Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01 Ran by deckx (administrator) on DECKX-PC (16-06-2018 19:04:48) Running from C:\Users\Safe\Desktop Loaded Profiles: deckx & Safe (Available Profiles: deckx & Safe & test & MSSQL$SQLEXPRESS & DefaultAppPool) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Akamai Technologies, Inc.) C:\Users\Safe\AppData\Local\Akamai\netsession_win.exe (VASCO Data Security) C:\Users\Safe\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe (Citrix Systems, Inc.) C:\Users\Safe\AppData\Local\Citrix\ICA Client\concentr.exe (f.lux Software LLC) C:\Users\Safe\AppData\Local\FluxSoftware\Flux\flux.exe (Spotify Ltd) C:\Users\Safe\AppData\Roaming\Spotify\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Akamai Technologies, Inc.) C:\Users\Safe\AppData\Local\Akamai\netsession_win.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Citrix Systems, Inc.) C:\Users\Safe\AppData\Local\Citrix\ICA Client\Receiver\Receiver.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Citrix Systems, Inc.) C:\Users\Safe\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Citrix Systems, Inc.) C:\Users\Safe\AppData\Local\Citrix\SelfService\Program Files\SelfServicePlugin.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (VASCO Data Security) C:\Users\Safe\AppData\Local\VASCO\NativeBridge\digipass-nativebridge.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd) HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\Run: [Spotify Web Helper] => C:\Users\deckx\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-27] (Spotify Ltd) HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\MountPoints2: E - E:\vs_enterprise.exe HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\MountPoints2: {4da46f62-6ce2-11e4-ab46-806e6f6e6963} - D:\Install.exe HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\MountPoints2: {e3d36a40-1847-11e5-938b-d43d7e9b6d3e} - E:\vs_professional.exe HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\MountPoints2: {ec08bd37-cb2b-11e5-a07f-d43d7e9b6d3e} - E:\SETUP.EXE HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Run: [Akamai NetSession Interface] => C:\Users\Safe\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd) HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Run: [DigipassNativeBridge] => C:\Users\Safe\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe [108592 2016-09-06] (VASCO Data Security) HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Run: [ConnectionCenter] => C:\Users\Safe\AppData\Local\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.) HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Run: [f.lux] => C:\Users\Safe\AppData\Local\FluxSoftware\Flux\flux.exe [1805832 2018-06-08] (f.lux Software LLC) HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Run: [com.deezer.deezer-desktop] => C:\Users\Safe\AppData\Local\Programs\deezer-desktop\Deezer.exe HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Run: [Spotify Web Helper] => C:\Users\Safe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-06-14] (Spotify Ltd) HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\MountPoints2: E - E:\vs_professional.exe HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\MountPoints2: {4da46f62-6ce2-11e4-ab46-806e6f6e6963} - D:\Autorun.exe HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\MountPoints2: {e3d36a40-1847-11e5-938b-d43d7e9b6d3e} - E:\vs_professional.exe HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\MountPoints2: {ec08bd37-cb2b-11e5-a07f-d43d7e9b6d3e} - E:\SETUP.EXE ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4113D5E6-B5E7-43ED-898A-A346D4043971}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9280EBDB-DB42-4E4E-A718-7E07F422E52B}: [DhcpNameServer] 192.168.220.1 Tcpip\..\Interfaces\{F19C2058-79F4-48C3-8FCF-C634CDB68B05}: [DhcpNameServer] 192.168.80.2 Internet Explorer: ================== HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/nl-be/?ocid=iehp SearchScopes: HKU\S-1-5-21-3377807318-2724434003-2614323792-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3377807318-2724434003-2614323792-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-03] (Oracle Corporation) BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-03] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation) Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2016-04-19] (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2016-04-19] (SAP, Walldorf) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-03] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3377807318-2724434003-2614323792-1005: @Citrix.com/npican -> C:\Users\Safe\AppData\Local\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.) FF Plugin HKU\S-1-5-21-3377807318-2724434003-2614323792-1005: SkypePlugin -> C:\Users\Safe\AppData\Local\SkypePlugin\7.17.0.43\npGatewayNpapi.dll [2016-03-21] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-3377807318-2724434003-2614323792-1005: SkypePlugin64 -> C:\Users\Safe\AppData\Local\SkypePlugin\7.17.0.43\npGatewayNpapi-x64.dll [2016-03-21] (Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> mail.ru/cnt/20595300?rciguc__PARAM__ CHR StartupUrls: Default -> "hxxps://www.google.be/" CHR Profile: C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default [2018-01-28] CHR Extension: (Docs) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04] CHR Extension: (YouTube) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-04] CHR Extension: (Adblock Plus) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-28] CHR Extension: (Adobe Acrobat) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-27] CHR Extension: (Avast SafePrice) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-01-28] CHR Extension: (Google Docs Offline) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04] CHR Extension: (Avast Online Security) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-16] CHR Extension: (Skype) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01] CHR Extension: (Chrome Media Router) - C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-28] CHR HKLM-x32\...\Chrome\Extension: [ahkmpjnmnhjkpkacdhkliipnncobgkhk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fbkdlibjhnblcbjjecnlpkldhbkedfhj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed] R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-17] (AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-04] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-04] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-06-05] () S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-06-03] (EasyAntiCheat Ltd) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-05-30] (Hi-Rez Studios) [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation) S3 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation) R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation) S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-17] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-12] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-12] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-12] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-12] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-17] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-17] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-17] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-17] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-17] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-17] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-17] (AVAST Software) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-10-09] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-10-09] (Disc Soft Ltd) S3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto) S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) [File not signed] R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-29] (DotC United Inc) <==== ATTENTION S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [101376 2011-11-21] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [217088 2011-11-21] (Renesas Electronics Corporation) R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131096 2016-10-18] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [203856 2016-10-18] (Oracle Corporation) R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] (VMware, Inc.) R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 cpuz134; \??\C:\Users\deckx\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-16 19:04 - 2018-06-16 19:05 - 000023188 _____ C:\Users\Safe\Desktop\FRST.txt 2018-06-16 19:04 - 2018-06-16 19:04 - 000000000 ____D C:\Users\Safe\Desktop\FRST-OlderVersion 2018-06-16 19:04 - 2018-06-16 19:04 - 000000000 ____D C:\FRST 2018-06-16 14:45 - 2018-06-16 14:45 - 000085460 _____ C:\Windows\ntbtlog.txt 2018-06-14 19:37 - 2018-06-14 19:37 - 000276008 _____ C:\Windows\Minidump\061418-43524-01.dmp 2018-06-11 12:37 - 2018-06-11 12:38 - 000276008 _____ C:\Windows\Minidump\061118-41309-01.dmp 2018-06-10 14:17 - 2018-06-10 14:17 - 002407806 _____ C:\Users\Safe\Downloads\Photos.zip 2018-06-10 14:17 - 2018-06-10 14:17 - 000000000 ____D C:\Users\Safe\Downloads\Photos 2018-06-03 20:01 - 2018-06-03 20:01 - 000000000 ____D C:\Users\Safe\AppData\Local\HirezLauncherUI 2018-06-03 19:51 - 2018-06-16 18:38 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2018-06-03 19:51 - 2018-06-03 20:12 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2018-06-03 19:51 - 2018-06-03 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2018-06-03 17:59 - 2018-06-03 17:59 - 000000222 _____ C:\Users\Safe\Desktop\Paladins.url 2018-05-30 18:52 - 2018-05-30 18:52 - 000000000 ____D C:\Users\Safe\AppData\Local\BattlEye 2018-05-24 16:42 - 2018-05-24 16:42 - 000168908 _____ C:\Users\Safe\Downloads\Crime_statistics_YB2014.xlsx 2018-05-24 16:17 - 2018-05-24 16:17 - 000276008 _____ C:\Windows\Minidump\052418-24507-01.dmp 2018-05-22 16:23 - 2018-05-22 16:23 - 002129964 _____ C:\Users\Safe\Downloads\Final Document - Tom Bruyninx - Stage iRelate V1.0.rar 2018-05-17 14:13 - 2018-05-17 14:12 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-16 19:04 - 2016-05-01 21:24 - 002413056 _____ (Farbar) C:\Users\Safe\Desktop\FRST64.exe 2018-06-16 18:49 - 2009-07-14 06:45 - 000043488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-06-16 18:49 - 2009-07-14 06:45 - 000043488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-06-16 18:46 - 2014-12-04 20:48 - 000000000 ____D C:\Program Files (x86)\Steam 2018-06-16 18:39 - 2016-11-07 14:45 - 000000000 ____D C:\ProgramData\VMware 2018-06-16 18:39 - 2015-12-06 21:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-06-16 18:38 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-16 18:19 - 2016-08-05 16:05 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-06-16 14:50 - 2017-09-18 13:35 - 547206501 _____ C:\Windows\MEMORY.DMP 2018-06-16 14:50 - 2015-05-31 23:18 - 000000000 ____D C:\Windows\Minidump 2018-06-16 01:07 - 2016-04-11 17:21 - 000000000 ____D C:\Users\Safe\AppData\Roaming\Spotify 2018-06-15 23:37 - 2016-04-11 17:21 - 000000000 ____D C:\Users\Safe\AppData\Local\Spotify 2018-06-15 23:31 - 2017-06-06 19:52 - 000004472 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-06-15 23:31 - 2017-03-05 13:53 - 000003146 _____ C:\Windows\System32\Tasks\StartCN 2018-06-15 23:31 - 2017-01-26 13:05 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-06-15 23:31 - 2016-12-05 12:11 - 000003350 _____ C:\Windows\System32\Tasks\AMD ThankingURL 2018-06-15 23:31 - 2016-04-29 19:29 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2018-06-15 23:31 - 2016-04-29 15:19 - 000003080 _____ C:\Windows\System32\Tasks\MailRuUpdater 2018-06-15 23:31 - 2016-02-04 14:40 - 000002992 _____ C:\Windows\System32\Tasks\{015D44F5-2E15-43B1-B934-1C9090AFA537} 2018-06-15 23:31 - 2016-02-04 14:39 - 000002992 _____ C:\Windows\System32\Tasks\{C0D68CA8-984B-408C-A1BB-55CC30E9C653} 2018-06-15 23:31 - 2016-02-04 14:02 - 000003032 _____ C:\Windows\System32\Tasks\{6D14CE76-F58C-4DF9-AFFF-B96CBEB5FD99} 2018-06-15 23:31 - 2015-02-09 16:50 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-06-15 23:31 - 2015-02-06 22:31 - 000003208 _____ C:\Windows\System32\Tasks\Minecraft Checksum Validator 2018-06-15 23:31 - 2014-11-15 18:26 - 000003490 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-06-15 23:31 - 2014-11-15 18:26 - 000003362 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-06-14 19:44 - 2017-01-19 18:40 - 000000000 ____D C:\Users\Safe\AppData\Roaming\discord 2018-06-14 12:08 - 2009-07-14 07:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-06-13 23:45 - 2014-11-15 18:26 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-12 19:56 - 2016-02-04 14:24 - 000000000 ____D C:\Program Files (x86)\Call of Duty- Modern Warfare 3 2018-06-09 16:22 - 2018-03-14 17:16 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2018-06-09 16:22 - 2018-03-14 17:16 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk 2018-06-09 12:59 - 2017-01-18 00:02 - 000002040 _____ C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2018-06-08 13:24 - 2015-02-09 16:50 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-06-08 13:24 - 2015-02-09 16:50 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-06-08 13:24 - 2015-02-09 16:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-06-08 13:24 - 2015-02-09 16:49 - 000000000 ____D C:\Windows\system32\Macromed 2018-06-07 20:58 - 2014-11-15 18:18 - 000000000 ____D C:\Users\deckx 2018-06-03 21:41 - 2016-05-11 13:53 - 000000000 ____D C:\Users\Safe\AppData\Local\CrashDumps 2018-06-03 20:11 - 2015-06-06 21:03 - 000000000 ____D C:\Users\Safe\Documents\My Games 2018-06-03 20:10 - 2018-03-23 18:03 - 000000000 ____D C:\Users\Safe\AppData\Roaming\EasyAntiCheat 2018-06-03 19:51 - 2014-11-15 18:26 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-05-23 17:13 - 2014-12-23 01:32 - 000000000 ____D C:\Users\Safe\AppData\Roaming\Skype 2018-05-21 17:27 - 2016-04-29 13:40 - 000000000 ____D C:\Users\Safe\Desktop\rommel 2018-05-20 20:07 - 2017-07-16 19:41 - 000000000 ____D C:\Users\Safe\Desktop\Games 2018-05-17 14:13 - 2017-03-18 15:19 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-05-17 14:12 - 2017-11-20 13:54 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-05-17 14:12 - 2017-11-13 11:52 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-05-17 14:12 - 2016-04-29 19:29 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys ==================== Files in the root of some directories ======= 2016-05-31 13:39 - 2016-05-31 13:54 - 000000115 _____ () C:\Users\deckx\AppData\Roaming\LogFile.txt 2016-04-07 19:14 - 2017-09-01 12:36 - 000007622 _____ () C:\Users\deckx\AppData\Local\Resmon.ResmonCfg 2015-05-31 23:09 - 2015-05-31 23:09 - 000000000 _____ () C:\Users\deckx\AppData\Local\Temp.dat Some files in TEMP: ==================== 2005-02-26 23:36 - 2005-02-26 23:36 - 000700416 _____ (Electronic Arts Inc.) C:\Users\deckx\AppData\Local\Temp\AutoRun.exe 2018-04-14 22:42 - 2005-02-26 09:44 - 000606208 _____ (Electronic Arts Inc.) C:\Users\deckx\AppData\Local\Temp\AutoRunGUI.dll 2015-11-30 13:05 - 2015-11-30 13:05 - 000194048 _____ () C:\Users\deckx\AppData\Local\Temp\curllib.dll 2018-04-14 22:45 - 2005-02-26 07:30 - 001453843 ____R (Macromedia, Inc.) C:\Users\deckx\AppData\Local\Temp\First15.exe 2014-05-27 12:36 - 2014-05-27 12:36 - 001016832 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\deckx\AppData\Local\Temp\libeay32.dll 2015-11-30 13:05 - 2015-11-30 13:05 - 000077888 _____ (Carnegie Mellon University) C:\Users\deckx\AppData\Local\Temp\libsasl.dll 2018-05-04 22:19 - 2018-05-04 22:19 - 000065024 _____ () C:\Users\deckx\AppData\Local\Temp\mgwz.dll 2015-11-30 13:05 - 2015-11-30 13:05 - 000110592 _____ () C:\Users\deckx\AppData\Local\Temp\openldap.dll 2014-05-27 12:36 - 2014-05-27 12:36 - 000200192 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\deckx\AppData\Local\Temp\ssleay32.dll 2018-04-14 22:45 - 2005-02-26 07:34 - 000023040 ____R () C:\Users\deckx\AppData\Local\Temp\VP6Install.exe 2018-04-14 22:45 - 2005-02-26 07:34 - 000442368 ____R (On2.com) C:\Users\deckx\AppData\Local\Temp\VP6VFW.dll 2016-06-03 12:54 - 2016-06-03 12:54 - 000005632 _____ () C:\Users\Safe\AppData\Local\Temp\7wds82yu.dll 2016-10-01 18:05 - 2016-10-01 18:05 - 029812904 _____ (ArenaNet) C:\Users\Safe\AppData\Local\Temp\Gw2.exe 2018-06-05 13:03 - 2018-03-28 18:40 - 000037376 _____ (Microsoft) C:\Users\Safe\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe 2018-06-05 13:03 - 2018-03-28 18:40 - 000020480 _____ (Microsoft) C:\Users\Safe\AppData\Local\Temp\HiRezLauncherControls.dll 2018-05-23 13:59 - 2018-05-23 13:59 - 058834376 _____ (Skype Technologies S.A.) C:\Users\Safe\AppData\Local\Temp\SkypeSetup.exe 2016-06-01 13:38 - 2012-02-13 22:41 - 000314784 _____ () C:\Users\Safe\AppData\Local\Temp\Uninstaller-4800.exe 2016-06-01 13:34 - 2012-02-13 22:41 - 000314784 _____ () C:\Users\Safe\AppData\Local\Temp\Uninstaller-5596.exe 2016-06-01 13:34 - 2012-02-13 22:41 - 000314784 _____ () C:\Users\Safe\AppData\Local\Temp\Uninstaller-5616.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-08 13:05 ==================== End of FRST.txt ============================