Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Primitive (administrator) on RANY (13-01-2017 17:24:47)
Running from C:\Users\Primitive\Downloads
Loaded Profiles: Primitive (Available Profiles: Primitive)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hi-Rez Studios) G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) G:\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) G:\Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
(Malwarebytes) G:\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Rainmeter) G:\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => G:\Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => G:\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Steam] => G:\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Discord] => C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [TQOS_REPORT] => g:\new folder (2)\monster hunter online\bin\client\tools\tqos_reporter.exe
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify] => C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-10-09]
ShortcutTarget: Rainmeter.lnk -> G:\Rainmeter\Rainmeter.exe (Rainmeter)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7eb64d0a-f41c-4682-a71c-66653c8069d9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{83fe7494-0511-4654-8018-3bf915ca7f93}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7427483-624e-4d4c-9009-612f371d9f4c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c88be9c3-cd57-11e5-a678-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [DhcpNameServer] 192.168.29.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-233390903-2661952563-451428824-1001 -> {BDDDE980-C83F-4A8C-84E1-4F78EEF45929} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin64 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)
Chrome:
=======
CHR Profile: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default [2017-01-13]
CHR Extension: (Google Slides) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-07]
CHR Extension: (Google Docs) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-07]
CHR Extension: (Google Drive) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-07]
CHR Extension: (YouTube) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-07]
CHR Extension: (Google Search) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-07]
CHR Extension: (Google Sheets) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-10]
CHR Extension: (ROBLOX+) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-01-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1452040 2016-10-15] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-03-11] (EasyAntiCheat Ltd)
U2 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMService; G:\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-09-24] (Echobit, LLC)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2017-01-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-13] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 TesMon; C:\WINDOWS\system32\TesMon.sys [71976 2016-09-17] (Tencent)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [1135288 2016-09-17] (TENCENT)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U0 aswVmm; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-13 17:18 - 2017-01-12 18:15 - 03988944 _____ C:\Users\Primitive\Desktop\adwcleaner_6.042 - Copy.exe
2017-01-12 18:15 - 2017-01-13 17:21 - 00000000 ____D C:\AdwCleaner
2017-01-12 18:15 - 2017-01-12 18:15 - 03988944 _____ C:\Users\Primitive\Desktop\adwcleaner_6.042.exe
2017-01-12 17:08 - 2017-01-12 17:09 - 00017084 _____ C:\Users\Primitive\Desktop\Fixlog.txt
2017-01-12 17:07 - 2017-01-12 17:07 - 00000000 ____D C:\Users\Primitive\Downloads\FRST-OlderVersion
2017-01-12 17:05 - 2017-01-12 17:05 - 00004739 _____ C:\Users\Primitive\Desktop\fixlist.txt
2017-01-12 17:04 - 2017-01-13 17:24 - 00001022 _____ C:\Users\Primitive\Desktop\FRST64.exe - Shortcut.lnk
2017-01-11 19:14 - 2017-01-11 19:14 - 00000127 _____ C:\Users\Primitive\Desktop\ckfiles.txt
2017-01-11 19:02 - 2017-01-11 19:02 - 00468480 _____ () C:\Users\Primitive\Desktop\CKScanner.exe
2017-01-11 19:02 - 2017-01-11 19:02 - 00000741 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-01-11 19:02 - 2017-01-11 19:02 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RANY-Windows-10-Home-(64-bit).dat
2017-01-11 19:02 - 2017-01-11 19:02 - 00000000 ____D C:\RegBackup
2017-01-11 19:02 - 2017-01-11 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-11 19:01 - 2017-01-11 19:02 - 00013886 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-01-11 19:01 - 2017-01-11 19:01 - 05766144 _____ (Tweaking.com) C:\Users\Primitive\Downloads\tweaking.com_registry_backup_setup.exe
2017-01-11 18:44 - 2017-01-11 18:44 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-10 21:38 - 2017-01-13 17:24 - 00071712 _____ C:\Users\Primitive\Downloads\Addition.txt
2017-01-10 21:38 - 2017-01-13 17:24 - 00020733 _____ C:\Users\Primitive\Downloads\FRST.txt
2017-01-10 21:38 - 2017-01-13 17:24 - 00000000 ____D C:\FRST
2017-01-10 21:38 - 2017-01-12 17:07 - 02419200 _____ (Farbar) C:\Users\Primitive\Downloads\FRST64.exe
2017-01-10 21:12 - 2017-01-10 21:12 - 00000969 _____ C:\Users\Primitive\Downloads\DigiCertHighAssuranceEVRootCA.crt
2017-01-10 20:47 - 2017-01-10 20:47 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 20:34 - 2017-01-10 21:03 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-10 20:32 - 2017-01-10 20:33 - 231192896 _____ (AVAST Software) C:\Users\Primitive\Downloads\avast_free_antivirus_setup_offline.exe
2017-01-10 19:32 - 2017-01-10 19:37 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-10 19:32 - 2017-01-10 19:37 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-10 19:32 - 2017-01-10 19:32 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-10 19:31 - 2016-03-04 11:55 - 00987728 _____ (Google Inc.) C:\Users\Primitive\Desktop\ChromeSetup.exe
2017-01-10 19:21 - 2017-01-10 19:21 - 00001442 _____ C:\Users\Primitive\Desktop\Microsoft Edge - Shortcut.lnk
2017-01-10 19:12 - 2016-12-21 04:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:12 - 2016-12-21 04:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-10 19:12 - 2016-12-21 03:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-10 19:12 - 2016-12-21 02:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-10 19:12 - 2016-12-21 01:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-10 19:12 - 2016-12-21 00:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-10 19:12 - 2016-12-21 00:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:12 - 2016-12-21 00:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:12 - 2016-12-21 00:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-10 19:12 - 2016-12-21 00:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:12 - 2016-12-20 23:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 06:10 - 2017-01-10 06:10 - 00288256 ____H C:\WINDOWS\system32\BIT8DED.tmp
2017-01-10 06:10 - 2017-01-10 06:10 - 00288256 ____H C:\WINDOWS\system32\BIT6FB5.tmp
2017-01-10 01:32 - 2017-01-10 01:32 - 00006952 _____ C:\TDSSKiller.3.1.0.12_10.01.2017_01.32.06_log.txt
2017-01-10 01:31 - 2017-01-10 01:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-10 01:29 - 2017-01-10 01:31 - 00086176 _____ C:\TDSSKiller.3.1.0.12_10.01.2017_01.29.53_log.txt
2017-01-10 01:29 - 2017-01-10 01:29 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Primitive\Desktop\tdsskiller.exe
2017-01-10 01:14 - 2017-01-12 17:05 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AAA7E8BD-894E-42B0-A4E4-C7C98A5F38BF}
2017-01-10 01:10 - 2017-01-10 01:10 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-10 01:01 - 2017-01-10 21:05 - 00000649 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 01:01 - 2017-01-10 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 01:01 - 2017-01-10 01:00 - 54199488 _____ (Malwarebytes ) C:\Users\Primitive\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-10 01:01 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-10 00:57 - 2017-01-10 00:57 - 00000000 ____D C:\Users\Primitive\Desktop\mbam-chameleon-3.1.33.0
2017-01-10 00:18 - 2017-01-10 00:19 - 06705178 _____ C:\Users\Primitive\Downloads\mbam-chameleon-3.1.33.0.zip
2017-01-10 00:02 - 2017-01-10 00:02 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mozilla
2017-01-09 23:49 - 2017-01-09 23:49 - 00000046 _____ C:\WINDOWS\wininit.ini
2017-01-09 23:46 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\4W0W2ATTVO
2017-01-09 22:06 - 2017-01-10 20:57 - 02352668 _____ C:\WINDOWS\ntbtlog.txt
2017-01-09 22:06 - 2017-01-10 20:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-09 21:59 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\WULGW5D5I7
2017-01-09 21:54 - 2017-01-10 01:07 - 00000000 ____D C:\Program Files\COMODO
2017-01-09 21:54 - 2017-01-09 21:54 - 00000001 _____ C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 21:54 - 2017-01-09 21:54 - 00000000 ____D C:\ProgramData\COMODO
2017-01-09 21:53 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\2A2LPM4EMV
2017-01-09 21:53 - 2017-01-09 21:53 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-01-09 21:53 - 2017-01-09 21:53 - 00000000 ____D C:\Users\Primitive\AppData\Local\node-webkit
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ___HD C:\Program Files (x86)\neuharth
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ___HD C:\Program Files (x86)\Defects
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\IC2V2WYVYK
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files (x86)\operant
2017-01-09 21:52 - 2017-01-10 01:16 - 00000000 ___HD C:\Program Files (x86)\Hits
2017-01-09 21:52 - 2017-01-10 01:14 - 00000000 ____D C:\Program Files (x86)\lafite
2017-01-09 21:52 - 2017-01-10 01:08 - 00000000 ____D C:\Program Files (x86)\Ralph
2017-01-09 21:52 - 2017-01-10 01:08 - 00000000 ____D C:\Program Files (x86)\acidosis
2017-01-09 21:52 - 2017-01-10 01:07 - 00000000 ____D C:\Program Files (x86)\institutionalizing
2017-01-09 21:52 - 2017-01-09 23:53 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-09 21:52 - 2017-01-09 21:54 - 00000000 ____D C:\a
2017-01-09 21:52 - 2017-01-09 21:54 - 00000000 _____ C:\Users\Primitive\AppData\Local\stxtname.txt
2017-01-09 21:52 - 2017-01-09 21:52 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-09 21:52 - 2017-01-09 21:52 - 00140288 _____ C:\Users\Primitive\AppData\Roaming\Installer.dat
2017-01-09 21:52 - 2017-01-09 21:52 - 00000055 _____ C:\WINDOWS\key.ini
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\Program Files (x86)\MaxInternet
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\Program Files (x86)\informs
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 _____ C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 _____ C:\TOSTACK
2017-01-09 21:49 - 2017-01-09 21:53 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\uTorrent
2017-01-09 21:43 - 2017-01-09 21:43 - 00010752 _____ C:\WINDOWS\omagh.exe
2017-01-09 11:23 - 2017-01-09 11:23 - 00192000 _____ C:\WINDOWS\dll.dll
2017-01-09 11:23 - 2017-01-09 11:23 - 00041202 _____ C:\WINDOWS\blasphemous.exe
2017-01-08 11:36 - 2016-11-22 06:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-01-08 11:36 - 2016-11-22 05:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-01-08 11:36 - 2016-11-22 05:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-01-08 11:36 - 2016-11-22 05:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-08 11:36 - 2016-11-22 05:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-01-08 11:36 - 2016-11-22 05:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-01-08 11:36 - 2016-11-22 05:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-01-08 11:36 - 2016-11-22 05:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-01-08 11:36 - 2016-11-22 04:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-01-08 11:36 - 2016-11-22 04:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-01-08 11:36 - 2016-11-22 04:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-01-08 11:36 - 2016-11-22 04:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-01-08 11:36 - 2016-11-22 04:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-01-08 11:36 - 2016-11-22 04:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-01-08 11:36 - 2016-11-22 04:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-01-08 11:36 - 2016-11-22 03:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-08 11:36 - 2016-11-22 03:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-01-08 11:36 - 2016-11-22 03:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-01-08 11:36 - 2016-11-22 03:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-01-08 11:36 - 2016-11-22 03:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-01-08 11:36 - 2016-11-22 03:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-01-08 11:36 - 2016-11-22 03:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-01-08 11:36 - 2016-11-22 03:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-08 11:36 - 2016-11-22 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-01-08 11:36 - 2016-11-22 03:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-01-08 11:36 - 2016-11-22 03:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-01-08 11:36 - 2016-11-22 03:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-08 11:36 - 2016-11-22 02:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-01-08 11:36 - 2016-11-22 02:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-01-08 11:36 - 2016-11-22 02:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-01-08 11:36 - 2016-11-22 02:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-01-08 11:36 - 2016-11-22 02:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-01-08 11:36 - 2016-11-22 02:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-01-08 11:36 - 2016-11-22 02:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-08 11:36 - 2016-11-22 02:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-01-08 11:36 - 2016-11-22 02:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-01-08 11:36 - 2016-11-22 02:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-08 11:36 - 2016-11-22 02:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-01-08 11:36 - 2016-11-22 01:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-01-08 11:36 - 2016-11-22 01:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-01-08 11:36 - 2016-11-22 01:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-08 11:36 - 2016-11-22 01:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-01-06 14:13 - 2017-01-06 14:13 - 02020532 _____ C:\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe
2017-01-02 14:04 - 2017-01-02 14:04 - 00000000 ____D C:\Users\Primitive\Documents\My Games
2017-01-01 19:08 - 2016-12-11 13:23 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-01 19:05 - 2016-12-11 22:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 17586992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00470400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00172736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00153368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00150784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00131536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00042286 _____ C:\WINDOWS\system32\nvinfo.pb
2017-01-01 19:00 - 2017-01-13 17:21 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-01 19:00 - 2016-12-12 18:36 - 00156096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-01 19:00 - 2016-12-12 18:36 - 00123840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-01 19:00 - 2016-12-12 09:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2016-12-23 20:02 - 2016-12-23 20:12 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\HandBrake
2016-12-23 20:02 - 2016-12-23 20:02 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\HandBrake Team
2016-12-23 19:56 - 2016-12-23 19:56 - 00000000 ____D C:\Users\Primitive\.fontconfig
2016-12-23 19:55 - 2016-12-23 19:55 - 00005054 _____ C:\ProgramData\mudtcpaz.vzs
2016-12-23 19:55 - 2016-12-23 19:55 - 00000016 _____ C:\ProgramData\mntemp
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\Users\Primitive\AppData\Local\Movavi
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\Users\Primitive\AppData\Local\converter
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\ProgramData\Movavi Video Converter 17
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\ProgramData\Movavi
2016-12-17 19:53 - 2016-12-17 19:53 - 00000000 ____D C:\Users\Primitive\Documents\Heroes of the Storm
2016-12-16 16:59 - 2016-12-16 17:00 - 00000000 ____D C:\Users\Primitive\AppData\Local\SkypePlugin
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-13 17:24 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2017-01-13 17:22 - 2016-10-09 14:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\Spotify
2017-01-13 17:22 - 2016-04-04 15:11 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-13 17:22 - 2016-02-07 00:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-13 17:22 - 2016-02-07 00:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-13 17:21 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-01-13 17:18 - 2016-10-09 15:08 - 00000000 ____D C:\Users\Primitive\AppData\Local\ClassicShell
2017-01-13 17:18 - 2016-10-09 14:09 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Spotify
2017-01-13 17:17 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 17:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-12 19:54 - 2016-09-26 16:57 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-01-12 17:16 - 2016-02-07 00:12 - 00770738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-12 17:08 - 2016-02-07 04:03 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\Temp
2017-01-11 23:44 - 2016-02-07 01:05 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-11 23:44 - 2016-02-07 01:05 - 00000000 ____D C:\Program Files\paint.net
2017-01-11 22:02 - 2016-02-11 17:47 - 00000000 ____D C:\Users\Primitive\AppData\Local\CrashDumps
2017-01-11 18:44 - 2016-04-30 11:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\discord
2017-01-11 18:44 - 2016-04-30 11:59 - 00000000 ____D C:\Users\Primitive\AppData\Local\Discord
2017-01-10 21:27 - 2016-02-07 00:04 - 00000000 ____D C:\Users\Primitive
2017-01-10 20:55 - 2016-02-07 00:39 - 00000000 ____D C:\Program Files\WinRAR
2017-01-10 20:47 - 2016-02-07 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 20:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 20:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-10 20:13 - 2016-02-07 02:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2017-01-10 20:12 - 2016-02-07 02:38 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 20:12 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 19:32 - 2016-02-07 00:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-10 01:08 - 2015-10-30 02:18 - 00001590 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2017-01-10 01:01 - 2016-04-04 15:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-10 00:26 - 2016-04-04 15:11 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-09 23:42 - 2016-04-04 15:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-09 22:02 - 2016-02-07 00:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\MicrosoftEdge
2017-01-09 21:54 - 2016-05-01 19:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-09 21:54 - 2016-04-04 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-09 21:54 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-01-09 21:49 - 2016-11-10 10:17 - 00001672 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk
2017-01-09 21:49 - 2016-02-07 00:11 - 00002291 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-09 18:36 - 2016-05-19 19:58 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\5kplayer
2017-01-08 21:07 - 2016-02-07 00:01 - 00355432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-08 11:36 - 2016-12-01 23:13 - 00000000 ____D C:\WINDOWS\Panther
2017-01-07 20:49 - 2016-02-09 14:31 - 00000000 ____D C:\Users\Primitive\AppData\Local\Battle.net
2017-01-07 16:38 - 2016-02-09 14:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-05 17:02 - 2016-02-07 00:15 - 00000000 ____D C:\Users\Primitive\AppData\Local\Roblox
2017-01-02 15:00 - 2016-02-07 00:07 - 00000000 ____D C:\Users\Primitive\AppData\Local\Packages
2017-01-02 14:24 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-02 14:23 - 2016-10-14 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-01 23:47 - 2016-02-07 03:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mumble
2017-01-01 19:08 - 2016-10-06 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-01 19:08 - 2016-02-07 00:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-01 19:08 - 2014-08-31 13:59 - 00000000 ____D C:\Temp
2017-01-01 19:07 - 2016-04-30 15:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-01 19:00 - 2016-02-07 02:02 - 00000000 ____D C:\Users\Primitive\AppData\Local\NVIDIA Corporation
2017-01-01 19:00 - 2016-02-07 00:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-01 19:00 - 2016-02-07 00:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-31 13:36 - 2016-02-07 00:15 - 00000249 _____ C:\Users\Primitive\AppData\LocalLow\rbxcsettings.rbx
2016-12-28 20:43 - 2016-11-24 21:22 - 00000000 ____D C:\Users\Primitive\AppData\Local\Warframe
2016-12-22 17:48 - 2015-10-30 02:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:48 - 2015-10-30 02:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 22:14 - 2016-03-11 17:19 - 00536312 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-12-16 22:30 - 2016-02-07 00:04 - 00524288 ___SH C:\Users\Primitive\NTUSER.DAT{c88bea38-cd57-11e5-a678-cb494ac8b415}.TMContainer00000000000000000001.regtrans-ms
2016-12-16 22:30 - 2016-02-07 00:04 - 00065536 ___SH C:\Users\Primitive\NTUSER.DAT{c88bea38-cd57-11e5-a678-cb494ac8b415}.TM.blf
2016-12-16 16:50 - 2016-02-07 03:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-15 20:07 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Fonts
==================== Files in the root of some directories =======
2017-01-09 21:52 - 2017-01-09 21:52 - 0099678 _____ () C:\Users\Primitive\AppData\Roaming\booking.ico
2017-01-09 21:52 - 2017-01-09 21:52 - 0140288 _____ () C:\Users\Primitive\AppData\Roaming\Installer.dat
2016-06-01 20:22 - 2016-06-01 20:22 - 0007606 _____ () C:\Users\Primitive\AppData\Local\Resmon.ResmonCfg
2017-01-09 21:52 - 2017-01-09 21:52 - 0000000 _____ () C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 21:54 - 2017-01-09 21:54 - 0000001 _____ () C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 21:52 - 2017-01-09 21:54 - 0000000 _____ () C:\Users\Primitive\AppData\Local\stxtname.txt
2016-09-17 23:45 - 2016-09-17 23:45 - 0000184 _____ () C:\ProgramData\DP0004.dat
2016-12-23 19:55 - 2016-12-23 19:55 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-23 19:55 - 2016-12-23 19:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2017-01-01 19:00 - 2017-01-13 17:22 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-01 19:00 - 2017-01-13 17:21 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Files to move or delete:
====================
C:\ProgramData\DP0004.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-09 19:00
==================== End of FRST.txt ============================