Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

dds wont run, Virus removal help please!

This is a discussion on dds wont run, Virus removal help please! within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My computer has been lagging at times for at least 2months now. It started when i tried downloading a game


Closed Thread
 
Thread Tools Search this Thread
Old 02-28-2017, 01:12 PM   #1
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 8.1 x64



My computer has been lagging at times for at least 2months now. It started when i tried downloading a game using a torrent website, and its been bad since. I've used avg,malwarebytes and other virus programs. They seem to help , but then it comes back, and they can never remove the viruses in the "system-32 or system based folders" I tried running DDS and it said not able to run in Compatibility mode. Im stuck, im a new user and i really need help. Thanks in advance.
owens_k is offline  
Sponsored Links
Advertisement
 
Old 03-05-2017, 02:24 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-05-2017, 06:50 PM   #3
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 8.1 x64



# AdwCleaner v6.044 - Logfile created 05/03/2017 at 20:35:27
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Kalen - OWENS
# Running from : C:\Users\Kalen\Downloads\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Kalen\AppData\Local\AdvinstAnalytics
[-] Folder deleted: C:\Program Files\pclient
[-] Folder deleted: C:\ProgramData\Ronzaps
[-] Folder deleted: C:\ProgramData\Microleaves
[-] Folder deleted: C:\ProgramData\vCore
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Ronzaps
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\vCore
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Users\Kalen\AppData\Local\Temp\AdvinstAnalytics
[-] Folder deleted: C:\Users\Kalen\AppData\Local\app
[-] Folder deleted: C:\Users\Kalen\AppData\Roaming\browsers
[-] Folder deleted: C:\Windows\SysWOW64\sstmp
[-] Folder deleted: C:\Users\Kalen\AppData\Roaming\SPI


***** [ Files ] *****

[-] File deleted: C:\Users\Kalen\AppData\Local\uninstallro.exe
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\Users\Kalen\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\Kalen\AppData\Roaming\Main.dat
[-] File deleted: C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Local

Storage\chrome-extension_fdckocnfhibclnnkifmjbbogcfkbijki_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Microsoft\Windows\Media Center\VCore


***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application

\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog

\Application\WindowService
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext

\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-696274453-1965292550-244582310-1001\Software

\MapsGalaxy
[#] Key deleted on reboot: HKCU\Software\MapsGalaxy
[-] Key deleted: HKLM\SOFTWARE\Xtp
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\MapsGalaxy
[-] Key deleted: [x64] HKLM\SOFTWARE\Xtp
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features

\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products

\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer

\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features

\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products

\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKU\S-1-5-21-696274453-1965292550-244582310-1001\Software

\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes

\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer

\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage

\land.pckeeper.software
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage

\pckeeper.software
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Funny Comedy and Entertainment videos govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage

\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage

\land.pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage

\pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage

\Funny Comedy and Entertainment videos govids.net
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

\StartupApproved\Run32 [vProt]
[-] Value deleted: HKU\S-1-5-21-696274453-1965292550-244582310-1001\Software

\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [NowUSeeIt Player]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

\StartupApproved\Run32 [NowUSeeIt Player]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

\StartupApproved\Run32 [AnonymizerGadget]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

\StartupApproved\Run32 [BestCleaner]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

\StartupApproved\Run32 [DailyBee]
[-] Value deleted: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

[Homepage]


***** [ Web browsers ] *****

[-] Firefox preferences cleaned: "browser.search.defaultenginename" - "AVG Secure

Search"
[-] [C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default] [startup_urls]

Deleted: hxxp://www-searching.com/?pid=s&s=h19ztrmbl10bu,f84757b2-2167-4978-8e82-

931abcb8f633,&vp=ch&prd=set_ch
[-] [C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted:

jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted:

hxxp://www-searching.com/?pid=s&s=h19ztrmbl10bu,f84757b2-2167-4978-8e82-

931abcb8f633,&vp=ch&prd=set_ch


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6124 Bytes] - [05/03/2017 20:35:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [6061 Bytes] - [05/03/2017 20:33:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6270 Bytes] ##########
owens_k is offline  
Sponsored Links
Advertisement
 
Old 03-05-2017, 06:51 PM   #4
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 8.1 x64



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Kalen (administrator) on OWENS (05-03-2017 20:41:23)
Running from C:\Users\Kalen\Downloads
Loaded Profiles: Kalen (Available Profiles: Kalen)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Riot Games\LolScreenSaver\service\service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TunnelBear) C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Windscribe\Windscribe.exe
(MurGee.com) C:\Users\Kalen\AppData\Roaming\Auto Clicker\AutoClicker.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-19] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3122152 2016-07-01] (Blizzard Entertainment)
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\Run: [Spotify Web Helper] => C:\Users\Kalen\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-21] (Spotify Ltd)
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\Run: [asxcec] => rundll32.exe "C:\Users\Kalen\AppData\Local\asxcec.dll",asxcec <===== ATTENTION
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7948392 2016-12-08] ()
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\Kalen\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-10-27] (MurGee.com)
HKU\S-1-5-21-696274453-1965292550-244582310-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\lol.scr [3721216 2016-03-30] ()
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-08]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-08]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-08]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2014-12-04]
ShortcutTarget: Curse.lnk -> C:\Users\Kalen\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0144E20B-BA81-4067-A577-9B1DEE4AA9D3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0144E20B-BA81-4067-A577-9B1DEE4AA9D3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{19C223AE-501A-4C36-8DC6-DEB33BB40473}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{19C223AE-501A-4C36-8DC6-DEB33BB40473}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{281261FE-FA13-4F21-9AD6-53B35044B43D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{42AB8AD8-1BE6-44C4-A51A-22FA59BFB37F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{42AB8AD8-1BE6-44C4-A51A-22FA59BFB37F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{612BF31F-52EA-41E1-9634-1C25F29134E6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C8FDE46C-DD81-4759-8688-7FB6D015217E}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{E9771674-918D-4F96-AC9C-53273EC927F3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E9771674-918D-4F96-AC9C-53273EC927F3}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F4EDAC7C-FA66-41D8-A9AA-7700651882C6}: [DhcpNameServer] 10.110.138.1

Internet Explorer:
==================
HKU\S-1-5-21-696274453-1965292550-244582310-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.minehp.com/?tn=sdkes_inner_minehp_us&guid=8497a9d14eebd9b0d41ed8215a5d486f
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.minehp.com/?tn=sdkes_inner_minehp_us&guid=8497a9d14eebd9b0d41ed8215a5d486f
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-11] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: ity3ouv0.default
FF ProfilePath: C:\Users\Kalen\AppData\Roaming\Mozilla\Firefox\Profiles\ity3ouv0.default [2017-02-24]
FF user.js: detected! => C:\Users\Kalen\AppData\Roaming\Mozilla\Firefox\Profiles\ity3ouv0.default\user.js [2017-01-09]
FF Homepage: Mozilla\Firefox\Profiles\ity3ouv0.default -> about:home
FF Extension: (Windscribe) - C:\Users\Kalen\AppData\Roaming\Mozilla\Firefox\Profiles\ity3ouv0.default\Extensions\@windscribeff.xpi [2017-02-24]
FF Extension: (Adblock Plus) - C:\Users\Kalen\AppData\Roaming\Mozilla\Firefox\Profiles\ity3ouv0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-10]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Kalen\AppData\Roaming\Mozilla\Firefox\Profiles\ity3ouv0.default\features\{e9eb3750-1d5b-4568-a00c-784bb7d1de27}\[email protected] [2017-02-24]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-10] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default [2017-03-05]
CHR Extension: (Google Docs) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Kalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 LolScreenSaverService; C:\Riot Games\LolScreenSaver\service\service.exe [707072 2016-03-30] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S2 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-19] (Razer Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [38272 2016-12-16] (TunnelBear)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [53352 2016-12-08] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 20:41 - 2017-03-05 20:41 - 00017064 _____ C:\Users\Kalen\Downloads\FRST.txt
2017-03-05 20:40 - 2017-03-05 20:41 - 00000000 ____D C:\FRST
2017-03-05 20:40 - 2017-03-05 20:40 - 02423808 _____ (Farbar) C:\Users\Kalen\Downloads\FRST64.exe
2017-03-05 20:31 - 2017-03-05 20:35 - 00000000 ____D C:\AdwCleaner
2017-03-05 20:31 - 2017-03-05 20:31 - 04031440 _____ C:\Users\Kalen\Downloads\adwcleaner_6.044.exe
2017-03-05 20:31 - 2017-03-05 20:31 - 04031440 _____ C:\Users\Kalen\Downloads\AdwCleaner.exe
2017-03-04 15:02 - 2017-03-04 15:02 - 00845600 _____ (MurGee.com ) C:\Users\Kalen\Downloads\setup.exe
2017-03-04 15:02 - 2017-03-04 15:02 - 00001022 _____ C:\Users\Kalen\Desktop\Auto Clicker for Games.lnk
2017-03-04 15:02 - 2017-03-04 15:02 - 00000982 _____ C:\Users\Kalen\Desktop\Auto Clicker.lnk
2017-03-04 15:02 - 2017-03-04 15:02 - 00000000 ____D C:\Users\Kalen\AppData\Roaming\Auto Clicker
2017-03-04 15:02 - 2017-03-04 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
2017-03-01 16:35 - 2017-03-01 16:35 - 00024113 _____ C:\Users\Kalen\Downloads\Document.pdf
2017-03-01 16:32 - 2017-03-01 16:32 - 00048011 _____ C:\Users\Kalen\Downloads\Kalen.zip
2017-02-28 15:11 - 2017-02-28 15:11 - 00688992 _____ (Swearware) C:\Users\Kalen\Downloads\dds (5).scr
2017-02-28 15:11 - 2017-02-28 15:11 - 00688992 _____ (Swearware) C:\Users\Kalen\Downloads\dds (4).scr
2017-02-28 15:01 - 2017-02-28 15:01 - 00688992 _____ (Swearware) C:\Users\Kalen\Downloads\dds (3).scr
2017-02-28 14:57 - 2017-02-28 14:57 - 00688992 _____ (Swearware) C:\Users\Kalen\Downloads\dds (2).scr
2017-02-28 14:55 - 2017-02-28 14:55 - 00688992 _____ (Swearware) C:\Users\Kalen\Downloads\dds.scr
2017-02-28 14:55 - 2017-02-28 14:55 - 00688992 _____ (Swearware) C:\Users\Kalen\Downloads\dds (1).scr
2017-02-26 11:54 - 2016-11-30 00:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-02-26 11:54 - 2016-11-30 00:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-02-26 11:54 - 2016-10-25 15:35 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-02-26 11:54 - 2016-10-25 15:35 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-02-26 11:54 - 2016-10-25 15:34 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-02-26 11:54 - 2016-10-25 15:34 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-02-24 09:50 - 2017-02-28 14:55 - 00000000 ____D C:\Users\Kalen\AppData\Roaming\TunnelBear
2017-02-24 09:50 - 2017-02-24 09:50 - 00000000 ____D C:\Users\Kalen\AppData\Local\IsolatedStorage
2017-02-24 09:49 - 2017-02-28 12:17 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2017-02-24 09:49 - 2017-02-24 09:49 - 00001889 _____ C:\Users\Public\Desktop\TunnelBear.lnk
2017-02-24 09:49 - 2017-02-24 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2017-02-24 09:38 - 2017-02-24 09:38 - 24709664 _____ (TunnelBear) C:\Users\Kalen\Downloads\TunnelBear-Installer.exe
2017-02-24 09:38 - 2017-02-24 09:38 - 24709664 _____ (TunnelBear) C:\Users\Kalen\Downloads\TunnelBear-Installer (1).exe
2017-02-24 08:52 - 2017-02-24 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2017-02-24 08:50 - 2017-02-24 08:50 - 13430840 _____ (Windscribe ) C:\Users\Kalen\Downloads\Windscribe(1).exe
2017-02-24 08:36 - 2017-02-24 08:52 - 00001083 _____ C:\Users\Public\Desktop\Windscribe.lnk
2017-02-24 08:36 - 2017-02-24 08:36 - 00000000 ____D C:\Users\Kalen\AppData\Local\Windscribe
2017-02-24 08:34 - 2017-02-24 08:52 - 00000000 ____D C:\Program Files (x86)\Windscribe
2017-02-24 08:34 - 2017-02-24 08:36 - 00000000 ____D C:\Program Files\TAP-Windows
2017-02-24 08:33 - 2017-02-24 08:33 - 13430840 _____ (Windscribe ) C:\Users\Kalen\Downloads\Windscribe.exe
2017-02-12 13:07 - 2017-03-01 15:11 - 00000000 ____D C:\Users\Kalen\Desktop\New folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 20:38 - 2015-12-31 18:14 - 00000000 ____D C:\Users\Kalen\AppData\Local\CrashDumps
2017-03-05 20:38 - 2014-08-18 14:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-05 20:37 - 2014-06-30 03:20 - 00000000 __RDO C:\Users\Kalen\OneDrive
2017-03-05 20:36 - 2014-12-12 00:28 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-05 20:36 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-05 20:35 - 2013-08-22 07:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-03-05 20:32 - 2013-08-22 02:12 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5F91CBE-7E58-4B13-BD87-E9B2F87943DF}
2017-03-05 20:31 - 2013-12-29 17:43 - 00000000 ____D C:\Users\Kalen\AppData\Local\Battle.net
2017-03-05 19:29 - 2015-02-20 23:38 - 00000044 _____ C:\Users\Kalen\jagex_cl_oldschool_LIVE.dat
2017-03-05 19:15 - 2016-02-10 20:42 - 00000024 _____ C:\Users\Kalen\jagexappletviewer.preferences
2017-03-05 15:40 - 2015-08-13 13:52 - 00000000 ____D C:\Users\Kalen\AppData\Roaming\Spotify
2017-03-05 15:37 - 2013-12-29 17:43 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-05 15:35 - 2015-08-13 13:54 - 00000000 ____D C:\Users\Kalen\AppData\Local\Spotify
2017-03-05 06:04 - 2013-08-22 02:16 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-696274453-1965292550-244582310-1001
2017-03-05 03:16 - 2014-12-04 20:15 - 00000000 ____D C:\Users\Kalen\AppData\Roaming\Curse Client
2017-03-03 00:31 - 2013-08-22 02:10 - 00000000 ____D C:\Users\Kalen
2017-02-28 18:52 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2017-02-28 12:19 - 2015-05-06 13:40 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-02-26 11:56 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-24 16:44 - 2017-01-09 18:40 - 00000000 ____D C:\Users\Kalen\AppData\LocalLow\Mozilla
2017-02-24 09:50 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2017-02-24 09:49 - 2013-12-21 23:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-24 09:47 - 2017-01-09 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-24 09:47 - 2017-01-09 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-23 16:33 - 2013-12-19 18:18 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 16:28 - 2013-12-19 18:18 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 16:46 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 16:46 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2017-02-20 08:15 - 2017-01-09 19:56 - 00000000 ____D C:\Program Files (x86)\AVG
2017-02-20 08:15 - 2017-01-09 19:55 - 00000000 ____D C:\ProgramData\Avg
2017-02-20 08:08 - 2017-01-09 19:55 - 00000000 ____D C:\Users\Kalen\AppData\Local\AvgSetupLog
2017-02-20 08:04 - 2015-07-10 21:51 - 00000000 ____D C:\Program Files (x86)\Nexon
2017-02-20 08:04 - 2015-04-23 02:49 - 00000000 ____D C:\Users\Kalen\AppData\Roaming\NexonLauncher
2017-02-20 00:03 - 2015-02-19 22:27 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2017-02-18 14:40 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2017-02-11 03:56 - 2014-12-22 20:58 - 00000000 ____D C:\Users\Kalen\AppData\Local\ElevatedDiagnostics
2017-02-06 13:41 - 2015-04-16 22:46 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:41 - 2013-08-22 09:38 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-04 21:05 - 2013-08-22 02:13 - 00005388 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 02:33 - 2017-01-19 02:06 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 02:33 - 2017-01-19 02:06 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-03 20:51 - 2014-11-25 20:29 - 00000000 ____D C:\ProgramData\Skype
2017-02-03 20:50 - 2014-11-25 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2017-01-09 02:50 - 2017-01-09 02:50 - 0000001 _____ () C:\Users\Kalen\AppData\Roaming\EXEuPP
2017-01-09 03:02 - 2017-01-09 03:02 - 0136826 _____ () C:\Users\Kalen\AppData\Roaming\Sontouch.bin
2016-12-30 20:16 - 2017-03-05 20:36 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-30 20:16 - 2017-01-09 14:47 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-01-09 02:50 - 2017-01-09 02:50 - 1851676 _____ () C:\Users\Kalen\AppData\Local\Temp\cpa.exe
2017-01-09 02:55 - 2017-01-09 02:55 - 0016384 _____ (DoxX) C:\Users\Kalen\AppData\Local\Temp\cubecc.exe
2017-01-09 02:58 - 2017-01-09 02:58 - 0199168 _____ () C:\Users\Kalen\AppData\Local\Temp\g11E8.tmp.exe
2017-02-20 08:07 - 2017-01-09 18:47 - 11581544 _____ (SurfRight B.V.) C:\Users\Kalen\AppData\Local\Temp\HitmanPro.exe
2016-11-03 02:10 - 2016-11-03 02:10 - 0781936 _____ () C:\Users\Kalen\AppData\Local\Temp\InstallHelper.exe
2014-09-29 11:06 - 2014-09-29 11:06 - 0937896 _____ (Oracle Corporation) C:\Users\Kalen\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2017-01-09 13:27 - 2015-07-10 21:43 - 0178072 _____ (Nexon) C:\Users\Kalen\AppData\Local\Temp\NGM.exe
2013-12-20 00:45 - 2015-07-10 21:43 - 0948120 _____ (Nexon) C:\Users\Kalen\AppData\Local\Temp\NGMDll.dll
2013-12-20 00:45 - 2015-07-10 21:43 - 0407448 _____ (Nexon) C:\Users\Kalen\AppData\Local\Temp\NGMResource.dll
2015-04-23 02:15 - 2015-05-28 03:56 - 3620864 _____ (Nexon) C:\Users\Kalen\AppData\Local\Temp\NGMSetup.exe
2014-05-21 08:34 - 2016-12-01 11:05 - 0747464 _____ (NVIDIA Corporation) C:\Users\Kalen\AppData\Local\Temp\nvSCPAPI.dll
2014-05-21 08:34 - 2016-12-01 11:05 - 0860960 _____ (NVIDIA Corporation) C:\Users\Kalen\AppData\Local\Temp\nvSCPAPI64.dll
2014-06-16 15:20 - 2016-12-01 11:04 - 0353336 _____ (NVIDIA Corporation) C:\Users\Kalen\AppData\Local\Temp\nvStInst.exe
2016-12-15 17:00 - 2016-12-11 20:37 - 1135552 _____ (NVIDIA Corporation) C:\Users\Kalen\AppData\Local\Temp\NvTelemetry.dll
2016-12-15 17:00 - 2016-12-11 20:37 - 0217024 _____ (NVIDIA Corporation) C:\Users\Kalen\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-12-15 17:00 - 2016-12-11 20:37 - 0268736 _____ (NVIDIA Corporation) C:\Users\Kalen\AppData\Local\Temp\NvTelemetryAPI64.dll
2014-11-06 21:32 - 2014-05-20 23:58 - 0192512 _____ () C:\Users\Kalen\AppData\Local\Temp\sfamcc00001 - Copy (2).dll
2014-11-06 21:32 - 2014-05-20 23:58 - 0192512 _____ () C:\Users\Kalen\AppData\Local\Temp\sfamcc00001 - Copy.dll
2014-05-21 08:34 - 2015-11-26 23:42 - 0192512 _____ () C:\Users\Kalen\AppData\Local\Temp\sfamcc00001.dll
2014-11-06 21:32 - 2014-05-21 08:53 - 0192512 _____ () C:\Users\Kalen\AppData\Local\Temp\sfamcc00002 - Copy (2).dll
2014-11-06 21:32 - 2014-05-21 08:53 - 0192512 _____ () C:\Users\Kalen\AppData\Local\Temp\sfamcc00002 - Copy.dll
2014-05-21 08:53 - 2014-05-21 08:53 - 0192512 _____ () C:\Users\Kalen\AppData\Local\Temp\sfamcc00002.dll
2014-11-06 21:32 - 2014-05-21 08:53 - 0158720 _____ () C:\Users\Kalen\AppData\Local\Temp\sfareca00002 - Copy (2).dll
2014-11-06 21:32 - 2014-05-21 08:53 - 0158720 _____ () C:\Users\Kalen\AppData\Local\Temp\sfareca00002 - Copy.dll
2014-05-21 08:53 - 2014-05-21 08:53 - 0158720 _____ () C:\Users\Kalen\AppData\Local\Temp\sfareca00002.dll
2014-11-06 21:32 - 2012-12-16 03:55 - 0055296 _____ () C:\Users\Kalen\AppData\Local\Temp\sfextra - Copy (2).dll
2014-11-06 21:32 - 2012-12-16 03:55 - 0055296 _____ () C:\Users\Kalen\AppData\Local\Temp\sfextra - Copy.dll
2012-12-16 03:55 - 2012-12-16 03:55 - 0055296 _____ () C:\Users\Kalen\AppData\Local\Temp\sfextra.dll
2015-03-16 18:23 - 2016-05-31 16:41 - 41763456 _____ (Skype Technologies S.A.) C:\Users\Kalen\AppData\Local\Temp\SkypeSetup.exe
2014-11-06 21:32 - 2013-12-19 13:38 - 0139672 _____ (Eclipse Foundation) C:\Users\Kalen\AppData\Local\Temp\swt-win32-3349 - Copy (2).dll
2014-11-06 21:32 - 2013-12-19 13:38 - 0139672 _____ (Eclipse Foundation) C:\Users\Kalen\AppData\Local\Temp\swt-win32-3349 - Copy.dll
2013-12-19 13:38 - 2013-12-19 13:38 - 0139672 _____ (Eclipse Foundation) C:\Users\Kalen\AppData\Local\Temp\swt-win32-3349.dll
2014-11-06 21:32 - 2013-12-20 00:45 - 0258352 _____ (Microsoft Corporation) C:\Users\Kalen\AppData\Local\Temp\unicows - Copy (2).dll
2014-11-06 21:32 - 2013-12-20 00:45 - 0258352 _____ (Microsoft Corporation) C:\Users\Kalen\AppData\Local\Temp\unicows - Copy.dll
2013-12-20 00:45 - 2015-07-10 21:43 - 0258352 _____ (Microsoft Corporation) C:\Users\Kalen\AppData\Local\Temp\unicows.dll
2017-01-09 02:56 - 2017-01-09 02:56 - 1624171 _____ (VideoBox ) C:\Users\Kalen\AppData\Local\Temp\VideoBox.exe
2015-04-10 19:02 - 2015-04-17 00:59 - 0706048 _____ (Microsoft Corporation) C:\Users\Kalen\AppData\Local\Temp\virtual_ntdll.dll
2017-01-09 02:50 - 2017-01-09 02:50 - 0020480 _____ (PixelPower) C:\Users\Kalen\AppData\Local\Temp\wait.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-01 15:48

==================== End of FRST.txt ============================
owens_k is offline  
Old 03-05-2017, 06:51 PM   #5
Registered Member
 
Join Date: Feb 2017
Posts: 4
OS: Windows 8.1 x64



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Kalen (05-03-2017 20:42:32)
Running from C:\Users\Kalen\Downloads
Windows 8.1 (Update) (X64) (2013-08-22 08:10:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-696274453-1965292550-244582310-500 - Administrator - Disabled)
Guest (S-1-5-21-696274453-1965292550-244582310-501 - Limited - Disabled)
Kalen (S-1-5-21-696274453-1965292550-244582310-1001 - Administrator - Enabled) => C:\Users\Kalen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Auto Clicker v3.1 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 3.1 - MurGee.com)
AutoHotkey 1.1.23.03 (HKLM\...\AutoHotkey) (Version: 1.1.23.03 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1 - )
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.0.16 - Riot Games, Inc.)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
League Screensaver (HKLM-x32\...\LolScreenSaver) (Version: W0.1.19-0.11.13-beta - Riot Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 376.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TunnelBear (HKLM-x32\...\{434c0622-6083-418a-85f1-122060c7fe55}) (Version: 3.0.34.0 - TunnelBear)
TunnelBear (x32 Version: 3.0.34.0 - TunnelBear) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windscribe version 1.61 build 9 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.61 build 9 - Windscribe)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23D77FB3-A769-40BC-8A13-FEFEC40796DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {28BA5696-8036-4279-9793-E687EB260C87} - System32\Tasks\{F1AF1A3E-778A-485F-A553-CC6E816E08E9} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=heroes --displayname="Heroes of the Storm"
Task: {34D2E5EB-1BDA-498D-A406-6C9D3012917E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
Task: {3B1FF5B4-7633-472C-AF7B-810CF86DE269} - System32\Tasks\{D1E9838A-87E9-42C0-96C3-7437D1B3119A} => pcalua.exe -a C:\Users\Kalen\AppData\Local\uninstallro.exe
Task: {40B5A3E5-6BFC-4DC9-81F7-2ADB564EFB6A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {464BE430-AB4C-4942-8F1A-895DE19930DA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation)
Task: {552A5158-997A-4EC4-B787-E140C709BD05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
Task: {7EC27462-F2C3-49E2-A5A7-3905877CC1C7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {8C807BD1-BE8D-46E9-80C0-5B2F5FA719E9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {9EFE3A18-154E-4C57-8523-CE6FA870784F} - System32\Tasks\{A4240820-5A4B-4DFB-B50A-5F7EC5DAE1E8} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Scotin\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Scotin\uninstall.dat" -a uninstallme 836D495B-2F34-4872-B6AD-9FF47210C418 DeviceId=96971435-4d20-215b-84b0-ea32ed0c2f17 BarcodeId=50127003 ChannelId=3 DistributerName=APSFImali
Task: {AD52DCFC-C41E-46E4-BEFA-B1F4CD79BCC3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {ADB641A7-1980-4A78-8BCA-59F2F674AC2D} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-12] (WinZip Computing, S.L.)
Task: {B2A788BB-A425-49FC-B7E3-A7D9E50C1D54} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {C11D9AE6-9118-4BA8-822D-A5762C664E3E} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-12] (WinZip)
Task: {D40AD74F-131F-4C14-87ED-E043BC6AE7F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {E0BF7BF7-7081-4996-8ED4-54F2471BB853} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {F10298F3-8522-4864-83E3-03137C12CF89} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Kalen\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_360099395_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=download+chrome&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1080%2C1920&CVID=D41EDBE1B740463092AB716DE69EA43
Shortcut: C:\Users\Kalen\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_430673481_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=google&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1080%2C1920&CVID=2AA9D2C2FBE94C819478EFE35523F9E
Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ОldSсhоol RuneSсaре.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape\ОldSchоol RunеSсaрe.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nехon Lаunchеr.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\МаpleStory.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Неarthstone.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnual ateb enotshtraeh.bat (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2015-11-26 14:59 - 2015-11-26 14:59 - 00594432 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2012-09-18 16:34 - 2012-09-18 16:34 - 02375168 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2014-03-15 15:29 - 2014-03-15 15:29 - 02604934 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-30 12:25 - 2016-03-30 12:25 - 00707072 _____ () C:\Riot Games\LolScreenSaver\service\service.exe
2016-12-15 17:00 - 2016-12-12 17:36 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-15 17:00 - 2016-12-12 17:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-08-18 14:48 - 2016-12-11 12:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-24 08:34 - 2016-12-08 01:15 - 00053352 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe
2015-07-10 21:49 - 2015-07-10 21:49 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2017-02-24 08:34 - 2016-12-08 01:15 - 07948392 _____ () C:\Program Files (x86)\Windscribe\Windscribe.exe
2017-02-04 02:32 - 2017-02-01 03:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-04 02:32 - 2017-02-01 03:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-08-04 18:43 - 2016-12-12 17:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-15 17:00 - 2016-12-12 17:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-15 17:00 - 2016-12-12 17:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-24 08:34 - 2016-12-03 20:43 - 01264640 _____ () C:\Program Files (x86)\Windscribe\libGLESv2.dll
2016-12-15 17:01 - 2016-12-12 17:33 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-15 17:01 - 2016-12-12 08:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-15 17:00 - 2016-12-12 08:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-15 17:00 - 2016-12-12 08:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-15 17:00 - 2016-12-12 08:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-15 17:00 - 2016-12-12 08:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-15 17:00 - 2016-12-12 08:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-15 17:00 - 2016-12-12 08:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-30 20:15 - 2016-12-12 08:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-09 02:55 - 2017-02-20 08:04 - 00000021 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-696274453-1965292550-244582310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kalen\Downloads\kitchen girl.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\...\StartupApproved\Run: => "officiousofficious"
HKLM\...\StartupApproved\Run: => "officious"
HKLM\...\StartupApproved\Run32: => "evensevens"
HKLM\...\StartupApproved\Run32: => "evens"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\StartupFolder: => "kinsmen.lnk"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "LGTVIE3OKV"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "asxcec"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "hadrian"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "addendumsaddendums"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "addendums"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "sourcebooksourcebook"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "sourcebook"
HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\StartupApproved\Run: => "NRA3NI3P27"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{716E763A-E4F0-4378-8588-C4D353022531}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{FF10BEA0-56A7-4E8A-88D7-93E8E06978B3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{3A47A31C-4696-4EB5-B876-058DDAFA941F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{CD1BD1E1-9616-4FC2-9445-F5B262D2AB01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{24FD0593-ECF8-4B01-8A18-43FDD02A16ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{A31AACAA-0841-450E-9B45-8ED56748DCDB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1347D23D-9E55-4A0F-81CA-3338FB0F1846}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{47D6FBF3-2315-4D95-A5CB-DB68F92BFD90}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{D6ED2866-186D-4950-82CC-C06E70F2BB84}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{21CB869F-3832-4D44-A2BB-9769319700DF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6844BEE4-D4C6-4217-AF78-65C48D62AB01}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{79ADA943-8679-46F2-A9BD-EB1D44143341}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A49827EE-3B17-4781-9544-61AF1F016307}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{68A21A0D-B427-48EC-840C-EDC1A3844CF6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{47FB3D41-DF17-40FB-9CE8-A216E5FB73DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{B8D069C9-2223-4AE3-B9E4-F34E996AB529}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{14877D8D-9A3B-4963-8BCF-919695A2E121}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{3D7801A5-F606-4189-8EB9-18CC8FBB24D4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{3A88F2A0-B4C4-4FFF-B5CC-211B7A9E62B8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{7541AFFA-06A3-4CB6-9207-86CB39637824}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [TCP Query User{F930B985-CD78-4B79-8F4E-AE38313AC07D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EA8DE724-6374-4AFD-A6D1-15BAA3607007}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7BF82B99-9BB1-4353-8F6A-FC67392C3C54}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{FCCC5C7C-9C15-4CB0-A8D0-DCC4F5490EAF}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{9DE29511-782A-4434-BFC8-662E47EC78D0}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{E549D1AC-D6D6-4FB0-9A90-E332B014C289}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{2F2D582D-437F-4667-9CFB-43AED3B74C48}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2138CA82-C934-4BEA-A13C-9154B7B6E88E}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{19817691-1CBF-401C-AD9A-032BCB747607}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{76868F6C-D355-4D58-BAA2-7550A10FDBD3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5CAD51CC-C2BB-44C1-AB65-494ADC50BA54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{042EC0DA-19BB-4364-B1FA-415A7B91ADD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DBB4016F-F224-4E18-91B4-1CF6529F7A79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{93EE57FB-8256-493D-9516-4BF07B5ADBED}C:\users\kalen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kalen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9401579A-1F9F-4D8A-8891-4112774804FB}C:\users\kalen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kalen\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3AA2D84C-D24D-4527-B536-338435C75129}C:\users\kalen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kalen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8F8D2CE7-2742-4972-9AF5-AD79720121B5}C:\users\kalen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kalen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DEEADF50-A6DC-4582-BEB2-BBA09C3EF451}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{B19C3034-6994-44D0-8724-DCAD0DFA3D18}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{E07A3849-8D54-4D5E-A15B-7913E29B9139}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{22063C6F-BF40-4BDF-8243-9FD19CC86F7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C09D7B4A-1866-4124-9AC5-DD674C7AE5F6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{9C22A2C6-DCA7-4D40-A586-F73F2BE1F801}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{89FB16A1-FE8C-4E71-BF9D-759865ED4330}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{131D5474-9E51-4403-9307-AED1A59BCACC}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{ADFC53CD-208F-4785-A459-CA71B1CC3A6C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{F77BD144-5188-4C54-9DAD-FAF4B567A810}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D8178AE3-024A-4406-B06D-A8A9E8DBA3CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{40D61E6B-C206-4174-8D2B-0DEE66AC9E7A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{699A0FD4-9B70-4D27-A907-A6D575F00588}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C1D95ED8-6BDD-4D49-B8A7-34E6EE9DFBB5}] => (Allow) C:\Program Files (x86)\Arby\holme.exe
FirewallRules: [{077185CA-15E6-4A66-9247-A9C1E60DE36C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F06BA7B1-B372-4ECC-8D06-3E315D0D84FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CEE65E99-C03E-4FC6-9FBD-161EC5A4CE71}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{76629344-4E05-44CA-8C92-E206EBC743C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{05D518C7-C9C8-4E22-A822-C9E9E10D925F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-02-2017 04:05:17 Scheduled Checkpoint
20-02-2017 08:05:48 Removed Blade & Soul
23-02-2017 16:25:49 Windows Update
04-03-2017 22:15:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Basic Display Adapter
Description: Microsoft Basic Display Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 08:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzWizard.exe, version: 1.0.1.991, time stamp: 0x54447a81
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x5736541b
Exception code: 0xe0434352
Fault offset: 0x00014878
Faulting process id: 0x133c
Faulting application start time: 0x01d296229b133477
Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report Id: e0a0aea7-0215-11e7-86ec-e03f4918a38b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/05/2017 08:37:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzWizard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlTextReader.Read()
at System.Configuration.XmlUtil..ctor(System.IO.Stream, System.String, Boolean, System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
at System.Configuration.SettingsBase.get_Item(System.String)
at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean)
at Razer.MiniInstaller.MiniInstallerVIewModel..ctor()
at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Razer.MiniInstaller.App.Main()

Error: (03/05/2017 03:26:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzWizard.exe, version: 1.0.1.991, time stamp: 0x54447a81
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x5736541b
Exception code: 0xe0434352
Fault offset: 0x00014878
Faulting process id: 0x19cc
Faulting application start time: 0x01d295929651f028
Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report Id: e02fce8a-0185-11e7-86eb-e03f4918a38b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/05/2017 03:26:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzWizard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlTextReader.Read()
at System.Configuration.XmlUtil..ctor(System.IO.Stream, System.String, Boolean, System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
at System.Configuration.SettingsBase.get_Item(System.String)
at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean)
at Razer.MiniInstaller.MiniInstallerVIewModel..ctor()
at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Razer.MiniInstaller.App.Main()

Error: (03/04/2017 11:56:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzWizard.exe, version: 1.0.1.991, time stamp: 0x54447a81
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x5736541b
Exception code: 0xe0434352
Fault offset: 0x00014878
Faulting process id: 0xff8
Faulting application start time: 0x01d295109d426113
Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report Id: e3700c69-0103-11e7-86eb-e03f4918a38b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 11:56:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzWizard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlTextReader.Read()
at System.Configuration.XmlUtil..ctor(System.IO.Stream, System.String, Boolean, System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
at System.Configuration.SettingsBase.get_Item(System.String)
at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean)
at Razer.MiniInstaller.MiniInstallerVIewModel..ctor()
at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Razer.MiniInstaller.App.Main()

Error: (03/04/2017 12:25:14 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (03/03/2017 01:19:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzWizard.exe, version: 1.0.1.991, time stamp: 0x54447a81
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x5736541b
Exception code: 0xe0434352
Fault offset: 0x00014878
Faulting process id: 0x37c
Faulting application start time: 0x01d29452f5a36909
Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report Id: 40acae99-0046-11e7-86eb-e03f4918a38b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/03/2017 01:18:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzWizard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlTextReader.Read()
at System.Configuration.XmlUtil..ctor(System.IO.Stream, System.String, Boolean, System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
at System.Configuration.SettingsBase.get_Item(System.String)
at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller()
at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean)
at Razer.MiniInstaller.MiniInstallerVIewModel..ctor()
at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Razer.MiniInstaller.App.Main()

Error: (03/02/2017 05:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 152c

Start Time: 01d293ada2a30d7b

Termination Time: 4294967295

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: e4b5aa13-ffa0-11e6-86eb-e03f4918a38b

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (03/05/2017 08:36:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA NetworkService Container service terminated unexpectedly. It has done this 1 time(s).

Error: (03/05/2017 08:36:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/05/2017 08:35:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/05/2017 08:35:06 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the NVIDIA LocalSystem Container service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/05/2017 08:35:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/05/2017 08:35:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/05/2017 08:35:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/05/2017 08:35:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/05/2017 08:35:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindscribeService service terminated unexpectedly. It has done this 1 time(s).

Error: (03/05/2017 08:35:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TunnelBear Maintenance service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-01-23 11:30:06.178
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 11:18:40.611
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 11:18:39.753
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 11:18:39.050
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 11:18:38.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 11:18:37.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 11:18:36.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 11:18:35.992
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 09:42:16.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 09:42:15.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-7850K APU with Radeon(TM) R7 Graphics
Percentage of memory in use: 54%
Total physical RAM: 3521.78 MB
Available physical RAM: 1597.62 MB
Total Virtual: 6209.78 MB
Available Virtual: 4199.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.67 GB) (Free:1649.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 51BB6C01)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
owens_k is offline  
Old 03-05-2017, 08:50 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello owens_k.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...backup-restore

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {F10298F3-8522-4864-83E3-03137C12CF89} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    C:\Program Files (x86)\AVG
    Shortcut: C:\Users\Kalen\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_360099395_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=download+chrome&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1080%2C1920&CVID=D41EDBE1B740463092AB716DE69EA43
    Shortcut: C:\Users\Kalen\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_430673481_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=google&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1080%2C1920&CVID=2AA9D2C2FBE94C819478EFE35523F9E
    Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ОldSсhоol RuneSсaре.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape\ОldSchоol RunеSсaрe.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nехon Lаunchеr.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Kalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\МаpleStory.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Public\Desktop\Неarthstone.lnk -> C:\Users\Kalen\AppData\Roaming\Browsers\exe.rehcnual ateb enotshtraeh.bat (No File) <===== Cyrillic
    FirewallRules: [{40D61E6B-C206-4174-8D2B-0DEE66AC9E7A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{699A0FD4-9B70-4D27-A907-A6D575F00588}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    HKU\S-1-5-21-696274453-1965292550-244582310-1001\...\Run: [asxcec] => rundll32.exe "C:\Users\Kalen\AppData\Local\asxcec.dll",asxcec <===== ATTENTION
    HKU\S-1-5-18\...\Run: [] => [X]
    HKU\S-1-5-21-696274453-1965292550-244582310-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.minehp.com/?tn=sdkes_inner_minehp_us&guid=8497a9d14eebd9b0d41ed8215a5d486f
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.minehp.com/?tn=sdkes_inner_minehp_us&guid=8497a9d14eebd9b0d41ed8215a5d486f
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    FF user.js: detected! => C:\Users\Kalen\AppData\Roaming\Mozilla\Firefox\Profiles\ity3ouv0.default\user.js [2017-01-09]
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-09-2017, 11:54 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, owens_k? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent help needed to remove multiple virus :win64/patched.A and Trojan.
Dear tech guru, I got hit by the FBI virus a day and a half ago and later more viruses came in unexpected. Here are the details of my computer and the viruses. I have already backed up my system, and ran the tdsskiller and otl. I would like to completely get rid of the viruses. Your help is...
deesw8 Resolved HJT Threads 52 11-05-2012 09:56 AM
Virus slowing down my PC and blocking me out to remove it.
Hi. I've been having this problem with a virus for sometime now it is slowing down my computer blocks me to use famous antiviruses websites and i keep getting this msg telling me that MBAM cough a Trojan.Downloader virus in system32 i keep getting it like every 15 minutes and i have alot of...
Znoti Resolved HJT Threads 15 04-18-2012 02:49 PM
PLEASE HELP Stubborn Malware
Hey, early this week these messages from a fake program called Security Guard 2012 started popping up, it wanted me to pay for it and it made fake blue screens and reboot screens..it also redirected sites sometimes, didn't let me use certain programs, wouldn't let McAfee Real-Time scanning stay on...
Mike_Jack's_Gal Inactive Malware Help Topics 16 10-28-2011 04:17 PM
Spyware or Virus help
Hello, I have a problem with either a virus or spyware on my system and need some help. I few days ago I downloaded a trial of a software program from NCH Software. But since then Firefox is opening all on its own many times a day. I have run Kaspersky 2011, spybot sd and malwarebytes trial and...
Grenpara Virus/Trojan/Spyware Help 1 04-24-2011 12:00 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:58 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts