4CEC959-9A90-4391-86D0-76B518171F9D}) (Version: 1.1.0.7525 - American Megatrends Inc.)
    Elgato Game Capture HD (HKLM\...\{4281A206-158E-4C28-B078-397188759F60}) (Version: 3.20.33.1533 - Elgato Systems GmbH)
    Evaer Video Recorder for Skype 1.6.6.22 (HKLM-x32\...\Evaer Video Recorder for Skype) (Version: 1.6.6.22 - Evaer Technology)
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
    Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
    Game Capture HD60 S v1.1.0.160 (HKLM-x32\...\Software_Elgato_Game Capture HD60 S) (Version: 1.1.0.160 - Elgato Systems)
    Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
    iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
    IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
    iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    K-Lite Mega Codec Pack 12.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    ManyCam 2.6.65 (remove only) (HKLM-x32\...\ManyCam) (Version: 2.6.65 - ManyCam LLC)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.3 - Duodian Technology Co. Ltd.)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
    Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.7.1001 - ooVoo LLC.)
    PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1001.0 - Passmark Software)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
    Replay Telecorder for Skype 1.3.0.12 (HKLM-x32\...\Replay Telecorder for Skype_is1) (Version: 1.3.0.12 - Applian Technologies Inc.)
    RogueKiller version 12.9.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.8.0 - Adlice Software)
    Skype Launcher (HKLM-x32\...\{82799854-39DF-4EC3-8778-918CE0C81A3F}_is1) (Version: 1.6.5 - binaerkombinat)
    Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Tinder++ version 1.3.0 (HKLM-x32\...\{CCD04A62-CD9B-4962-A36A-0F18FC7A8D52}_is1) (Version: 1.3.0 - VibraMedia, LLC)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VMware Player (HKLM\...\{6D211A09-EB2A-4B83-ACCB-13B1BC12AF4E}) (Version: 12.5.2 - VMware, Inc.)
    VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.6.00000 - VMware, Inc.)
    Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
    Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
    WebM Project Directshow Filters (HKU\S-1-5-21-101921894-4199600636-1730465535-1003\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
    WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - Xvid Development Team)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C286DD87171A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    CustomCLSID: HKU\S-1-5-21-101921894-4199600636-1730465535-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tne\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {004F103E-0EF8-4F46-B249-1E8160CF8D1F} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-08I2K4U-tne => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {251A5465-9D65-44FC-9187-275795B6150B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
    Task: {315B9176-89DA-4895-A583-D785FB8FF6EC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {334B463E-F23A-4778-A8EC-3BF0AD62B3F0} - System32\Tasks\{6D7EDC90-8124-4D49-9303-7DA6148010B0} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {4473A86B-4C4B-4D2E-9803-7E787863FED0} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2017-02-10] (WinZip Computing, S.L.)
    Task: {4A5668A3-2F2B-4A88-8B6C-51060D1418D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {53E5EFB0-5B39-4408-A019-4915C475FECC} - System32\Tasks\{A878B077-424C-4F63-91DB-DAB3DAA3D815} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {6B2F7222-9568-4089-8DE1-D9903B278BEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-101921894-4199600636-1730465535-1003Core => C:\Users\tne\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-22] (Google Inc.)
    Task: {6E559352-AE8E-4741-95F1-9FFB48B07511} - System32\Tasks\{EB3AD9AE-76CB-403C-B98F-19991C45FA1B} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {738EA0F3-62AE-4B07-BF35-D84FD1347765} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
    Task: {7A41503B-EE1C-4328-90B8-31A0FE842B37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-101921894-4199600636-1730465535-1003UA => C:\Users\tne\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-22] (Google Inc.)
    Task: {7F28695E-D93B-405F-80F1-48AC50A71DD3} - System32\Tasks\{6882B8E9-8727-4FF9-9E07-D24FEFCF6838} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {846845A7-236F-495B-A615-815380491C24} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-10] (WinZip)
    Task: {9CB5D5AB-4C2D-406A-984C-2E94440EF58D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-04] (Advanced Micro Devices, Inc.)
    Task: {9F594453-5356-4D92-8C4D-7C39A0F1272A} - System32\Tasks\IU Task (One-Time) => C:\Program Files (x86)\IObit\IObit Uninstaller\XmasPromote.exe
    Task: {D6ED83AF-C55D-4775-B179-5F45D2048A71} - System32\Tasks\{433FF9F7-76A9-42D3-9691-EB7D43AE56A1} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {D92867D5-8E8C-4576-8654-09530F739F97} - System32\Tasks\{796DBF8F-C322-4CD3-9E8B-74B045C82DA9} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar
    Task: {DBDFF187-EA02-4603-AA23-8F2915156C26} - System32\Tasks\ASC Task (One-Time) => C:\Program Files (x86)\IObit\Advanced SystemCare\XmasPromote.exe
    Task: {FAEF0B44-372F-4942-AFC3-D69447D4DA6D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {FD4C94A6-3232-45E7-B6E9-DD368AE5D18B} - System32\Tasks\{EC0F6296-87AC-4073-9354-9B6A66521918} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.73.105.456/en/abandoninstall?page=tsProgressBar

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-02-23 15:14 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-02-23 15:14 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-02-23 15:14 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
    2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-21 00:32 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-12-21 00:32 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-21 00:32 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2016-10-18 19:05 - 2016-10-18 19:05 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-10 15:22 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-01-10 15:21 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-01-10 15:21 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-10 15:21 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-01-10 15:21 - 2016-12-21 01:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
    2016-09-15 21:12 - 2016-09-15 21:12 - 01259520 _____ () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
    2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2017-01-10 15:21 - 2016-12-21 01:47 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
    2017-01-10 15:21 - 2016-12-21 01:47 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
    2016-07-16 06:43 - 2016-07-16 09:27 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
    2016-07-16 06:43 - 2016-07-16 09:26 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
    2016-07-16 06:43 - 2016-07-16 09:27 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
    2016-07-16 06:43 - 2016-07-16 09:27 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
    2016-07-16 06:43 - 2016-07-16 09:27 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
    2016-07-16 06:43 - 2016-07-16 09:27 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
    2016-07-16 06:43 - 2016-07-16 09:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
    2016-07-16 06:43 - 2016-07-16 09:26 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
    2016-06-27 23:19 - 2016-06-27 23:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
    2016-12-23 22:16 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2016-12-23 22:16 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2016-12-23 22:16 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2016-09-26 13:55 - 2016-09-26 13:55 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
    2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
    2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
    2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
    2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
    2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
    2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
    2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ___RA C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-101921894-4199600636-1730465535-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\tne\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{8E9CC5DF-82D9-4483-A841-49588F1F4D0D}] => (Allow) C:\Users\tne\AppData\Roaming\ACEStream\engine\ace_engine.exe
    FirewallRules: [{9BF3C1DC-0BA2-46E6-AF70-3AA5617BAE2D}] => (Allow) C:\Users\tne\AppData\Roaming\ACEStream\engine\ace_engine.exe
    FirewallRules: [{0831A072-8CD3-4536-9781-9519660E5370}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{37C8587A-2C23-4A19-A2EB-BABD2C724575}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2A874968-A166-47B2-8710-E02FF99A71DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{260777D5-F7F0-42B6-BB7E-289856E799C3}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
    FirewallRules: [{0FB10075-CA77-463D-8BF6-0D753E331125}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
    FirewallRules: [{05445C12-7DAD-40D2-9A75-147F044D1E0F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{1EBCEBE5-FB8E-4A11-8125-9DE3AEA23A75}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{E3CFBCC4-A87F-482D-AF29-369570B0EAC0}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
    FirewallRules: [{6A187401-CBA0-4171-A1CC-A154666C3108}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
    FirewallRules: [{03CAC2C8-CFC5-4B99-8384-CB3084FB272A}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
    FirewallRules: [{312346F9-6FF1-4D3A-9924-27EE94906D5B}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
    FirewallRules: [{92F4319D-9BBF-4517-8636-8D5604C28AC1}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
    FirewallRules: [{0BEDEF41-7343-4788-9E1B-ADE7B8261DEF}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
    FirewallRules: [{3C28204E-A3A1-4259-A714-4E32AE344C2E}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
    FirewallRules: [{D8D2CC85-D257-46A0-9B43-DA30D0F223FB}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
    FirewallRules: [{EF11EC4C-52C7-48EC-A91E-D615A91D2AC1}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
    FirewallRules: [{182623B4-D3C3-4EDE-95F3-4ED4F6EE6BB5}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
    FirewallRules: [{5EEA9552-1A57-47D5-89CB-9596C8D31C80}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
    FirewallRules: [{11FEF774-E2DF-4AE7-A06E-F5D3DC88E75D}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
    FirewallRules: [{E451BACD-130A-4D55-8B83-A3AD8AC49417}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
    FirewallRules: [{10E7591F-97A6-4423-AA07-A2BD6C4FC3A2}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
    FirewallRules: [{EDE29B49-E80D-41D7-9B18-80D5DBE1EF41}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
    FirewallRules: [{9633A367-28E4-442E-9323-37B0AF1897AB}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
    FirewallRules: [{9070BC2D-DDB0-47D6-B94E-33DA8D8AB8D5}] => (Allow) C:\Users\tne\AppData\Local\Temp\andy-x64\Setup.exe
    FirewallRules: [{0F11C5A9-954C-4DF8-94E6-78448F7D220C}] => (Allow) C:\Users\tne\AppData\Local\Temp\andy-x64\Setup.exe
    FirewallRules: [{C4A7E7F5-03B4-4371-8B9D-74CE4FE9C7D0}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{7BCCC6DC-65D7-4FDF-A519-C70922036198}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{14645C52-54E0-4A7E-AA1B-1BC9D82326C5}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{840B17B7-0691-4418-80CB-2DB9B966A7A3}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{E2A7618E-E0DE-49CC-92F3-8F4675B089A1}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{2D8A206B-DD76-4E55-8A48-D82757FCDA56}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{E283B367-7A34-4D03-97A1-2FB9762E06A3}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{20A9F451-4882-419F-B505-970FBC6DAE0A}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{B124E3C2-28A9-451C-AE36-73A45EB0C9C6}] => (Allow) C:\Users\tne\AppData\Local\Temp\RemoveTemp.exe
    FirewallRules: [{19F2801E-7785-4F62-AA48-541FA37A4431}] => (Allow) C:\Users\tne\AppData\Local\Temp\RemoveTemp.exe
    FirewallRules: [{D99650FF-D3DB-4F92-AC3B-526E50EAFF46}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
    FirewallRules: [{56008285-E993-45B2-A3A1-D53CAA8805B1}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
    FirewallRules: [{602BDFA5-EC6D-46C9-B4B1-657A9ABD46A2}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
    FirewallRules: [{ADE3F393-83DE-4C09-A18E-59CA131DA3C4}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
    FirewallRules: [{9D0C672A-637D-439B-A899-DEAF9064AC97}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [{676D4643-3D11-4D4F-B6F1-58DB9ECAFBFD}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

    ==================== Restore Points =========================

    09-02-2017 18:58:12 Scheduled Checkpoint
    20-02-2017 01:39:13 Scheduled Checkpoint
    26-02-2017 00:49:10 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/28/2017 10:39:24 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.

    Error: (02/28/2017 10:36:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004C003
    Command-line arguments:
    RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

    Error: (02/28/2017 10:36:48 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0xC004C003
    Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

    Error: (02/28/2017 10:36:48 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0xC004C003

    Error: (02/28/2017 10:36:13 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007139F
    Command-line arguments:
    RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (02/28/2017 10:36:12 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0xC004C003
    Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

    Error: (02/28/2017 10:36:12 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0xC004C003

    Error: (02/28/2017 10:36:04 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
    The manifest file root element must be assembly.

    Error: (02/28/2017 12:17:50 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.

    Error: (02/28/2017 12:15:57 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
    The manifest file root element must be assembly.


    System errors:
    =============
    Error: (02/28/2017 10:36:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/28/2017 01:18:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/28/2017 12:12:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VMware Input Filter and Injection Driver (vmkbd) service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (02/28/2017 12:00:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/27/2017 11:59:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/27/2017 11:58:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-08I2K4U)
    Description: The server App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

    Error: (02/27/2017 11:58:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-08I2K4U)
    Description: The server App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

    Error: (02/27/2017 11:58:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-08I2K4U)
    Description: The server App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

    Error: (02/27/2017 11:58:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/27/2017 11:58:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2017-02-28 10:38:57.801
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-28 10:38:57.607
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-28 01:18:47.892
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-28 01:18:47.854
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-28 00:17:17.657
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-28 00:17:17.610
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-28 00:15:27.075
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-28 00:15:26.989
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-02-27 14:07:03.090
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

    Date: 2017-02-27 00:45:53.942
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8320 Eight-Core Processor
    Percentage of memory in use: 17%
    Total physical RAM: 16365.55 MB
    Available physical RAM: 13552.93 MB
    Total Virtual: 18797.55 MB
    Available Virtual: 15907.6 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1862.53 GB) (Free:941.58 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: EC6E64C7)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: DCEBAFD7)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  14. 2017/02/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Those are clean :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  15. 2017/02/28
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Kaspersky Internet Security
    Windows Defender
    Malwarebytes
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 24.0.0.221
    Mozilla Firefox (51.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Kaspersky Lab Kaspersky Anti-Virus 17.0.0 avp.exe
    Kaspersky Lab Kaspersky Anti-Virus 17.0.0 avpui.exe
    Malwarebytes Anti-Malware mbamtray.exe
    Kaspersky Lab Kaspersky Secure Connection 1.0 ksde.exe
    Kaspersky Lab Kaspersky Secure Connection 1.0 ksdeui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  16. 2017/02/28
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    Farbar Service Scanner Version: 27-01-2016
    Ran by tne (administrator) on 28-02-2017 at 21:02:22
    Running from "C:\Users\tne\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  17. 2017/02/28
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    2017-03-01 02:07:16.852 Sophos Virus Removal Tool version 2.5.6
    2017-03-01 02:07:16.852 Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

    2017-03-01 02:07:16.852 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2017-03-01 02:07:16.852 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2017-03-01 02:07:16.853 Checking for updates...
    2017-03-01 02:07:16.895 Update progress: proxy server not available
    2017-03-01 02:07:26.588 Downloading updates...
    2017-03-01 02:07:26.590 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
    2017-03-01 02:07:26.604 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-03-01 02:07:26.604 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-03-01 02:07:26.604 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
    2017-03-01 02:07:26.604 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
    2017-03-01 02:07:26.604 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
    2017-03-01 02:07:26.604 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
    2017-03-01 02:07:26.604 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
    2017-03-01 02:07:26.605 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-03-01 02:07:26.869 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
    2017-03-01 02:07:26.869 Update progress: [I19463] Product download size 158884372 bytes
    2017-03-01 02:07:29.004 Option all = no
    2017-03-01 02:07:29.004 Option recurse = yes
    2017-03-01 02:07:29.004 Option archive = no
    2017-03-01 02:07:29.004 Option service = yes
    2017-03-01 02:07:29.004 Option confirm = yes
    2017-03-01 02:07:29.004 Option sxl = yes
    2017-03-01 02:07:29.006 Option max-data-age = 35
    2017-03-01 02:07:29.006 Option vdl-logging = yes
    2017-03-01 02:07:29.047 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2017-03-01 02:07:29.047 Machine ID: f53316f9c93e478390fd47bc80fdfdce
    2017-03-01 02:07:29.049 Component SVRTcli.exe version 2.5.6
    2017-03-01 02:07:29.050 Component control.dll version 2.5.6
    2017-03-01 02:07:29.050 Component SVRTservice.exe version 2.5.6
    2017-03-01 02:07:29.051 Component engine\osdp.dll version 1.44.1.2280
    2017-03-01 02:07:29.051 Component engine\veex.dll version 3.68.0.2280
    2017-03-01 02:07:29.052 Component engine\savi.dll version 9.0.7.2280
    2017-03-01 02:07:29.054 Component rkdisk.dll version 1.5.31.1
    2017-03-01 02:07:29.054 Version info: Product version 2.5.6
    2017-03-01 02:07:29.055 Version info: Detection engine 3.68.0
    2017-03-01 02:07:29.055 Version info: Detection data 5.36
    2017-03-01 02:07:29.055 Version info: Build date 2/7/2017
    2017-03-01 02:07:29.056 Version info: Data files added 221
    2017-03-01 02:07:29.056 Version info: Last successful update (not yet updated)
    2017-03-01 02:07:50.322 Update progress: [I19463] Syncing product IDE537 LATEST path=
    2017-03-01 02:07:50.322 Update progress: [I19463] Product download size 2537599 bytes
    2017-03-01 02:07:56.373 Update progress: [I19463] Syncing product IDE538 LATEST path=
    2017-03-01 02:07:56.373 Update progress: [I19463] Product download size 1763139 bytes
    2017-03-01 02:07:58.350 Installing updates...
    2017-03-01 02:07:58.953 Error level 1
    2017-03-01 02:08:31.071 Update successful
    2017-03-01 02:08:41.591 Option all = no
    2017-03-01 02:08:41.591 Option recurse = yes
    2017-03-01 02:08:41.591 Option archive = no
    2017-03-01 02:08:41.591 Option service = yes
    2017-03-01 02:08:41.591 Option confirm = yes
    2017-03-01 02:08:41.591 Option sxl = yes
    2017-03-01 02:08:41.593 Option max-data-age = 35
    2017-03-01 02:08:41.593 Option vdl-logging = yes
    2017-03-01 02:08:41.603 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2017-03-01 02:08:41.603 Machine ID: f53316f9c93e478390fd47bc80fdfdce
    2017-03-01 02:08:41.605 Component SVRTcli.exe version 2.5.6
    2017-03-01 02:08:41.605 Component control.dll version 2.5.6
    2017-03-01 02:08:41.606 Component SVRTservice.exe version 2.5.6
    2017-03-01 02:08:41.606 Component engine\osdp.dll version 1.44.1.2280
    2017-03-01 02:08:41.606 Component engine\veex.dll version 3.68.0.2280
    2017-03-01 02:08:41.607 Component engine\savi.dll version 9.0.7.2280
    2017-03-01 02:08:41.608 Component rkdisk.dll version 1.5.31.1
    2017-03-01 02:08:41.608 Version info: Product version 2.5.6
    2017-03-01 02:08:41.608 Version info: Detection engine 3.68.0
    2017-03-01 02:08:41.608 Version info: Detection data 5.36
    2017-03-01 02:08:41.608 Version info: Build date 2/7/2017
    2017-03-01 02:08:41.608 Version info: Data files added 221
    2017-03-01 02:08:41.608 Version info: Last successful update 2/28/2017 9:08:31 PM

    2017-03-01 02:18:27.803 Warning: rootkit scan failed to open device "\\?\Volume{dcebafd7-0000-0000-0000-100000000000}" (1)
    2017-03-01 03:11:01.123 Could not open C:\hiberfil.sys
    2017-03-01 03:11:01.244 Could not open C:\pagefile.sys
    2017-03-01 03:19:34.558 Could not open C:\ProgramData\Kaspersky Lab\AVP17.0.0\SysWHist\file_cache\meta
    2017-03-01 03:19:52.042 Could not open C:\swapfile.sys
    2017-03-01 03:19:52.192 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.193 Could not open C:\System Volume Information\{94e9fe17-ef0c-11e6-9dba-1c1b0d12345f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.194 Could not open C:\System Volume Information\{c0d3a067-f733-11e6-9dbc-1c1b0d12345f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.194 Could not open C:\System Volume Information\{dd8db821-fe15-11e6-9dc1-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.195 Could not open C:\System Volume Information\{f18f0a40-fbe0-11e6-9dbf-1c1b0d12345f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:28:18.405 >>> Virus 'Mal/Mdrop-CE' found in file C:\Users\tne\Downloads\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\KeyGen\keygen.exe
    2017-03-01 03:28:18.405 >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2017-03-01 03:28:18.406 >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2017-03-01 03:33:13.004 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2017-03-01 03:33:16.070 Could not open C:\Windows\System32\config\BBI
    2017-03-01 03:33:16.227 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2017-03-01 03:33:16.229 Could not open C:\Windows\System32\config\RegBack\SAM
    2017-03-01 03:33:16.230 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2017-03-01 03:33:16.232 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2017-03-01 03:33:16.234 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2017-03-01 03:46:42.664 Could not open LOGICAL:0003:00000000
    2017-03-01 03:46:42.668 Could not open D:\
    2017-03-01 03:46:45.717 Could not open LOGICAL:0004:00000000
    2017-03-01 03:46:45.722 Could not open E:\
    2017-03-01 03:46:46.290 The following items will be cleaned up:
    2017-03-01 03:46:46.290 Mal/Mdrop-CE
     
  18. 2017/02/28
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    2017-03-01 02:07:16.852 Sophos Virus Removal Tool version 2.5.6
    2017-03-01 02:07:16.852 Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

    2017-03-01 02:07:16.852 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2017-03-01 02:07:16.852 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2017-03-01 02:07:16.853 Checking for updates...
    2017-03-01 02:07:16.895 Update progress: proxy server not available
    2017-03-01 02:07:26.588 Downloading updates...
    2017-03-01 02:07:26.590 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
    2017-03-01 02:07:26.604 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-03-01 02:07:26.604 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-03-01 02:07:26.604 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
    2017-03-01 02:07:26.604 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
    2017-03-01 02:07:26.604 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
    2017-03-01 02:07:26.604 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
    2017-03-01 02:07:26.604 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
    2017-03-01 02:07:26.605 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
    2017-03-01 02:07:26.605 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-03-01 02:07:26.869 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
    2017-03-01 02:07:26.869 Update progress: [I19463] Product download size 158884372 bytes
    2017-03-01 02:07:29.004 Option all = no
    2017-03-01 02:07:29.004 Option recurse = yes
    2017-03-01 02:07:29.004 Option archive = no
    2017-03-01 02:07:29.004 Option service = yes
    2017-03-01 02:07:29.004 Option confirm = yes
    2017-03-01 02:07:29.004 Option sxl = yes
    2017-03-01 02:07:29.006 Option max-data-age = 35
    2017-03-01 02:07:29.006 Option vdl-logging = yes
    2017-03-01 02:07:29.047 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2017-03-01 02:07:29.047 Machine ID: f53316f9c93e478390fd47bc80fdfdce
    2017-03-01 02:07:29.049 Component SVRTcli.exe version 2.5.6
    2017-03-01 02:07:29.050 Component control.dll version 2.5.6
    2017-03-01 02:07:29.050 Component SVRTservice.exe version 2.5.6
    2017-03-01 02:07:29.051 Component engine\osdp.dll version 1.44.1.2280
    2017-03-01 02:07:29.051 Component engine\veex.dll version 3.68.0.2280
    2017-03-01 02:07:29.052 Component engine\savi.dll version 9.0.7.2280
    2017-03-01 02:07:29.054 Component rkdisk.dll version 1.5.31.1
    2017-03-01 02:07:29.054 Version info: Product version 2.5.6
    2017-03-01 02:07:29.055 Version info: Detection engine 3.68.0
    2017-03-01 02:07:29.055 Version info: Detection data 5.36
    2017-03-01 02:07:29.055 Version info: Build date 2/7/2017
    2017-03-01 02:07:29.056 Version info: Data files added 221
    2017-03-01 02:07:29.056 Version info: Last successful update (not yet updated)
    2017-03-01 02:07:50.322 Update progress: [I19463] Syncing product IDE537 LATEST path=
    2017-03-01 02:07:50.322 Update progress: [I19463] Product download size 2537599 bytes
    2017-03-01 02:07:56.373 Update progress: [I19463] Syncing product IDE538 LATEST path=
    2017-03-01 02:07:56.373 Update progress: [I19463] Product download size 1763139 bytes
    2017-03-01 02:07:58.350 Installing updates...
    2017-03-01 02:07:58.953 Error level 1
    2017-03-01 02:08:31.071 Update successful
    2017-03-01 02:08:41.591 Option all = no
    2017-03-01 02:08:41.591 Option recurse = yes
    2017-03-01 02:08:41.591 Option archive = no
    2017-03-01 02:08:41.591 Option service = yes
    2017-03-01 02:08:41.591 Option confirm = yes
    2017-03-01 02:08:41.591 Option sxl = yes
    2017-03-01 02:08:41.593 Option max-data-age = 35
    2017-03-01 02:08:41.593 Option vdl-logging = yes
    2017-03-01 02:08:41.603 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2017-03-01 02:08:41.603 Machine ID: f53316f9c93e478390fd47bc80fdfdce
    2017-03-01 02:08:41.605 Component SVRTcli.exe version 2.5.6
    2017-03-01 02:08:41.605 Component control.dll version 2.5.6
    2017-03-01 02:08:41.606 Component SVRTservice.exe version 2.5.6
    2017-03-01 02:08:41.606 Component engine\osdp.dll version 1.44.1.2280
    2017-03-01 02:08:41.606 Component engine\veex.dll version 3.68.0.2280
    2017-03-01 02:08:41.607 Component engine\savi.dll version 9.0.7.2280
    2017-03-01 02:08:41.608 Component rkdisk.dll version 1.5.31.1
    2017-03-01 02:08:41.608 Version info: Product version 2.5.6
    2017-03-01 02:08:41.608 Version info: Detection engine 3.68.0
    2017-03-01 02:08:41.608 Version info: Detection data 5.36
    2017-03-01 02:08:41.608 Version info: Build date 2/7/2017
    2017-03-01 02:08:41.608 Version info: Data files added 221
    2017-03-01 02:08:41.608 Version info: Last successful update 2/28/2017 9:08:31 PM

    2017-03-01 02:18:27.803 Warning: rootkit scan failed to open device "\\?\Volume{dcebafd7-0000-0000-0000-100000000000}" (1)
    2017-03-01 03:11:01.123 Could not open C:\hiberfil.sys
    2017-03-01 03:11:01.244 Could not open C:\pagefile.sys
    2017-03-01 03:19:34.558 Could not open C:\ProgramData\Kaspersky Lab\AVP17.0.0\SysWHist\file_cache\meta
    2017-03-01 03:19:52.042 Could not open C:\swapfile.sys
    2017-03-01 03:19:52.192 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.193 Could not open C:\System Volume Information\{94e9fe17-ef0c-11e6-9dba-1c1b0d12345f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.194 Could not open C:\System Volume Information\{c0d3a067-f733-11e6-9dbc-1c1b0d12345f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.194 Could not open C:\System Volume Information\{dd8db821-fe15-11e6-9dc1-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:19:52.195 Could not open C:\System Volume Information\{f18f0a40-fbe0-11e6-9dbf-1c1b0d12345f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2017-03-01 03:28:18.405 >>> Virus 'Mal/Mdrop-CE' found in file C:\Users\tne\Downloads\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\KeyGen\keygen.exe
    2017-03-01 03:28:18.405 >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2017-03-01 03:28:18.406 >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2017-03-01 03:33:13.004 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2017-03-01 03:33:16.070 Could not open C:\Windows\System32\config\BBI
    2017-03-01 03:33:16.227 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2017-03-01 03:33:16.229 Could not open C:\Windows\System32\config\RegBack\SAM
    2017-03-01 03:33:16.230 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2017-03-01 03:33:16.232 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2017-03-01 03:33:16.234 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2017-03-01 03:46:42.664 Could not open LOGICAL:0003:00000000
    2017-03-01 03:46:42.668 Could not open D:\
    2017-03-01 03:46:45.717 Could not open LOGICAL:0004:00000000
    2017-03-01 03:46:45.722 Could not open E:\
    2017-03-01 03:46:46.290 The following items will be cleaned up:
    2017-03-01 03:46:46.290 Mal/Mdrop-CE
    2017-03-01 04:29:33.632 Threat 'Mal/Mdrop-CE' has been cleaned up.
    2017-03-01 04:29:33.632 File "C:\Users\tne\Downloads\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\KeyGen\keygen.exe" belongs to malware 'Mal/Mdrop-CE'.
    2017-03-01 04:29:33.632 File "C:\Users\tne\Downloads\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\Evaer Video Recorder for Skype 1.6.6.22 + KeyGen\KeyGen\keygen.exe" has been cleaned up.
    2017-03-01 04:29:33.632 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" belongs to malware 'Mal/Mdrop-CE'.
    2017-03-01 04:29:33.632 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" has been cleaned up.
    2017-03-01 04:29:33.632 Removal successful
    2017-03-01 04:29:34.194 Error level 0
     
  19. 2017/02/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - Keep your Firefox healthy with a quick checkup
    other browsers: Qualys BrowserCheck (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    7. Download and install Secunia Personal Software Inspector (PSI): Personal Software Inspector. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    10. Read:
    How did I get infected?, With steps so it does not happen again!: How did I get infected? - Anti-Virus, Anti-Malware, and Privacy Software
    Simple and easy ways to keep your computer safe and secure on the Internet: Simple and easy ways to keep your computer safe and secure on the Internet
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: Answers to common security questions - Best Practices - Anti-Virus, Anti-Malware, and Privacy Software

    11. Please, let me know, how your computer is doing.
     
  20. 2017/02/28
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    Computer doing great just wanna say thank u, You been helping me out for about 4-5 years now. You're very much appreciated
     
  21. 2017/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.