Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019 Ran by Insane (administrator) on DESKTOP-B0HRTSQ (24-03-2019 13:15:16) Running from S:\Downloads Loaded Profiles: Insane (Available Profiles: Insane) Platform: Windows 10 Home Version 1809 17763.107 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0325048.inf_amd64_11893fcefe9ebf56\atiesrxx.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Razer USA Ltd. -> Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TEFINCOM S.A. -> ) E:\Program Files (x86)\NordVPN\nordvpn-service.exe (Electronic Arts, Inc. -> Electronic Arts) E:\Program Files (x86)\Origin\OriginWebHelperService.exe (VMware, Inc. -> VMware, Inc.) E:\Program Files (x86)\VMWARE\vmware-authd.exe (Malwarebytes Corporation -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Razer\Razer Services\GMS\SteamCmd\steamcmd.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) E:\Program Files\AMD\CNext\CNext\RadeonSettings.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20594.0_x64__8wekyb3d8bbwe\YourPhone.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) E:\Program Files\AMD\CNext\CNext\amddvr.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) E:\Program Files\AMD\CNext\CNext\amdow.exe (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Discord Inc. -> Discord Inc.) C:\Users\Insane\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\Insane\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\Insane\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\Insane\AppData\Local\Discord\app-0.0.305\Discord.exe (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe (Firebit OU -> Rainmeter) E:\Program Files\Rainmeter\Rainmeter.exe (Discord Inc. -> Discord Inc.) C:\Users\Insane\AppData\Local\Discord\app-0.0.305\Discord.exe (ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe (Discord Inc. -> Discord Inc.) C:\Users\Insane\AppData\Local\Discord\app-0.0.305\Discord.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google LLC -> Google Inc.) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) HKLM\...\Run: [RTHDVCPL] => E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16884224 2017-02-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [vmware-tray.exe] => E:\Program Files (x86)\VMWARE\vmware-tray.exe [112104 2018-01-08] (VMware, Inc. -> VMware, Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2222582211-2325190247-1126929042-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation) HKU\S-1-5-21-2222582211-2325190247-1126929042-1001\...\Run: [Discord] => C:\Users\Insane\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-2222582211-2325190247-1126929042-1001\...\Run: [Spotify] => C:\Users\Insane\AppData\Roaming\Spotify\Spotify.exe [25941224 2019-03-11] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-2222582211-2325190247-1126929042-1001\...\Run: [EpicGamesLauncher] => E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35149712 2018-12-14] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-2222582211-2325190247-1126929042-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3471600 2019-03-11] (Razer USA Ltd. -> ) HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3471600 2019-03-11] (Razer USA Ltd. -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> E:\Program Files (x86)\Google\Chrome\Application\73.0.3683.75\Installer\chrmstp.exe [2019-03-17] (Google LLC -> Google Inc.) Startup: C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-03-11] ShortcutTarget: Rainmeter.lnk -> E:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter) Startup: C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2019-02-21] ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed] GroupPolicy: Restriction - Windows Defender <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\Parameters: [NameServer] 82.163.142.182 82.163.143.180 Tcpip\..\Interfaces\{1edfbd38-8b63-49ba-9f9a-b4114bd16ed0}: [NameServer] 82.163.142.182 82.163.143.180 Tcpip\..\Interfaces\{1edfbd38-8b63-49ba-9f9a-b4114bd16ed0}: [DhcpNameServer] 192.168.2.254 Tcpip\..\Interfaces\{5036bf5b-b4bb-49e8-9214-44f6ce6b1675}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{5036bf5b-b4bb-49e8-9214-44f6ce6b1675}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{541e4f43-194b-43b6-a460-f02d8a50a43a}: [NameServer] 82.163.142.182 82.163.143.180 Tcpip\..\Interfaces\{55ea5bc3-7b5c-42a7-8406-9c2f9c16dd30}: [NameServer] 82.163.142.182 82.163.143.180 Tcpip\..\Interfaces\{55ea5bc3-7b5c-42a7-8406-9c2f9c16dd30}: [DhcpNameServer] 82.163.142.182 Tcpip\..\Interfaces\{77332a80-40e6-4e83-b01c-feca4f049cdd}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{cc28a6a3-eed3-11e8-9a97-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{dd78fa0c-b863-4e6d-918b-e34dba4e12c7}: [NameServer] 82.163.142.182 82.163.143.180 Tcpip\..\Interfaces\{e5c6c061-6765-4a6e-8247-eb8db22c49a3}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{e5c6c061-6765-4a6e-8247-eb8db22c49a3}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{e92f5542-fec3-4922-9722-b3078ba2b9fc}: [NameServer] 82.163.142.182 82.163.143.180 Tcpip\..\Interfaces\{e92f5542-fec3-4922-9722-b3078ba2b9fc}: [DhcpNameServer] 82.163.142.182 Tcpip\..\Interfaces\{f1c55a83-5807-4ad2-b7b6-261801714ef3}: [NameServer] 8.8.8.8 Internet Explorer: ================== SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-20] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-07] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-30] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-30] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - E:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - E:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - E:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - E:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe FireFox: ======== FF DefaultProfile: gidzskn1.default FF ProfilePath: C:\Users\Insane\AppData\Roaming\Mozilla\Firefox\Profiles\gidzskn1.default [2019-03-24] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-30] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-30] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> E:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-17] (Google Inc -> Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-17] (Google Inc -> Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "","hxxp://www.google.com","hxxps://encrypted.google.com" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default [2019-03-24] CHR Extension: (Slides) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-17] CHR Extension: (Docs) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-17] CHR Extension: (Google Drive) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-17] CHR Extension: (TunnelBear Blocker) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdhgdigjiiamnkcenegafmfjoghafk [2019-03-18] CHR Extension: (Translator) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blndkmebkmenignoajhoemebccmmfjib [2019-03-18] CHR Extension: (YouTube) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-17] CHR Extension: (Sheets) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-17] CHR Extension: (Google Docs Offline) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-17] CHR Extension: (Gmail) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-17] CHR Extension: (Chrome Media Router) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-17] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0325048.inf_amd64_11893fcefe9ebf56\atiesrxx.exe [481760 2018-03-05] (Advanced Micro Devices, Inc. -> AMD) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-02-07] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-06] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [782976 2019-02-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-10-25] (FUTUREMARK INC -> Futuremark) S3 GoogleChromeElevationService; E:\Program Files (x86)\Google\Chrome\Application\73.0.3683.75\elevation_service.exe [1268720 2019-03-11] (Google LLC -> Google Inc.) S3 iPod Service; E:\Program Files\iPod\bin\iPodService.exe [659256 2018-11-15] (Apple Inc. -> Apple Inc.) R2 MBAMService; E:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 nordvpn-service; E:\Program Files (x86)\NordVPN\nordvpn-service.exe [217040 2019-02-21] (TEFINCOM S.A. -> ) S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-02-19] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; E:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-02-19] (Electronic Arts, Inc. -> Electronic Arts) R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449632 2019-01-30] (Razer USA Ltd. -> Razer Inc.) R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943184 2019-02-26] (Razer USA Ltd. -> Razer Inc.) R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-12-18] (Razer USA Ltd. -> Razer Inc) R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [287472 2019-03-11] (Razer USA Ltd. -> ) R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [535424 2019-01-28] (Razer USA Ltd. -> Razer Inc.) R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2018-01-09] (Razer USA Ltd. -> Razer Inc) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665240 2019-02-26] (TeamViewer GmbH -> TeamViewer GmbH) R2 VMAuthdService; E:\Program Files (x86)\VMWARE\vmware-authd.exe [99816 2018-01-08] (VMware, Inc. -> VMware, Inc.) S2 VMwareHostd; E:\Program Files (x86)\VMWARE\vmware-hostd.exe [12443624 2018-01-08] (VMware, Inc. -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation) S3 WMPNetworkSvc; E:\Program Files\Windows Media Player\wmpnetwk.exe [1184256 2018-04-11] (Microsoft Corporation) [File not signed] S4 WsDrvInst; E:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [43400 2017-03-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-13] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0325048.inf_amd64_11893fcefe9ebf56\atikmdag.sys [41593824 2018-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0325048.inf_amd64_11893fcefe9ebf56\atikmpag.sys [546272 2018-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-26] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R2 AMDRyzenMasterDriverV13; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [71152 2018-12-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices) S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2019-01-04] (ASROCK Incorporation -> ASRock Incorporation) S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2018-11-30] (ASROCK Incorporation -> ASRock Incorporation) [File not signed] R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111112 2017-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-03-23] (Malwarebytes Corporation -> Malwarebytes) R2 GungHoNet; C:\Windows\System32\GungHoNet.sys [13112 2019-02-04] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2019-03-12] (SurfRight B.V. -> ) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-03-24] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-03-24] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-24] (Malwarebytes Corporation -> Malwarebytes) R3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2018-09-15] (Microsoft Windows -> MediaTek Inc.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1131024 2018-10-23] (Realtek Semiconductor Corp. -> Realtek ) R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc) R3 RzDev_0060; C:\Windows\System32\drivers\RzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc) R3 RzDev_0221; C:\Windows\System32\drivers\RzDev_0221.sys [51696 2018-04-22] (Razer USA Ltd. -> Razer Inc) R3 RzDev_0C00; C:\Windows\System32\drivers\RzDev_0C00.sys [51696 2018-04-22] (Razer USA Ltd. -> Razer Inc) S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52240 2017-07-19] (Razer USA Ltd. -> Razer Inc) R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider) R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVMAUXVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmauxvaio64_win10.sys [71920 2019-03-22] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win10.sys [71712 2019-03-22] (Vincent Burel -> Windows (R) Win 7 DDK provider) R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc. -> VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-24 13:15 - 2019-03-24 13:15 - 000000000 ____D C:\FRST 2019-03-24 02:43 - 2019-03-24 02:43 - 000004652 _____ C:\Users\Insane\AppData\Roaming\VoiceMeeterDefault.xml 2019-03-24 01:12 - 2019-03-24 01:12 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-03-24 01:12 - 2019-03-24 01:12 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-03-24 01:12 - 2019-03-24 01:12 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-03-24 01:04 - 2019-03-24 01:04 - 000000000 ____D C:\ProgramData\Mozilla 2019-03-24 00:47 - 2019-03-24 00:47 - 000000000 ____D C:\Users\Insane\AppData\Roaming\CitizenFX 2019-03-24 00:46 - 2019-03-24 00:47 - 000000000 ____D C:\Users\Insane\AppData\Local\DigitalEntitlements 2019-03-24 00:36 - 2019-03-24 00:36 - 000002142 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk 2019-03-24 00:36 - 2019-03-24 00:36 - 000002134 _____ C:\Users\Insane\Desktop\FiveM Singleplayer.lnk 2019-03-24 00:36 - 2019-03-24 00:36 - 000002134 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk 2019-03-24 00:36 - 2019-03-24 00:36 - 000002126 _____ C:\Users\Insane\Desktop\FiveM.lnk 2019-03-24 00:36 - 2019-03-24 00:36 - 000000000 ____D C:\Users\Insane\AppData\Local\FiveM 2019-03-23 14:07 - 2019-03-23 14:07 - 000000222 _____ C:\Users\Insane\Desktop\Far Cry 5.url 2019-03-23 13:09 - 2019-03-23 13:09 - 000000222 _____ C:\Users\Insane\Desktop\Far Cry New Dawn.url 2019-03-22 20:19 - 2019-03-22 20:19 - 000000000 ____D C:\ProgramData\{760EE9FC-32F3-DF9D-8B2F-1E538BC84702} 2019-03-22 19:49 - 2019-03-22 20:20 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Jetmedia 2019-03-22 19:48 - 2019-03-22 19:48 - 000000000 ____D C:\ProgramData\{6989941D-4F12-C01A-6A52-994C6AB5C01D} 2019-03-22 16:50 - 2019-03-22 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.8.3 2019-03-22 02:11 - 2019-03-22 02:11 - 000071920 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_vmauxvaio64_win10.sys 2019-03-22 02:11 - 2019-03-22 02:11 - 000071712 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_vmvaio64_win10.sys 2019-03-22 02:11 - 2019-03-22 02:11 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio 2019-03-22 02:11 - 2019-03-22 02:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio 2019-03-21 13:18 - 2019-03-21 13:19 - 000000000 ____D C:\Users\Insane\Desktop\rq 2019-03-20 18:55 - 2019-03-20 18:55 - 000000222 _____ C:\Users\Insane\Desktop\Friday the 13th The Game.url 2019-03-20 03:41 - 2019-03-20 03:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office-hulpprogramma's 2019-03-19 23:17 - 2019-03-19 23:17 - 000000000 ____D C:\Users\Insane\AppData\Local\TeamViewer 2019-03-19 22:10 - 2019-03-19 22:10 - 000001057 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk 2019-03-19 22:10 - 2019-03-19 22:10 - 000001049 _____ C:\Users\Insane\Desktop\join.me.lnk 2019-03-19 22:06 - 2019-03-19 22:10 - 000000000 ____D C:\Users\Insane\AppData\Local\join.me 2019-03-19 22:06 - 2019-03-19 22:06 - 000000000 ____D C:\Users\Insane\AppData\Local\LogMeIn 2019-03-19 22:06 - 2019-03-19 22:06 - 000000000 ____D C:\ProgramData\join.me 2019-03-19 00:24 - 2019-03-19 00:24 - 000019696 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_156035221316878.dll 2019-03-18 00:14 - 2019-03-18 00:14 - 000001369 _____ C:\Users\Insane\Desktop\TeamViewer 14.lnk 2019-03-18 00:09 - 2019-03-18 00:09 - 000001111 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-03-18 00:02 - 2019-03-18 00:02 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Google 2019-03-17 23:58 - 2019-03-18 00:11 - 000000000 ____D C:\Users\Insane\AppData\Local\Google 2019-03-17 23:58 - 2019-03-17 23:58 - 000003576 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-03-17 23:58 - 2019-03-17 23:58 - 000003452 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-03-17 23:58 - 2019-03-17 23:58 - 000001477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-03-17 23:58 - 2019-03-17 23:58 - 000001448 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-03-17 20:16 - 2019-03-22 19:49 - 000000000 ____D C:\ProgramData\{0CA80EBD-D5B2-A53B-CAC8-B829CA2FE178} 2019-03-17 19:43 - 2019-03-22 20:20 - 000000000 ____D C:\ProgramData\{06BF91DA-4AD5-AF2C-AD57-AF23ADB0F672} 2019-03-15 15:31 - 2019-03-15 15:31 - 000000000 ____D C:\Users\Insane\AppData\Local\Sony Corporation 2019-03-15 15:20 - 2019-03-15 15:20 - 000002048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS4 Remote Play.lnk 2019-03-15 15:20 - 2019-03-15 15:20 - 000002036 _____ C:\Users\Public\Desktop\PS4 Remote Play.lnk 2019-03-12 21:44 - 2019-03-12 21:44 - 000319024 _____ C:\active_protection.txt 2019-03-12 21:44 - 2019-03-12 21:44 - 000035928 _____ C:\url_setting_definitions.txt 2019-03-12 21:31 - 2019-03-12 21:31 - 000000000 ____D C:\Users\Insane\AppData\Local\mbam 2019-03-12 21:30 - 2019-03-23 17:11 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-03-12 21:30 - 2019-03-12 21:30 - 000001020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-03-12 21:30 - 2019-03-12 21:30 - 000000000 ____D C:\Users\Insane\AppData\Local\mbamtray 2019-03-12 21:30 - 2019-03-12 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-03-12 21:30 - 2019-03-12 21:30 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-03-12 21:30 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2019-03-12 21:25 - 2019-03-13 14:06 - 000000000 ____D E:\Program Files\Reimage 2019-03-12 21:15 - 2019-03-12 21:15 - 000004514 _____ C:\Windows\system32\.crusader 2019-03-12 21:11 - 2019-03-12 21:16 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2019-03-12 21:11 - 2019-03-12 21:15 - 000000000 ____D C:\ProgramData\HitmanPro 2019-03-12 21:04 - 2019-03-12 21:04 - 000000000 ____D C:\ProgramData\Microsoft Toolkit 2019-03-12 20:59 - 2019-03-12 21:00 - 000000000 ____D C:\AdwCleaner 2019-03-12 20:57 - 2019-03-12 20:57 - 000000258 __RSH C:\Users\Insane\ntuser.pol 2019-03-12 20:44 - 2019-03-18 00:51 - 000000000 ____D C:\ProgramData\{BD7BCDCA-16C5-14E8-BD0B-6B98BDEC32C9} 2019-03-12 20:44 - 2019-03-18 00:51 - 000000000 ____D C:\ProgramData\{2DEC06E1-DDEE-847F-96C0-FC089627A559} 2019-03-12 20:44 - 2019-03-12 20:44 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-03-12 20:43 - 2019-03-12 20:53 - 000722944 _____ C:\Users\Insane\AppData\Local\sha.db 2019-03-12 20:43 - 2019-03-12 20:43 - 000140800 _____ C:\Users\Insane\AppData\Local\installer.dat 2019-03-12 20:42 - 2019-03-19 22:06 - 000000000 ____D C:\ProgramData\boost_interprocess 2019-03-12 20:41 - 2019-03-12 21:44 - 000000000 ____D E:\Program Files\Windows 10 Pro Permanent Activator Ultimate 2.2 2019-03-11 19:37 - 2019-03-11 19:37 - 000108477 _____ C:\Windows\uninstaller.dat 2019-03-11 14:03 - 2019-03-11 14:55 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Rainmeter 2019-03-11 14:00 - 2019-03-11 14:00 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2019-03-11 14:00 - 2019-03-11 14:00 - 000000000 ____D E:\Program Files\Rainmeter 2019-03-11 13:57 - 2019-03-24 12:55 - 000000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt 2019-03-11 13:57 - 2019-03-11 13:57 - 000000000 ____D C:\ProgramData\RzSurroundVAD_1.1.63.0 2019-03-11 13:57 - 2019-03-11 13:57 - 000000000 _____ C:\Windows\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt 2019-03-08 19:54 - 2019-03-08 20:00 - 000000319 _____ C:\Users\Insane\Desktop\anti-afk.ahk 2019-03-08 04:34 - 2019-03-10 01:04 - 000000676 _____ C:\Users\Public\Desktop\Anthemâ„¢.lnk 2019-03-08 04:34 - 2019-03-08 04:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anthemâ„¢ 2019-03-07 13:31 - 2019-03-07 13:31 - 000000000 ____D C:\Users\Insane\AppData\Local\ATI 2019-03-06 15:40 - 2019-03-06 15:40 - 000000222 _____ C:\Users\Insane\Desktop\Conan Exiles.url 2019-03-02 18:45 - 2019-03-02 18:53 - 000000475 _____ C:\Users\Insane\Desktop\Click.ahk 2019-03-02 16:19 - 2019-03-02 16:19 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Electrum 2019-03-02 16:18 - 2019-03-02 16:18 - 000001117 _____ C:\Users\Insane\Desktop\Electrum.lnk 2019-03-02 16:18 - 2019-03-02 16:18 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum 2019-03-02 16:12 - 2019-03-07 17:13 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Telegram Desktop 2019-03-02 16:12 - 2019-03-02 16:12 - 000001042 _____ C:\Users\Insane\Desktop\Telegram.lnk 2019-03-02 16:12 - 2019-03-02 16:12 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2019-02-28 21:16 - 2019-02-28 21:16 - 000000000 ____D C:\Users\Insane\AppData\Local\Infliction 2019-02-28 13:08 - 2019-02-28 13:08 - 000000000 ____D C:\Users\Insane\AppData\Roaming\[PREDATOR]plugin menu Data 2019-02-28 13:04 - 2019-02-28 13:04 - 000000000 ____D C:\Users\Insane\Desktop\Predator 2019-02-26 23:01 - 2019-03-18 00:23 - 000000000 ____D C:\Users\Insane\Desktop\Evolve 2019-02-26 04:28 - 2019-02-26 04:28 - 000116304 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll 2019-02-26 04:27 - 2019-02-26 04:27 - 000135760 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll 2019-02-24 15:48 - 2019-02-24 15:48 - 000220169 _____ C:\Users\Insane\Desktop\DESKTOP-B0HRTSQ.txt 2019-02-22 16:52 - 2019-02-22 16:52 - 000000928 _____ C:\Users\Public\Desktop\Minecraft.lnk 2019-02-22 16:52 - 2019-02-22 16:52 - 000000898 _____ C:\Users\Insane\Desktop\nativelog.txt 2019-02-22 16:52 - 2019-02-22 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-24 13:13 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-03-24 13:06 - 2018-11-23 04:57 - 000000000 ____D C:\Windows\system32\SleepStudy 2019-03-24 12:46 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp 2019-03-24 02:00 - 2018-12-22 14:50 - 000000000 ____D C:\Users\Insane\AppData\Local\Adobe 2019-03-24 01:24 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness 2019-03-24 01:18 - 2018-11-23 05:06 - 000865378 _____ C:\Windows\system32\PerfStringBackup.INI 2019-03-24 01:18 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF 2019-03-24 01:12 - 2018-12-18 16:52 - 000000000 ____D C:\ProgramData\VMware 2019-03-24 01:12 - 2018-11-23 04:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-03-24 01:11 - 2018-11-22 20:11 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2019-03-24 01:11 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI 2019-03-24 01:10 - 2018-12-01 16:43 - 000000000 ____D C:\Users\Insane\AppData\Local\Ubisoft Game Launcher 2019-03-24 01:10 - 2018-01-18 23:51 - 000000000 ____D E:\Program Files (x86)\Steam 2019-03-24 01:09 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\NDF 2019-03-24 01:04 - 2018-12-28 21:43 - 000000903 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-03-24 01:04 - 2018-12-28 21:43 - 000000000 ____D E:\Program Files\Mozilla Firefox 2019-03-24 01:04 - 2018-12-28 21:43 - 000000000 ____D C:\Users\Insane\AppData\LocalLow\Mozilla 2019-03-24 00:47 - 2018-11-22 20:16 - 000000000 ____D C:\Users\Insane\AppData\Local\D3DSCache 2019-03-23 23:16 - 2018-11-26 18:27 - 000000000 ____D C:\Users\Insane\AppData\Local\Spotify 2019-03-23 23:15 - 2018-11-26 18:26 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Spotify 2019-03-23 14:58 - 2018-11-22 20:20 - 000000000 ____D C:\Users\Insane\AppData\Roaming\discord 2019-03-23 14:45 - 2018-11-22 20:36 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-03-23 00:42 - 2019-02-02 14:30 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Origin 2019-03-23 00:42 - 2019-02-02 14:30 - 000000000 ____D C:\ProgramData\Origin 2019-03-22 16:25 - 2018-11-22 21:19 - 000000000 ____D C:\Users\Insane\AppData\Roaming\WhatsApp 2019-03-22 12:25 - 2019-02-02 14:33 - 000000000 ____D E:\Program Files (x86)\Origin Games 2019-03-22 02:11 - 2018-12-22 19:14 - 000000000 ____D E:\Program Files\VB 2019-03-21 23:42 - 2018-11-28 21:15 - 000000000 ____D C:\Users\Insane\AppData\Local\Battle.net 2019-03-21 16:28 - 2018-11-30 14:07 - 000000000 ____D C:\Users\Insane\AppData\Local\CrashDumps 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\TextInput 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\oobe 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\Dism 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\oobe 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\migwiz 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\appraiser 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellExperiences 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellComponents 2019-03-20 21:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\bcastdvr 2019-03-20 21:32 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Dism 2019-03-20 21:29 - 2019-01-09 20:37 - 000000000 ____D C:\Users\Insane\AppData\Local\ElevatedDiagnostics 2019-03-20 08:18 - 2018-12-30 16:31 - 000000000 ____D E:\Program Files\Rockstar Games 2019-03-20 03:41 - 2018-11-24 14:37 - 000002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype voor Bedrijven.lnk 2019-03-20 03:41 - 2018-11-24 14:37 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-03-20 03:41 - 2018-11-24 14:37 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-03-20 03:41 - 2018-11-24 14:37 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-03-20 03:41 - 2018-11-24 14:37 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-03-20 03:41 - 2018-11-24 14:37 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-03-20 03:41 - 2018-11-24 14:37 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-03-20 03:40 - 2018-11-24 14:28 - 000000000 ____D E:\Program Files (x86)\Microsoft Office 2019-03-19 23:10 - 2018-12-24 19:30 - 000000000 ____D C:\Users\Insane\AppData\Roaming\MAXON 2019-03-19 16:53 - 2018-11-22 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2019-03-19 01:28 - 2018-11-23 05:03 - 000000000 ____D C:\Users\Insane 2019-03-18 00:51 - 2018-11-23 04:56 - 005152040 _____ C:\Windows\system32\FNTCACHE.DAT 2019-03-18 00:06 - 2019-01-27 20:15 - 000000000 ____D E:\Program Files\Hue Sync 2019-03-16 21:54 - 2018-11-23 05:04 - 000000000 ____D C:\Users\Insane\AppData\Local\Packages 2019-03-15 17:32 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports 2019-03-13 17:14 - 2018-12-30 15:38 - 000000000 ____D C:\Users\Insane\AppData\Roaming\.minecraft 2019-03-12 21:30 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP 2019-03-12 20:44 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\GroupPolicy 2019-03-12 18:12 - 2018-11-22 20:20 - 000002249 _____ C:\Users\Insane\Desktop\Discord.lnk 2019-03-12 18:12 - 2018-11-22 20:20 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2019-03-12 18:12 - 2018-11-22 20:20 - 000000000 ____D C:\Users\Insane\AppData\Local\Discord 2019-03-09 20:33 - 2018-11-23 19:14 - 000000000 ____D C:\Users\Insane\AppData\Local\PlaceholderTileLogoFolder 2019-03-09 16:55 - 2018-11-22 21:19 - 000002277 _____ C:\Users\Insane\Desktop\WhatsApp.lnk 2019-03-09 16:55 - 2018-11-22 21:19 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2019-03-09 16:55 - 2018-11-22 21:18 - 000000000 ____D C:\Users\Insane\AppData\Local\WhatsApp 2019-03-09 12:29 - 2018-11-23 05:06 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2222582211-2325190247-1126929042-1001 2019-03-09 12:29 - 2018-11-23 05:06 - 000000000 ___RD C:\Users\Insane\OneDrive 2019-03-09 12:29 - 2018-11-23 05:03 - 000002377 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-03-08 04:34 - 2019-02-02 19:00 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller 2019-03-08 04:34 - 2018-11-22 20:10 - 000000000 ____D C:\ProgramData\Package Cache 2019-03-07 20:47 - 2018-12-03 20:41 - 000000000 ____D C:\Users\Insane\AppData\Local\BattlEye 2019-03-06 14:51 - 2019-02-02 14:31 - 000000000 ____D E:\Program Files (x86)\Origin 2019-02-28 22:03 - 2019-01-19 14:14 - 000000000 ____D C:\Users\Insane\AppData\Roaming\EasyAntiCheat 2019-02-28 21:49 - 2018-11-22 21:05 - 000000000 ____D C:\Users\Insane\AppData\Roaming\Azureus 2019-02-28 21:16 - 2018-11-26 20:04 - 000000000 ____D C:\Users\Insane\AppData\Local\UnrealEngine 2019-02-28 13:19 - 2018-12-28 21:43 - 000000000 ____D C:\Users\Insane\AppData\Local\Mozilla 2019-02-27 21:55 - 2019-02-06 19:23 - 000000664 _____ C:\Users\Public\Desktop\Apex Legends.lnk 2019-02-25 15:59 - 2019-01-26 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium 2019-02-25 15:58 - 2019-02-09 15:47 - 000000000 ____D C:\ProgramData\Wondershare 2019-02-25 15:58 - 2019-02-09 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2019-02-23 19:04 - 2018-11-23 04:57 - 000000000 ____D C:\Windows\system32\Drivers\wd 2019-02-23 19:03 - 2019-02-21 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX ==================== Files in the root of some directories ======= 2019-03-24 02:43 - 2019-03-24 02:43 - 000004652 _____ () C:\Users\Insane\AppData\Roaming\VoiceMeeterDefault.xml 2019-03-12 20:43 - 2019-03-12 20:43 - 000140800 _____ () C:\Users\Insane\AppData\Local\installer.dat 2018-12-25 21:47 - 2018-12-25 21:47 - 000000000 _____ () C:\Users\Insane\AppData\Local\oobelibMkey.log 2019-03-12 20:43 - 2019-03-12 20:53 - 000722944 _____ () C:\Users\Insane\AppData\Local\sha.db Some files in TEMP: ==================== 2019-03-18 00:06 - 2019-03-18 00:06 - 000125952 ____N () C:\Users\Insane\AppData\Local\Temp\HueSyncInstaller4916611726295764721.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================