A couple of weeks ago I posted in another part of the forum that my current PDF viewer, PDFlite, was hanging when I attempted to start it, and would not close even through use of the Task Manager it would not close.
I attempted to post in here about it at the time, but doing a virus scan with Microsoft Security Essentials would (and still does) hang upon hitting C:\Windows\sysWOW64\unregmp2.exe
Additionally my computer fails to update, or even find the updates.
Restarting my computer does not seem to fix any of these problems.
Recently, one of my nephews told me Steam had a similar failure where it began to hang, though it seemed to close properly. Now I cannot get it open however, and Task Manager reports one Steam.exe running, though it will not be ended by the task manager either.
All of this strikes me as behaviour likely from a virus of some kind, though it may just be something else. Could I please get some assistance in figuring out what is wrong?
I've been trying to post this in the Malware forum via Firefox, but for some reason when I hit Submit the page goes white and nothing happens.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2019
Ran by Kaz (administrator) on INQUISITOR (MSI MS-7821) (24-04-2019 10:38:32)
Running from C:\Users\Kaz\Downloads
Loaded Profiles: Kaz (Available Profiles: Kaz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Plays.tv, LLC -> Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) [File not signed] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSize.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MRT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
() [File not signed] C:\Program Files (x86)\TableSmith52\TableSmith.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe [37221424 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-03-26] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio) [File not signed]
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\MountPoints2: {7dee50b0-7651-11e4-a897-448a5b86249c} - H:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-18\...\RunOnce: [KyhuRAcNvF] => "C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1\win32k.exe"
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2009-06-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2016-09-05] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2016-09-05] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-14] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0363C9A4-CBC4-4005-8C3D-A52779BE1876} - System32\Tasks\{CA194D92-20B6-45CA-A8D1-278C7DFAC3AC} => E:\Games\TGames\Mechwarrior\autoconfig.exe
Task: {1189DC0E-F439-4D21-9D27-5E3D5F4B9D46} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1E1A2E45-FBC1-4A27-83BC-5E8596B9E667} - System32\Tasks\{681A53BA-0F18-4C30-9168-0149580F01DB} => C:\Windows\system32\pcalua.exe -a "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal\HMPlusSetup.exe" -d "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal"
Task: {2E6CB8EE-C549-4661-95C3-C20FC6FA356E} - System32\Tasks\{4AD0D8BF-8660-449C-8E9F-016CCAAA15E2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{532F6E8A-AF97-41C3-915F-39F718EC07D1} /l1033
Task: {330BA693-F1A1-4CDA-9D00-6889E528856F} - System32\Tasks\{FFFD1769-7D35-4E02-8057-939473DB3998} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "E:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register
Task: {35C654FF-3DB3-4096-8446-6B4082E0CE04} - System32\Tasks\{9A58FEC6-4F50-4D62-BBC1-05AF0BCA76CB} => E:\Games\TGames\Mechwarrior\MechWarriors 4 Vengeance_Expansion_MechPaks\MechWarrior 4 Vengeance\mw4x\MW4x.exe
Task: {39B8BB3B-9827-43A4-BB76-3DF38EA61629} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {39B8BB3B-9827-43A4-BB76-3DF38EA61629} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {638D123F-77E2-49D4-9D5C-F064C7E3E19F} - System32\Tasks\{B043CB37-FF33-4921-8CAC-02503F50BEF6} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d E:\SteamLibrary\steamapps\common\Antichamber -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" WISE_SETUP_EXE_PATH="E:\SteamLibrary\steamapps\common\Antichamber\Binaries\Redist\physx\P (the data entry has 34 more characters).
Task: {6ADE2C4C-5CAB-4409-A525-636D3D7005D9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe
Task: {6E663022-CF52-494F-BDDA-8F55C9516950} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {6E663022-CF52-494F-BDDA-8F55C9516950} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {7197999C-5F84-4134-9A03-85160E5DFD91} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {733413E3-0B49-4EA6-95A3-FB54F761517B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {75C7C21B-10B3-4FD4-8438-71B0A116DE05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {831A0ED5-334F-4CCB-887A-5BD5998646BC} - System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => C:\Windows\system32\pcalua.exe -a D:\FontsEtc\bp_mw_ss.exe -d D:\FontsEtc
Task: {8D2006E3-EEC3-443C-8F1E-D40A82D221D9} - System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => C:\Windows\system32\pcalua.exe -a D:\Programs\EVE\setup.exe -d D:\Programs\EVE
Task: {93014A1C-407D-4431-9678-60037904C474} - System32\Tasks\Opera scheduled Autoupdate 1437361655 => C:\Program Files (x86)\Opera\launcher.exe [1252440 2019-03-28] (Opera Software AS -> Opera Software)
Task: {96F40638-2C11-4B8C-A232-5EB115C20A17} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [3220640 2013-08-27] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {9A6DD3FE-11E4-4812-A376-E245C65C0395} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A0E29073-89BD-44C7-8CB4-10662AE88DE0} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe
Task: {C902606B-BF45-4DF7-810D-27B2C231B058} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {CB7ECCA6-C428-4627-8E6B-AF01E41DEFFA} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-01-09] (Advanced Micro Devices, Inc.) [File not signed]
Task: {E5B7CA0E-7B80-4562-9822-EDBD77542850} - System32\Tasks\Connect => C:\Program Files (x86)\MAGIX\Connect\connect.exe [356936 2017-08-02] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C} - System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Hitman Codename 47\setup.exe" -d "E:\SteamLibrary\steamapps\common\Hitman Codename 47"
Task: {EB902CEC-2C32-4DCE-8EA3-A622F191B6AE} - System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
Task: {EBC42920-B387-4E12-8FFE-68362C206E8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd -> Piriform Ltd)
Task: {FC5F345F-C9BC-4315-9927-33271FEB66A0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{858B7A0A-E6D2-44AD-9272-458B32DBCE1C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_5036&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D092214-AA5B8F5E3375944B284F&form=CONBDF&conlogo=CT3330934&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_5036&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Minecraft\Java\bin\ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Minecraft\Java\bin\jp2ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Eyeo GmbH -> Adblock Plus) [File not signed]
FireFox:
========
FF ProfilePath: C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default [2019-04-24]
FF Homepage: Mozilla\Firefox\Profiles\zuskzjh9.default -> cracked.com
FF Session Restore: Mozilla\Firefox\Profiles\zuskzjh9.default -> is enabled.
FF Extension: (Privacy Badger) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-02-20] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-19]
FF Extension: (DownThemAll!) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-30] [Legacy]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin: @Java.com/DTPlugin,version=11.171.2 -> E:\Minecraft\Java\bin\dtplugin\npDeployJava1.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.171.2 -> E:\Minecraft\Java\bin\plugin2\npjp2.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: BYOND -> E:\BYOND\bin\npbyond.dll [2008-07-08] (BYOND) [File not signed]
FF Plugin HKU\S-1-5-21-3138771545-412995871-3342752947-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-07-05] (Ubisoft Entertainment Sweden AB -> )
FF Plugin ProgramFiles/Appdata: C:\Users\Kaz\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2014-06-15]
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_3&ent=hp_5036&src=5036"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default [2019-04-24]
CHR Extension: (Docs) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-07]
CHR Extension: (Google Drive) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-24]
CHR Extension: (Google Search) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-18]
CHR Extension: (Edit PDF in Docs Online - PDFfiller) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbeibnlppnnddmmbfgaghnhhokedkbp [2018-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-13]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [499080 2019-01-09] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-01-09] (AMD) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-15] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-02-10] (BitRaider LLC -> BitRaider, LLC)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [46640 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-07-25] (Creative Labs) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-01-03] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn, Inc. -> LogMeIn Inc.)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-14] (Hi-Rez Studios) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] (Intel(R) Smart Connect software -> )
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] (TEFINCOM S.A. -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2304304 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3175728 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-04-21] (Plays.tv, LLC -> Copyright (c) 2017 Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2018-08-16] (Even Balance, Inc. -> )
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [52783496 2019-01-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [581000 2019-01-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [92944 2018-10-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104840 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2019-01-05] (BitRaider -> BitRaider)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [46944 2018-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [23392 2018-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz146; C:\Windows\temp\cpuz146\cpuz146_x64.sys [52824 2019-04-14] (CPUID -> CPUID)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] (Intel(R) Smart Connect software -> )
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] (Intel(R) Smart Connect software -> )
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] (Intel(R) Smart Connect software -> )
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1758208 2011-08-27] (Creative Labs Inc -> Creative Technology Ltd.)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2016-07-11] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (TEFINCOM S.A. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [X]
S3 BRDriver64_1_3_1_1FB80738; \??\C:\ProgramData\BitRaider\support\1.3.1\1FB80738\BRDriver64.sys [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-24 10:38 - 2019-04-24 10:40 - 000038053 _____ C:\Users\Kaz\Downloads\FRST.txt
2019-04-24 10:38 - 2019-04-24 10:38 - 000000000 ____D C:\FRST
2019-04-24 10:35 - 2019-04-24 10:38 - 002436096 _____ (Farbar) C:\Users\Kaz\Downloads\FRST64.exe
2019-04-20 20:18 - 2019-04-20 20:18 - 000001426 _____ C:\Users\Kaz\AppData\Local\recently-used.xbel
2019-04-14 18:40 - 2019-04-14 18:40 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Free PDF Soulutions
2019-04-14 18:39 - 2019-04-14 18:39 - 006728584 _____ (Free PDF Soulutions) C:\Users\Kaz\Downloads\pdfreader_setup.exe
2019-04-14 18:35 - 2019-04-14 18:36 - 046052856 _____ (Mozilla) C:\Users\Kaz\Downloads\Firefox_Setup_66.0.exe
2019-04-14 18:31 - 2019-04-14 18:31 - 001254504 _____ (Nitro) C:\Users\Kaz\Downloads\nitro_pro11.exe
2019-04-14 18:31 - 2019-04-14 18:31 - 001254504 _____ (Nitro) C:\Users\Kaz\Downloads\nitro_pro11 (1).exe
2019-04-13 17:04 - 2019-04-13 17:04 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Google
2019-04-13 17:03 - 2019-04-13 17:03 - 000000000 ____D C:\Users\Kaz\skype-export
2019-04-10 23:42 - 2019-04-14 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-10 18:46 - 2019-04-10 18:46 - 001245940 _____ (Bruce Gulke ) C:\Users\Kaz\Downloads\TS52setup.exe
2019-03-31 19:33 - 2019-04-21 22:58 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\RenPy
2019-03-29 21:56 - 2019-03-29 22:28 - 000000000 ____D C:\Users\Kaz\Documents\Planescape Torment - Enhanced Edition
2019-03-28 16:20 - 2019-03-28 16:20 - 007505920 _____ C:\Program Files (x86)\GUTD47D.tmp
2019-03-28 16:20 - 2019-03-28 16:20 - 000000000 ____D C:\Program Files (x86)\GUMD47C.tmp
2019-03-26 20:46 - 2019-03-26 20:46 - 000001089 _____ C:\Users\Kaz\Desktop\BattletechModManager.ico.lnk
2019-03-26 20:46 - 2019-03-26 20:46 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battletech Mod Manager
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-24 10:17 - 2019-03-20 22:06 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\StardewValley
2019-04-24 09:59 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-24 09:59 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-24 09:04 - 2016-11-17 12:10 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Mozilla
2019-04-24 01:50 - 2014-09-01 15:08 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Adblock Plus for IE
2019-04-24 01:06 - 2014-06-14 16:34 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-23 21:24 - 2017-05-02 22:00 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-04-20 20:18 - 2014-12-18 09:12 - 000000000 ____D C:\Users\Kaz\AppData\Local\gtk-2.0
2019-04-20 20:18 - 2014-12-18 09:10 - 000000000 ____D C:\Users\Kaz\.gimp-2.8
2019-04-20 19:38 - 2014-06-15 00:24 - 000000000 ____D C:\Users\Kaz\Documents\my games
2019-04-18 22:58 - 2017-09-22 20:56 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Heat_Signature
2019-04-18 14:41 - 2014-10-17 12:44 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-04-18 14:41 - 2014-10-17 12:44 - 000000000 ____D C:\Windows\system32\MRT
2019-04-15 19:59 - 2018-11-01 10:09 - 000000000 ____D C:\Program Files (x86)\Origin
2019-04-15 16:00 - 2016-12-23 01:21 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\discord
2019-04-15 10:28 - 2015-08-09 23:10 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Adobe
2019-04-14 19:30 - 2014-06-14 15:50 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-14 19:30 - 2014-06-14 15:50 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-14 19:12 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-14 19:12 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-04-14 19:05 - 2017-11-14 12:38 - 000000340 _____ C:\Windows\Tasks\Connect.job
2019-04-14 19:04 - 2015-09-16 00:28 - 000000000 ____D C:\Users\Kaz\AppData\Local\LogMeIn Hamachi
2019-04-14 19:03 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-14 19:02 - 2014-06-14 17:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-14 18:44 - 2014-07-23 13:08 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Audacity
2019-04-14 18:05 - 2015-08-09 23:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-14 18:03 - 2014-09-06 13:36 - 000000000 ____D C:\Users\Kaz\AppData\Local\Adobe
2019-04-13 17:03 - 2014-06-14 15:31 - 000000000 ____D C:\Users\Kaz
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\Users\Kaz\Documents\TableSmith
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TableSmith
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\Program Files (x86)\TableSmith52
2019-04-07 20:11 - 2014-06-14 19:14 - 000000000 ____D C:\Users\Kaz\AppData\Local\CrashDumps
2019-04-05 22:51 - 2015-07-19 22:07 - 000000000 ____D C:\Program Files (x86)\Opera
2019-04-05 22:41 - 2018-07-24 09:08 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2019-04-05 22:41 - 2018-07-24 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-25 00:15 - 2018-12-13 22:58 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Surviving Mars
==================== Files in the root of some directories =======
2019-03-28 16:20 - 2019-03-28 16:20 - 007505920 _____ () C:\Program Files (x86)\GUTD47D.tmp
2015-10-20 11:37 - 2015-10-20 11:37 - 000001099 _____ () C:\Program Files (x86)\RepairSurge.lnk
2018-06-03 18:59 - 2018-06-03 18:59 - 000000000 _____ () C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini
2014-11-13 00:19 - 2014-11-13 09:57 - 000000003 _____ () C:\Users\Kaz\AppData\Local\proxy.log
2019-04-20 20:18 - 2019-04-20 20:18 - 000001426 _____ () C:\Users\Kaz\AppData\Local\recently-used.xbel
2014-06-15 04:31 - 2018-09-30 18:48 - 000007665 _____ () C:\Users\Kaz\AppData\Local\Resmon.ResmonCfg
2016-04-17 23:34 - 2016-04-17 23:34 - 000000000 _____ () C:\Users\Kaz\AppData\Local\{609C432A-7AF6-4E98-8708-7ABAB6E8D089}
2015-06-29 11:24 - 2015-06-29 11:24 - 000000000 _____ () C:\Users\Kaz\AppData\Local\{E17CFB37-5925-44F5-AE95-23DA374C46A4}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-04-23 15:02
==================== End of FRST.txt ============================
I attempted to post in here about it at the time, but doing a virus scan with Microsoft Security Essentials would (and still does) hang upon hitting C:\Windows\sysWOW64\unregmp2.exe
Additionally my computer fails to update, or even find the updates.
Restarting my computer does not seem to fix any of these problems.
Recently, one of my nephews told me Steam had a similar failure where it began to hang, though it seemed to close properly. Now I cannot get it open however, and Task Manager reports one Steam.exe running, though it will not be ended by the task manager either.
All of this strikes me as behaviour likely from a virus of some kind, though it may just be something else. Could I please get some assistance in figuring out what is wrong?
I've been trying to post this in the Malware forum via Firefox, but for some reason when I hit Submit the page goes white and nothing happens.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2019
Ran by Kaz (administrator) on INQUISITOR (MSI MS-7821) (24-04-2019 10:38:32)
Running from C:\Users\Kaz\Downloads
Loaded Profiles: Kaz (Available Profiles: Kaz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Plays.tv, LLC -> Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) [File not signed] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSize.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MRT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
() [File not signed] C:\Program Files (x86)\TableSmith52\TableSmith.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe [37221424 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-03-26] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio) [File not signed]
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\MountPoints2: {7dee50b0-7651-11e4-a897-448a5b86249c} - H:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-18\...\RunOnce: [KyhuRAcNvF] => "C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1\win32k.exe"
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2009-06-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2016-09-05] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2016-09-05] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-14] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0363C9A4-CBC4-4005-8C3D-A52779BE1876} - System32\Tasks\{CA194D92-20B6-45CA-A8D1-278C7DFAC3AC} => E:\Games\TGames\Mechwarrior\autoconfig.exe
Task: {1189DC0E-F439-4D21-9D27-5E3D5F4B9D46} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1E1A2E45-FBC1-4A27-83BC-5E8596B9E667} - System32\Tasks\{681A53BA-0F18-4C30-9168-0149580F01DB} => C:\Windows\system32\pcalua.exe -a "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal\HMPlusSetup.exe" -d "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal"
Task: {2E6CB8EE-C549-4661-95C3-C20FC6FA356E} - System32\Tasks\{4AD0D8BF-8660-449C-8E9F-016CCAAA15E2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{532F6E8A-AF97-41C3-915F-39F718EC07D1} /l1033
Task: {330BA693-F1A1-4CDA-9D00-6889E528856F} - System32\Tasks\{FFFD1769-7D35-4E02-8057-939473DB3998} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "E:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register
Task: {35C654FF-3DB3-4096-8446-6B4082E0CE04} - System32\Tasks\{9A58FEC6-4F50-4D62-BBC1-05AF0BCA76CB} => E:\Games\TGames\Mechwarrior\MechWarriors 4 Vengeance_Expansion_MechPaks\MechWarrior 4 Vengeance\mw4x\MW4x.exe
Task: {39B8BB3B-9827-43A4-BB76-3DF38EA61629} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {39B8BB3B-9827-43A4-BB76-3DF38EA61629} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {638D123F-77E2-49D4-9D5C-F064C7E3E19F} - System32\Tasks\{B043CB37-FF33-4921-8CAC-02503F50BEF6} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d E:\SteamLibrary\steamapps\common\Antichamber -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" WISE_SETUP_EXE_PATH="E:\SteamLibrary\steamapps\common\Antichamber\Binaries\Redist\physx\P (the data entry has 34 more characters).
Task: {6ADE2C4C-5CAB-4409-A525-636D3D7005D9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe
Task: {6E663022-CF52-494F-BDDA-8F55C9516950} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {6E663022-CF52-494F-BDDA-8F55C9516950} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {7197999C-5F84-4134-9A03-85160E5DFD91} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {733413E3-0B49-4EA6-95A3-FB54F761517B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {75C7C21B-10B3-4FD4-8438-71B0A116DE05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {831A0ED5-334F-4CCB-887A-5BD5998646BC} - System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => C:\Windows\system32\pcalua.exe -a D:\FontsEtc\bp_mw_ss.exe -d D:\FontsEtc
Task: {8D2006E3-EEC3-443C-8F1E-D40A82D221D9} - System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => C:\Windows\system32\pcalua.exe -a D:\Programs\EVE\setup.exe -d D:\Programs\EVE
Task: {93014A1C-407D-4431-9678-60037904C474} - System32\Tasks\Opera scheduled Autoupdate 1437361655 => C:\Program Files (x86)\Opera\launcher.exe [1252440 2019-03-28] (Opera Software AS -> Opera Software)
Task: {96F40638-2C11-4B8C-A232-5EB115C20A17} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [3220640 2013-08-27] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {9A6DD3FE-11E4-4812-A376-E245C65C0395} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A0E29073-89BD-44C7-8CB4-10662AE88DE0} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe
Task: {C902606B-BF45-4DF7-810D-27B2C231B058} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {CB7ECCA6-C428-4627-8E6B-AF01E41DEFFA} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-01-09] (Advanced Micro Devices, Inc.) [File not signed]
Task: {E5B7CA0E-7B80-4562-9822-EDBD77542850} - System32\Tasks\Connect => C:\Program Files (x86)\MAGIX\Connect\connect.exe [356936 2017-08-02] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C} - System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Hitman Codename 47\setup.exe" -d "E:\SteamLibrary\steamapps\common\Hitman Codename 47"
Task: {EB902CEC-2C32-4DCE-8EA3-A622F191B6AE} - System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
Task: {EBC42920-B387-4E12-8FFE-68362C206E8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd -> Piriform Ltd)
Task: {FC5F345F-C9BC-4315-9927-33271FEB66A0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{858B7A0A-E6D2-44AD-9272-458B32DBCE1C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_5036&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D092214-AA5B8F5E3375944B284F&form=CONBDF&conlogo=CT3330934&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_5036&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Minecraft\Java\bin\ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Minecraft\Java\bin\jp2ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Eyeo GmbH -> Adblock Plus) [File not signed]
FireFox:
========
FF ProfilePath: C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default [2019-04-24]
FF Homepage: Mozilla\Firefox\Profiles\zuskzjh9.default -> cracked.com
FF Session Restore: Mozilla\Firefox\Profiles\zuskzjh9.default -> is enabled.
FF Extension: (Privacy Badger) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-02-20] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-19]
FF Extension: (DownThemAll!) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-30] [Legacy]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin: @Java.com/DTPlugin,version=11.171.2 -> E:\Minecraft\Java\bin\dtplugin\npDeployJava1.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.171.2 -> E:\Minecraft\Java\bin\plugin2\npjp2.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: BYOND -> E:\BYOND\bin\npbyond.dll [2008-07-08] (BYOND) [File not signed]
FF Plugin HKU\S-1-5-21-3138771545-412995871-3342752947-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-07-05] (Ubisoft Entertainment Sweden AB -> )
FF Plugin ProgramFiles/Appdata: C:\Users\Kaz\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2014-06-15]
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_3&ent=hp_5036&src=5036"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default [2019-04-24]
CHR Extension: (Docs) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-07]
CHR Extension: (Google Drive) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-24]
CHR Extension: (Google Search) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-18]
CHR Extension: (Edit PDF in Docs Online - PDFfiller) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbeibnlppnnddmmbfgaghnhhokedkbp [2018-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-13]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [499080 2019-01-09] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-01-09] (AMD) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-15] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-02-10] (BitRaider LLC -> BitRaider, LLC)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [46640 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-07-25] (Creative Labs) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-01-03] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn, Inc. -> LogMeIn Inc.)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-14] (Hi-Rez Studios) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] (Intel(R) Smart Connect software -> )
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] (TEFINCOM S.A. -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2304304 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3175728 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-04-21] (Plays.tv, LLC -> Copyright (c) 2017 Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2018-08-16] (Even Balance, Inc. -> )
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [52783496 2019-01-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [581000 2019-01-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [92944 2018-10-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104840 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2019-01-05] (BitRaider -> BitRaider)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [46944 2018-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [23392 2018-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz146; C:\Windows\temp\cpuz146\cpuz146_x64.sys [52824 2019-04-14] (CPUID -> CPUID)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] (Intel(R) Smart Connect software -> )
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] (Intel(R) Smart Connect software -> )
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] (Intel(R) Smart Connect software -> )
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1758208 2011-08-27] (Creative Labs Inc -> Creative Technology Ltd.)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2016-07-11] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (TEFINCOM S.A. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [X]
S3 BRDriver64_1_3_1_1FB80738; \??\C:\ProgramData\BitRaider\support\1.3.1\1FB80738\BRDriver64.sys [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-24 10:38 - 2019-04-24 10:40 - 000038053 _____ C:\Users\Kaz\Downloads\FRST.txt
2019-04-24 10:38 - 2019-04-24 10:38 - 000000000 ____D C:\FRST
2019-04-24 10:35 - 2019-04-24 10:38 - 002436096 _____ (Farbar) C:\Users\Kaz\Downloads\FRST64.exe
2019-04-20 20:18 - 2019-04-20 20:18 - 000001426 _____ C:\Users\Kaz\AppData\Local\recently-used.xbel
2019-04-14 18:40 - 2019-04-14 18:40 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Free PDF Soulutions
2019-04-14 18:39 - 2019-04-14 18:39 - 006728584 _____ (Free PDF Soulutions) C:\Users\Kaz\Downloads\pdfreader_setup.exe
2019-04-14 18:35 - 2019-04-14 18:36 - 046052856 _____ (Mozilla) C:\Users\Kaz\Downloads\Firefox_Setup_66.0.exe
2019-04-14 18:31 - 2019-04-14 18:31 - 001254504 _____ (Nitro) C:\Users\Kaz\Downloads\nitro_pro11.exe
2019-04-14 18:31 - 2019-04-14 18:31 - 001254504 _____ (Nitro) C:\Users\Kaz\Downloads\nitro_pro11 (1).exe
2019-04-13 17:04 - 2019-04-13 17:04 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Google
2019-04-13 17:03 - 2019-04-13 17:03 - 000000000 ____D C:\Users\Kaz\skype-export
2019-04-10 23:42 - 2019-04-14 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-10 18:46 - 2019-04-10 18:46 - 001245940 _____ (Bruce Gulke ) C:\Users\Kaz\Downloads\TS52setup.exe
2019-03-31 19:33 - 2019-04-21 22:58 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\RenPy
2019-03-29 21:56 - 2019-03-29 22:28 - 000000000 ____D C:\Users\Kaz\Documents\Planescape Torment - Enhanced Edition
2019-03-28 16:20 - 2019-03-28 16:20 - 007505920 _____ C:\Program Files (x86)\GUTD47D.tmp
2019-03-28 16:20 - 2019-03-28 16:20 - 000000000 ____D C:\Program Files (x86)\GUMD47C.tmp
2019-03-26 20:46 - 2019-03-26 20:46 - 000001089 _____ C:\Users\Kaz\Desktop\BattletechModManager.ico.lnk
2019-03-26 20:46 - 2019-03-26 20:46 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battletech Mod Manager
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-24 10:17 - 2019-03-20 22:06 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\StardewValley
2019-04-24 09:59 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-24 09:59 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-24 09:04 - 2016-11-17 12:10 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Mozilla
2019-04-24 01:50 - 2014-09-01 15:08 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Adblock Plus for IE
2019-04-24 01:06 - 2014-06-14 16:34 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-23 21:24 - 2017-05-02 22:00 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-04-20 20:18 - 2014-12-18 09:12 - 000000000 ____D C:\Users\Kaz\AppData\Local\gtk-2.0
2019-04-20 20:18 - 2014-12-18 09:10 - 000000000 ____D C:\Users\Kaz\.gimp-2.8
2019-04-20 19:38 - 2014-06-15 00:24 - 000000000 ____D C:\Users\Kaz\Documents\my games
2019-04-18 22:58 - 2017-09-22 20:56 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Heat_Signature
2019-04-18 14:41 - 2014-10-17 12:44 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-04-18 14:41 - 2014-10-17 12:44 - 000000000 ____D C:\Windows\system32\MRT
2019-04-15 19:59 - 2018-11-01 10:09 - 000000000 ____D C:\Program Files (x86)\Origin
2019-04-15 16:00 - 2016-12-23 01:21 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\discord
2019-04-15 10:28 - 2015-08-09 23:10 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Adobe
2019-04-14 19:30 - 2014-06-14 15:50 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-14 19:30 - 2014-06-14 15:50 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-14 19:12 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-14 19:12 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-04-14 19:05 - 2017-11-14 12:38 - 000000340 _____ C:\Windows\Tasks\Connect.job
2019-04-14 19:04 - 2015-09-16 00:28 - 000000000 ____D C:\Users\Kaz\AppData\Local\LogMeIn Hamachi
2019-04-14 19:03 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-14 19:02 - 2014-06-14 17:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-14 18:44 - 2014-07-23 13:08 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Audacity
2019-04-14 18:05 - 2015-08-09 23:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-14 18:03 - 2014-09-06 13:36 - 000000000 ____D C:\Users\Kaz\AppData\Local\Adobe
2019-04-13 17:03 - 2014-06-14 15:31 - 000000000 ____D C:\Users\Kaz
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\Users\Kaz\Documents\TableSmith
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TableSmith
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\Program Files (x86)\TableSmith52
2019-04-07 20:11 - 2014-06-14 19:14 - 000000000 ____D C:\Users\Kaz\AppData\Local\CrashDumps
2019-04-05 22:51 - 2015-07-19 22:07 - 000000000 ____D C:\Program Files (x86)\Opera
2019-04-05 22:41 - 2018-07-24 09:08 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2019-04-05 22:41 - 2018-07-24 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-25 00:15 - 2018-12-13 22:58 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Surviving Mars
==================== Files in the root of some directories =======
2019-03-28 16:20 - 2019-03-28 16:20 - 007505920 _____ () C:\Program Files (x86)\GUTD47D.tmp
2015-10-20 11:37 - 2015-10-20 11:37 - 000001099 _____ () C:\Program Files (x86)\RepairSurge.lnk
2018-06-03 18:59 - 2018-06-03 18:59 - 000000000 _____ () C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini
2014-11-13 00:19 - 2014-11-13 09:57 - 000000003 _____ () C:\Users\Kaz\AppData\Local\proxy.log
2019-04-20 20:18 - 2019-04-20 20:18 - 000001426 _____ () C:\Users\Kaz\AppData\Local\recently-used.xbel
2014-06-15 04:31 - 2018-09-30 18:48 - 000007665 _____ () C:\Users\Kaz\AppData\Local\Resmon.ResmonCfg
2016-04-17 23:34 - 2016-04-17 23:34 - 000000000 _____ () C:\Users\Kaz\AppData\Local\{609C432A-7AF6-4E98-8708-7ABAB6E8D089}
2015-06-29 11:24 - 2015-06-29 11:24 - 000000000 _____ () C:\Users\Kaz\AppData\Local\{E17CFB37-5925-44F5-AE95-23DA374C46A4}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-04-23 15:02
==================== End of FRST.txt ============================