Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan file


  • This topic is locked This topic is locked
12 replies to this topic

#1 lehameli

lehameli

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 04 August 2016 - 07:18 AM

I have downloaded a file and my antivirus was disabled, apparently it was a trojan, i did remove it with my antivirus but just to be safe i would like an expert help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by AlHameli (administrator) on SPEED-DEMON (04-08-2016 16:12:16)
Running from C:\Users\AlHameli\Desktop\Far
Loaded Profiles: AlHameli (Available Profiles: AlHameli)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Scarlet.Crush Productions) C:\Program Files (x86)\DS#\ScpService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Hi-Rez Studios) D:\Hirez\HiPatchService.exe
() C:\Program Files (x86)\Pingzapper\PZService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.07.00\AsusFanControlService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixBoxSvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(juvlarN) C:\Users\AlHameli\Desktop\Vibrancegui\vibrance.GUI.exe
() C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixUILauncher.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
() C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixSvc32.exe
() C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\x64\nhAsusStrixSvc64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
() C:\Program Files (x86)\PureVPN\purevpn.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [7241200 2016-07-26] (Emsisoft Ltd)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [7241200 2016-07-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-03] (Plays.tv, LLC)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [vibranceGUI] => C:\Users\AlHameli\Desktop\Vibrancegui\vibrance.GUI.exe [1072128 2015-08-27] (juvlarN)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [f.lux] => C:\Users\AlHameli\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [uTorrent] => C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-06-07] (BitTorrent Inc.)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [Discord] => C:\Users\AlHameli\AppData\Local\Discord\app-0.0.295\Discord.exe [62385336 2016-08-01] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [nhAsusStrixUILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixUILauncher.exe [463840 2016-01-20] ()
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2783232 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\RunOnce: [Uninstall C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\RunOnce: [Uninstall C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\RunOnce: [Uninstall C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\RunOnce: [Uninstall C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\RunOnce: [Uninstall C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-02-28] ()
Startup: C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GeForce Experience.lnk [2016-02-26]
ShortcutTarget: GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Startup: C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2016-04-15]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2016-04-13]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{217d6ca6-2a81-494a-9eca-e665ae0faa05}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ab57e92-13b7-4726-8336-717db855fa69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a81d9c5f-fa7e-493c-a0a3-087291602282}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a81d9c5f-fa7e-493c-a0a3-087291602282}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?pc=UE01&ocid=UE01DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-08] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-05] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-05] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-02] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-02] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (MindMup - Free Mind Map web site) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2015-09-26]
CHR Extension: (Google Sheets) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Chrome Remote Desktop) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Grammarly for Chrome) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [9331168 2016-07-26] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2016-01-12] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-09-26] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.07.00\AsusFanControlService.exe [395736 2015-11-30] (ASUSTeK Computer Inc.)
R2 AsusStrixBox; C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixBoxSvc32.exe [300032 2016-01-20] () [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2016-02-10] (Broadcom Corporation.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
S3 DAUpdaterSvc; F:\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2016-02-27] (BioWare)
R2 Ds3Service; C:\Program Files (x86)\DS#\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [237328 2016-07-29] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 HiPatchService; D:\Hirez\HiPatchService.exe [9728 2016-07-12] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [31872 2015-12-23] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-30] (Electronic Arts)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-05-16] (Power Admin LLC)
R2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-01-22] () [File not signed]
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-03] (Plays.tv, LLC)
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-03-07] ()
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-03-20] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-21] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [24792 2014-06-13] (hxxp://www.asmedia.com.tw)
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 ASUSSC200; C:\Windows\system32\DRIVERS\ASUSSC200.sys [1319424 2015-08-17] (ASUSTeK)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2016-02-10] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [115832 2016-07-21] (Emsisoft Ltd)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2015-10-24] (REALiX™)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-21] (Intel Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-09-08] (ASUSTeK Computer Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-08] (Intel Corporation)
S3 narniadriver-2; C:\symbols\narniadriver-2.sys [10752 2016-03-23] () [File not signed]
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-04-29] (Wellbia.com Co., Ltd.)
S1 gepfkxls; \??\C:\WINDOWS\system32\drivers\gepfkxls.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 15:39 - 2016-08-04 16:12 - 00000000 ____D C:\Users\AlHameli\Desktop\Far
2016-08-04 15:34 - 2016-08-04 15:34 - 00000000 ____D C:\WINDOWS\pss
2016-08-04 14:12 - 2016-08-04 15:08 - 00149264 _____ (Microsoft Corporation) C:\WINDOWS\system32\symsrv.dll
2016-08-04 14:12 - 2016-08-04 15:08 - 00000000 _____ C:\WINDOWS\system32\symsrv.yes
2016-08-04 14:11 - 2016-08-04 15:32 - 00000000 ____D C:\symbols
2016-08-04 14:05 - 2016-08-04 14:11 - 00000000 ____D C:\Users\AlHameli\Desktop\Rust
2016-08-02 22:17 - 2016-08-02 22:17 - 00262004 _____ C:\WINDOWS\Minidump\080216-16546-01.dmp
2016-08-01 21:12 - 2016-08-01 21:12 - 00407636 _____ C:\WINDOWS\Minidump\080116-18703-01.dmp
2016-07-30 20:47 - 2016-07-30 20:47 - 00000222 _____ C:\Users\AlHameli\Desktop\Portal Knights.url
2016-07-30 19:13 - 2016-07-30 19:13 - 00000000 ____D C:\Users\AlHameli\AppData\LocalLow\Blizzard Entertainment
2016-07-30 02:00 - 2016-07-30 02:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-30 02:00 - 2016-07-30 02:00 - 00000000 ____D C:\Program Files\7-Zip
2016-07-30 01:50 - 2016-07-30 01:54 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\iMazing
2016-07-30 01:50 - 2016-07-30 01:50 - 00000972 _____ C:\Users\Public\Desktop\iMazing.lnk
2016-07-30 01:50 - 2016-07-30 01:50 - 00000000 ____D C:\Users\AlHameli\AppData\Local\DigiDNA
2016-07-30 01:50 - 2016-07-30 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2016-07-30 01:50 - 2016-07-30 01:50 - 00000000 ____D C:\ProgramData\DigiDNA
2016-07-30 01:50 - 2016-07-30 01:50 - 00000000 ____D C:\Program Files\DigiDNA
2016-07-30 01:47 - 2012-04-09 16:27 - 00352144 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs3.sys
2016-07-30 01:29 - 2016-07-30 01:29 - 00000000 ____D C:\Users\AlHameli\.android
2016-07-30 01:28 - 2016-07-30 02:01 - 00000000 ____D C:\Users\AlHameli\Desktop\JB
2016-07-29 16:50 - 2016-07-29 16:50 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Victory
2016-07-29 16:42 - 2016-07-29 16:42 - 00000222 _____ C:\Users\AlHameli\Desktop\The Culling.url
2016-07-29 16:42 - 2016-07-29 16:42 - 00000222 _____ C:\Users\AlHameli\Desktop\The Culling (TEST SERVER).url
2016-07-25 04:58 - 2016-07-30 01:53 - 00000000 ____D C:\Users\AlHameli\Documents\ihelper
2016-07-25 04:58 - 2016-07-25 04:58 - 00000000 ____D C:\Users\AlHameli\Documents\teiron
2016-07-25 04:58 - 2016-07-25 04:58 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Teiron
2016-07-25 04:58 - 2016-07-25 04:58 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\ahelper
2016-07-25 04:34 - 2016-07-25 04:34 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-07-25 04:34 - 2016-07-25 04:34 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Package Cache
2016-07-24 20:30 - 2016-07-24 20:30 - 00001831 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-24 20:30 - 2016-07-24 20:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-07-24 20:30 - 2016-07-24 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-24 20:30 - 2016-07-24 20:30 - 00000000 ____D C:\Program Files\iTunes
2016-07-24 20:30 - 2016-07-24 20:30 - 00000000 ____D C:\Program Files\iPod
2016-07-24 20:30 - 2016-07-24 20:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-24 20:27 - 2016-07-24 20:27 - 00000000 ____D C:\Program Files\Bonjour
2016-07-24 20:27 - 2016-07-24 20:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-23 16:27 - 2016-08-02 08:34 - 00011264 _____ C:\Users\AlHameli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-23 16:26 - 2016-07-23 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KCP
2016-07-23 16:26 - 2016-07-23 16:26 - 00000000 ____D C:\Program Files (x86)\KCP
2016-07-23 16:22 - 2016-07-23 16:22 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\MPC-HC
2016-07-21 11:26 - 2016-07-21 11:26 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-07-17 20:18 - 2016-07-17 20:18 - 00000059 _____ C:\Users\AlHameli\Desktop\Majles Dimensions.txt
2016-07-15 14:41 - 2016-07-01 06:49 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\3QXUM3HWrjihFjYcECHO.exe
2016-07-15 14:41 - 2016-07-01 06:49 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\7UKQXhBsjbWARD2RECHO.efi
2016-07-15 14:37 - 2016-07-15 14:37 - 00000000 ____D C:\Users\AlHameli\Desktop\AA
2016-07-14 23:22 - 2016-07-14 23:22 - 00002830 _____ C:\Users\AlHameli\Unigine_Heaven_Benchmark_4.0_20160714_2322.html
2016-07-14 19:15 - 2016-07-14 19:15 - 00002830 _____ C:\Users\AlHameli\Unigine_Heaven_Benchmark_4.0_20160714_1915.html
2016-07-14 17:49 - 2016-07-14 17:49 - 00000698 _____ C:\Users\Public\Desktop\Smite.lnk
2016-07-13 20:18 - 2016-07-13 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-07-13 19:33 - 2016-07-15 23:45 - 00000000 ____D C:\Users\AlHameli\Documents\OCCT
2016-07-13 19:33 - 2016-07-13 19:33 - 00000000 ____D C:\Users\AlHameli\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2016-07-13 19:13 - 2016-07-13 19:15 - 00000000 ____D C:\Users\AlHameli\Desktop\Stress Testing
2016-07-13 19:11 - 2016-08-04 15:33 - 00003140 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-07-13 19:11 - 2016-07-13 19:11 - 00002830 _____ C:\Users\AlHameli\Unigine_Heaven_Benchmark_4.0_20160713_1911.html
2016-07-13 18:57 - 2016-07-13 18:57 - 00000000 ____D C:\Program Files\CMAK
2016-07-13 18:57 - 2016-07-13 18:57 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-07-13 18:56 - 2016-07-13 18:56 - 00001131 _____ C:\Users\AlHameli\Desktop\NVI_0_3_200_0_37500_122_91_0.lnk
2016-07-12 18:56 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\k9jnDMT1fRcqfECHOLZV.exe
2016-07-12 18:56 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwullJe1GMbrwOb2p.efi
2016-07-12 18:41 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\eRdOqfwH2JpbyO9Rj.exe
2016-07-12 18:41 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Bso4SF9giIzd82QnJ.efi
2016-07-12 18:12 - 2016-07-12 18:12 - 00012714 _____ C:\ProgramData\mptmqteo.hmi
2016-07-11 15:16 - 2016-07-11 15:16 - 00000090 _____ C:\Users\AlHameli\Desktop\Rust VOLOD Raid.txt
2016-07-11 05:54 - 2016-07-11 05:54 - 00001138 _____ C:\Users\Public\Desktop\iFunbox.lnk
2016-07-11 05:54 - 2016-07-11 05:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2016-07-11 05:54 - 2016-07-11 05:54 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2016-07-10 18:42 - 2016-07-10 18:44 - 00000000 ____D C:\Users\AlHameli\Desktop\Prime
2016-07-10 18:38 - 2016-07-10 18:38 - 01631470 _____ C:\Users\AlHameli\Desktop\SPEED-DEMON-10_07_2016_183539_08.zip
2016-07-10 18:35 - 2016-07-10 18:38 - 00000000 ____D C:\Users\AlHameli\Desktop\SFdebugFiles
2016-07-10 06:04 - 2016-07-10 06:07 - 00000000 ____D C:\Users\AlHameli\Desktop\Bluescreen view
2016-07-09 19:07 - 2016-07-09 19:07 - 00001402 _____ C:\Users\AlHameli\Desktop\Stremio.lnk
2016-07-09 19:06 - 2016-07-09 19:07 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2016-07-08 05:11 - 2016-07-08 05:11 - 00032768 _____ () C:\Users\AlHameli\Desktop\memtest.exe
2016-07-08 05:11 - 2016-05-27 10:58 - 00012929 _____ C:\Users\AlHameli\Desktop\manual.html
2016-07-06 23:18 - 2016-07-06 23:18 - 00000000 ____D C:\Users\AlHameli\AppData\Local\nhAsusStrix1.1.2
2016-07-06 23:14 - 2016-07-06 23:14 - 00001347 _____ C:\Users\Public\Desktop\STRIX RAID DLX.lnk
2016-07-06 23:14 - 2016-07-06 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STRIX RAID DLX
2016-07-06 23:14 - 2016-07-06 23:14 - 00000000 ____D C:\Program Files\ASUSTeKcomputer.Inc
2016-07-06 23:02 - 2016-07-06 23:05 - 112270536 _____ (ASUSTeKcomputer.Inc) C:\Users\AlHameli\Desktop\Strix_Setup_1.1.2.exe
2016-07-05 07:32 - 2016-07-05 07:32 - 00000222 _____ C:\Users\AlHameli\Desktop\Rust.url
2016-07-05 07:08 - 2016-07-05 07:08 - 00000000 ____D C:\Users\AlHameli\AppData\Local\CrashReportClient
2016-07-05 04:47 - 2016-07-05 04:47 - 00001181 _____ C:\Users\AlHameli\Desktop\Cheat Engine.lnk
2016-07-05 04:47 - 2016-07-05 04:47 - 00000000 ____D C:\Users\AlHameli\Documents\My Cheat Tables
2016-07-05 04:47 - 2016-07-05 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.5.1
2016-07-05 04:47 - 2016-07-05 04:47 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 16:12 - 2015-09-20 22:56 - 00000000 ____D C:\FRST
2016-08-04 16:11 - 2015-09-20 23:34 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-08-04 16:10 - 2014-12-04 14:29 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\TS3Client
2016-08-04 15:55 - 2014-07-08 07:12 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-04 15:38 - 2015-10-30 11:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-04 15:38 - 2015-08-06 15:48 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-04 15:33 - 2016-05-18 19:44 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\PlaysTV
2016-08-04 15:33 - 2014-07-28 19:23 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2016-08-04 15:32 - 2016-05-16 01:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-04 15:32 - 2015-11-17 02:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-04 15:32 - 2015-10-30 10:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-08-04 15:32 - 2015-05-23 21:27 - 00000000 ____D C:\Program Files (x86)\DS#
2016-08-04 15:32 - 2014-08-15 12:35 - 00000000 ____D C:\Users\AlHameli\AppData\Local\TSVNCache
2016-08-04 15:32 - 2014-07-08 07:12 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-04 15:31 - 2014-07-07 09:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-04 15:31 - 2014-07-07 08:58 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-04 15:26 - 2014-07-07 21:51 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Skype
2016-08-04 15:22 - 2014-07-30 19:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-04 15:05 - 2015-12-22 16:35 - 00000000 ____D C:\Users\AlHameli\AppData\Local\CrashDumps
2016-08-04 14:58 - 2016-06-27 13:31 - 00347384 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-08-04 14:58 - 2014-10-06 20:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-04 14:54 - 2014-07-07 08:37 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Packages
2016-08-04 14:24 - 2015-11-17 02:26 - 00000000 ____D C:\Users\AlHameli
2016-08-04 14:06 - 2015-10-05 21:34 - 00001214 _____ C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2016-08-04 13:44 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-04 13:39 - 2014-08-01 00:22 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A4568038-F4F6-4CA6-B94E-522DE6AA61BD}
2016-08-04 13:36 - 2016-05-21 02:41 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\discord
2016-08-04 01:22 - 2014-07-07 09:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-04 00:20 - 2014-07-07 09:01 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Battle.net
2016-08-03 21:32 - 2014-07-07 09:02 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-08-02 22:17 - 2015-11-25 20:36 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-02 16:18 - 2015-12-11 23:48 - 00000000 ____D C:\stremio-cache
2016-08-02 14:54 - 2016-01-31 15:16 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\stremio
2016-08-02 08:39 - 2015-10-30 11:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-02 08:33 - 2016-06-14 01:44 - 00002301 _____ C:\Users\AlHameli\Desktop\Discord.lnk
2016-08-02 08:33 - 2016-06-14 01:44 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Discord
2016-08-02 08:33 - 2016-05-21 02:41 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-01 21:38 - 2015-05-06 02:27 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\iFunbox_UserCache
2016-08-01 13:13 - 2016-04-02 03:31 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\qBittorrent
2016-07-30 20:47 - 2014-07-07 21:39 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-30 01:48 - 2015-03-10 20:21 - 00000000 ____D C:\Program Files (x86)\iExplorer
2016-07-29 20:19 - 2016-02-03 20:19 - 00007602 _____ C:\Users\AlHameli\AppData\Local\Resmon.ResmonCfg
2016-07-29 16:50 - 2016-06-27 13:31 - 00000000 ____D C:\Users\AlHameli\AppData\Local\UnrealEngine
2016-07-29 16:50 - 2014-07-08 21:21 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-29 16:47 - 2014-07-27 23:54 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\vlc
2016-07-29 16:43 - 2016-06-27 13:31 - 00237328 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-07-29 04:50 - 2014-07-08 07:12 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 04:50 - 2014-07-08 07:12 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 23:25 - 2015-09-20 23:37 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 00:53 - 2015-10-30 11:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-27 00:53 - 2015-05-19 16:49 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-27 00:23 - 2014-07-08 00:20 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-07-26 03:56 - 2015-12-15 16:19 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-26 02:53 - 2016-01-06 14:26 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Deployment
2016-07-24 20:34 - 2014-11-03 17:28 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Apple Computer
2016-07-24 20:30 - 2015-03-10 21:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-07-24 20:30 - 2014-11-03 17:28 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-24 20:30 - 2014-11-03 17:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-24 02:40 - 2014-07-10 00:51 - 00000000 ____D C:\Users\AlHameli\AppData\Local\ElevatedDiagnostics
2016-07-24 01:42 - 2016-06-16 23:38 - 00000774 _____ C:\Users\AlHameli\Desktop\Classes.txt
2016-07-18 18:20 - 2014-12-04 14:29 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-07-15 00:40 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\rescache
2016-07-14 23:25 - 2016-04-22 17:21 - 02988837 _____ C:\Users\AlHameli\Desktop\GPU-Z Sensor Log LAST.txt
2016-07-14 23:17 - 2014-07-30 16:13 - 01065984 _____ C:\Users\AlHameli\AppData\Local\file__0.localstorage
2016-07-14 18:36 - 2016-02-10 13:15 - 00000003 _____ C:\WINDOWS\SysWOW64\HRUPPROG.TXT
2016-07-14 17:49 - 2014-09-25 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-07-14 02:04 - 2015-10-24 16:01 - 00001168 _____ C:\Users\AlHameli\Desktop\MSI Afterburner.lnk
2016-07-13 20:18 - 2016-04-02 03:30 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-07-13 18:59 - 2014-07-10 16:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-13 18:57 - 2015-10-30 22:09 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-13 18:57 - 2015-10-30 11:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-07-13 18:53 - 2015-10-30 11:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-13 18:53 - 2014-07-07 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 18:51 - 2014-07-10 16:57 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-13 17:59 - 2014-07-09 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-13 17:58 - 2014-07-28 19:19 - 00000000 ____D C:\ProgramData\ASUS
2016-07-13 17:58 - 2014-07-07 21:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2016-07-13 04:19 - 2014-10-09 17:12 - 00000000 ____D C:\AdwCleaner
2016-07-12 20:04 - 2015-09-16 19:43 - 00000000 ____D C:\Users\AlHameli\Documents\Screenshots
2016-07-12 18:21 - 2015-11-11 19:10 - 00000000 ___RD C:\Users\AlHameli\Desktop\100EOS5D
2016-07-10 23:45 - 2016-06-07 16:39 - 00000000 ____D C:\Users\AlHameli\AppData\LocalLow\uTorrent
2016-07-10 23:44 - 2016-04-02 03:24 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\uTorrent
2016-07-08 04:48 - 2016-05-16 01:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-07 01:13 - 2014-07-29 22:34 - 00000000 __RDO C:\Users\AlHameli\OneDrive

==================== Files in the root of some directories =======

2015-01-02 13:21 - 2015-01-03 03:33 - 0000134 _____ () C:\Users\AlHameli\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2015-01-02 13:21 - 2015-01-03 02:15 - 0000443 _____ () C:\Users\AlHameli\AppData\Roaming\CSharpAnalytics-MeasurementSession
2015-03-13 02:11 - 2015-03-13 02:11 - 0000010 ____H () C:\Users\AlHameli\AppData\Roaming\iPodAccess_Time
2016-05-18 18:40 - 2016-05-18 18:44 - 0004967 _____ () C:\Users\AlHameli\AppData\Roaming\network-report-573c7ebdc5ee1.txt
2016-05-08 22:54 - 2016-05-08 22:54 - 0000038 ___SH () C:\Users\AlHameli\AppData\Local\1754111884ee9ab5277ca00.95260103
2016-07-23 16:27 - 2016-08-02 08:34 - 0011264 _____ () C:\Users\AlHameli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-30 16:13 - 2016-07-14 23:17 - 1065984 _____ () C:\Users\AlHameli\AppData\Local\file__0.localstorage
2016-02-03 20:19 - 2016-07-29 20:19 - 0007602 _____ () C:\Users\AlHameli\AppData\Local\Resmon.ResmonCfg
2015-11-17 02:26 - 2015-11-17 02:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-10 20:08 - 2016-01-10 20:08 - 0000128 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-07-12 18:12 - 2016-07-12 18:12 - 0012714 _____ () C:\ProgramData\mptmqteo.hmi

Some files in TEMP:
====================
C:\Users\AlHameli\AppData\Local\Temp\ntddk.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-25 03:22

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by AlHameli (2016-08-04 16:12:48)
Running from C:\Users\AlHameli\Desktop\Far
Windows 10 Pro Version 1511 (X64) (2015-11-16 22:32:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1896754100-3327351372-1527681635-500 - Administrator - Disabled)
AlHameli (S-1-5-21-1896754100-3327351372-1527681635-1001 - Administrator - Enabled) => C:\Users\AlHameli
DefaultAccount (S-1-5-21-1896754100-3327351372-1527681635-503 - Limited - Disabled)
Guest (S-1-5-21-1896754100-3327351372-1527681635-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1896754100-3327351372-1527681635-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {D1196F3E-3487-585D-3681-0661BD157EC3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {6A788EDA-12BD-57D3-0C31-3D13C692347E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
3DMark (HKLM-x32\...\{b7d2ce14-2f17-410d-bea7-9126b9d4bb31}) (Version: 2.0.2067.0 - Futuremark)
3DMark (Version: 2.0.2067.0 - Futuremark) Hidden
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Act of Aggression (HKLM-x32\...\Steam App 318020) (Version: - Eugen Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.30 - ASUSTeK Computer Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ask Mr. Robot Client (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\1561791272.www.askmrrobot.com) (Version: - www.askmrrobot.com)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
ASUS STRIX SOUNDCARD SERIES AUDIO DEVICE (HKLM-x32\...\{a96baa50-9f79-45a2-97db-bb2562559fee}) (Version: 1.1.2 - ASUSTeKcomputer.Inc)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.6.294 - AVG Technologies)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.4.0.10 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.31.223.1 - Broadcom Corporation)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
CheckDevicesConfigurator (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
ChkHwId (x32 Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Chronicle (HKLM-x32\...\{9DFB579D-994A-45C7-ACA9-975000304C16}) (Version: 1.1.7 - Jagex)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles)
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Curse Client (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS III (HKLM\...\Steam App 374320) (Version: - FromSoftware, Inc.)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version: - FromSoftware)
DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version: - FromSoftware, Inc)
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DOOM Open Beta (HKLM\...\Steam App 350470) (Version: - id Software)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Age Redesigned© (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Dragon Age Redesigned©) (Version: - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
f.lux (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Flux) (Version: - )
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Freestyle GunZ version 7.0 (HKLM-x32\...\{B46FB5E0-11F2-4C63-A2A5-32E30106CD0C}_is1) (Version: 7.0 - FreestylersWorld)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.81.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.99.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.81.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 6.80 - GIGABYTE)
Google Chrome (HKLM-x32\...\{A4DE5CD7-96D6-3979-8C39-E864396AFFC0}) (Version: 51.0.2704.103 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX)
IdleMaster (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
iMazing 1.5.10.0 (HKLM\...\iMazing_is1) (Version: 1.5.10.0 - DigiDNA)
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
ISO to WBFS (HKLM-x32\...\{10FD06B0-A517-4604-97C2-8D55F9D80F5F}_is1) (Version: - isotowbfs.com)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KCP-0.6.0.6 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.6.0.6 - Haruhichan.com)
LauncherSetup (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Mumble 1.2.9 (HKLM-x32\...\{49FF1E6E-E0F9-4CB3-8B3C-D4E8E1D32C1F}) (Version: 1.2.9 - Thorvald Natvig)
NahimicSettingsConfigurator (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pingzapper version 2.1.0 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.1.0 - Pingzapper)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.12.5-r114891-release - Plays.tv, LLC)
Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATTENTION
Portal Knights (HKLM\...\Steam App 374040) (Version: - Keen Games)
PP助手5.0 (HKLM-x32\...\PP助手5.0) (Version: 5.0.3.1142 - 广州爱禾网络技术有限公司)
ProductDaemonSetup (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 5.14.1 - PureVPN)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\{786ed290-9ee6-4b64-a246-93b0a81aaa79}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 3.3.5 (HKLM-x32\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
Savage Resurrection (HKLM\...\Steam App 366440) (Version: - S2 Games, LLC)
SC150 Audio Driver Package (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
SC200 Audio Driver Package (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.14.3548.1 - Hi-Rez Studios)
SonicRadarSetup (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
SoStronk (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\SoStronk) (Version: 40c3061 - Archetype Entertainment Pvt Ltd)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Stremio (HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Stremio) (Version: 3.6.2 - Smart Code Ltd.)
StrixBoxServiceSetup (Version: 1.1.2 - ASUSTeKcomputer.Inc) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Culling (HKLM\...\Steam App 437220) (Version: - Xaviant)
The Culling (TEST SERVER) (HKLM\...\Steam App 468220) (Version: - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED)
The Witness (HKLM-x32\...\Steam App 210970) (Version: - Thekla, Inc.)
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.58 - UNKNOWN)
Warcraft Logs Uploader (x32 Version: 3.58 - UNKNOWN) Hidden
Warhammer: End Times - Vermintide (HKLM-x32\...\Steam App 235540) (Version: - Fatshark)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.5300 - Broadcom Corporation)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
XTUPackage (HKLM-x32\...\{84D11A20-6E7F-4FBB-A2FB-117FCF871040}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1896754100-3327351372-1527681635-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C2DC11-6D6A-4419-A9FC-693DF3B87992} - System32\Tasks\{C4320990-E96D-4979-B383-F8A02483A82A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.80.102/en/abandoninstall?page=tsProgressBar
Task: {0C2032F0-3AFA-4B82-8123-F9DD498D17E0} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2015-11-30] (ASUSTeK Computer Inc.)
Task: {0EB55BDF-3B0B-4EA4-804E-E3DE481D0959} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {14EEF40A-B7FF-4D9B-BDA7-63A5A5A51840} - System32\Tasks\nhAsusStrixsvc64Run => C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\x64\nhAsusStrixsvc64.exe [2016-01-20] ()
Task: {30D692AC-0CBA-4AC3-B959-B1C553134817} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {388E6E19-8785-4DE6-AD15-EA28ED9C7982} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {3C6F579E-B85F-494E-BAF4-34E568BCAE33} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {5D987627-5712-44DF-9E7B-8B5B1B26D220} - System32\Tasks\cFos\Registration Tasks\Open Browser => Chrome.exe "hxxp://www.cfos.de/en-gb/traffic-shaping/calibration.htm?sw-10.12.2262&amp;days=30&amp;tsa="
Task: {6F11812F-C804-4697-8460-5B93E687E7F9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-02] (Adobe Systems Incorporated)
Task: {775FF9DE-2153-4527-9BC2-FC4694D86E39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7E4A1AAC-DD93-42F5-9FC8-D247064F7F45} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-13] (Microsoft Corporation)
Task: {BAB60632-5400-4276-A09E-ACB88AEFA77A} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {CE58B4CD-47FB-4AEE-B5AB-8B19A9924194} - System32\Tasks\nhAsusStrixsvc32Run => C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixsvc32.exe [2016-01-20] ()
Task: {D41EA05C-9731-4011-BEDD-46290C387250} - System32\Tasks\nhAsusStrixUILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixUILauncher.exe [2016-01-20] ()
Task: {DB146085-CC63-4943-ADE3-A9E7AAE28570} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F65D040B-E0BF-4243-B5A4-0184E6554200} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {FF78052D-FBAA-4B8B-8AF4-B8FD15DC5830} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoStronk\SoStronk Online.lnk -> hxxp://www.sostronk.com/

ShortcutWithArgument: C:\Users\AlHameli\Desktop\Ask Mr. Robot Client.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1561791272.www.askmrrobot.com
ShortcutWithArgument: C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Mr. Robot Client.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1561791272.www.askmrrobot.com
ShortcutWithArgument: C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 11:18 - 2015-10-30 11:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-16 01:22 - 2016-06-03 07:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-04 06:19 - 2014-12-04 06:19 - 00029184 _____ () C:\WINDOWS\System32\sst9clm.dll
2015-10-24 05:22 - 2014-09-26 17:40 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-10-24 05:22 - 2016-01-12 20:12 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-19 16:49 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-28 18:16 - 2016-01-22 17:44 - 00632320 ___SH () C:\Program Files (x86)\Pingzapper\PZService.exe
2016-01-20 05:22 - 2016-01-20 05:22 - 00300032 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixBoxSvc32.exe
2016-05-16 01:22 - 2016-06-15 00:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-13 03:44 - 2016-07-01 08:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 03:44 - 2016-07-01 08:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-18 19:53 - 2016-05-18 19:53 - 00959168 _____ () C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-27 00:53 - 2016-05-24 20:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-01-20 05:29 - 2016-01-20 05:29 - 00250848 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\x64\nhAsusStrixDevProps.dll
2016-01-20 05:29 - 2016-01-20 05:29 - 00343520 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\x64\nhAsusStrixOSD.dll
2016-04-19 16:05 - 2016-04-19 16:05 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 01:56 - 2015-12-07 08:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 03:46 - 2016-07-01 07:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-20 05:23 - 2016-01-20 05:23 - 00463840 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixUILauncher.exe
2016-07-11 05:54 - 2015-07-27 21:46 - 00592384 _____ () C:\Program Files (x86)\i-Funbox DevTeam\exifext_x64.dll
2016-07-05 15:22 - 2016-07-05 15:22 - 00313144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-20 05:23 - 2016-01-20 05:23 - 03204608 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixsvc32.exe
2016-01-20 05:32 - 2016-01-20 05:32 - 00313344 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\x64\nhAsusStrixsvc64.exe
2016-04-15 20:19 - 2016-02-06 00:22 - 09931392 _____ () C:\Program Files (x86)\PureVPN\purevpn.exe
2014-02-28 13:14 - 2016-07-18 18:20 - 00174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-08-04 17:43 - 2016-07-18 18:20 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 17:43 - 2016-07-18 18:20 - 00107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-08-04 17:46 - 2016-07-18 18:20 - 00312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 17:46 - 2016-07-18 18:20 - 00485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2016-07-13 03:44 - 2016-07-01 07:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 03:44 - 2016-07-01 07:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 03:44 - 2016-07-01 07:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 03:44 - 2016-07-01 07:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-24 05:22 - 2016-08-04 15:32 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-10-24 05:22 - 2015-06-05 15:00 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-11-25 00:48 - 2015-11-25 00:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-25 00:46 - 2015-11-25 00:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-25 00:48 - 2015-11-25 00:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-25 00:48 - 2015-11-25 00:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-25 00:43 - 2015-11-25 00:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-25 00:48 - 2015-11-25 00:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-25 00:48 - 2015-11-25 00:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-25 00:48 - 2015-11-25 00:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-25 00:43 - 2015-11-25 00:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-25 00:43 - 2015-11-25 00:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-25 00:43 - 2015-11-25 00:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-25 00:46 - 2015-11-25 00:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-25 00:48 - 2015-11-25 00:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-08 00:57 - 2015-12-08 00:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-25 00:43 - 2015-11-25 00:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-01-20 05:21 - 2016-01-20 05:21 - 00218080 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixDevProps.dll
2016-01-20 05:21 - 2016-01-20 05:21 - 00305120 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixOSD.dll
2016-02-10 14:43 - 2015-06-03 16:17 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2016-02-10 14:43 - 2015-06-03 16:17 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2016-02-10 14:44 - 2015-02-09 17:53 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll
2016-02-10 14:44 - 2015-07-23 21:38 - 00838456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2016-02-10 14:44 - 2015-11-13 06:53 - 00057344 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.21\Exeio.dll
2016-02-10 14:44 - 2015-11-13 06:53 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.21\Vender.dll
2016-02-10 14:43 - 2015-06-03 16:17 - 00663552 _____ () C:\Program Files (x86)\ASUS\AI Suite III\aaHMLib.dll
2016-02-10 14:45 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2016-02-10 14:43 - 2015-06-03 16:17 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2016-02-10 14:43 - 2015-06-03 16:17 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2016-02-10 14:45 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2016-02-10 14:45 - 2015-10-14 14:47 - 02613248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\EzULIB_UFB.dll
2016-04-19 16:05 - 2016-04-19 16:05 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 16:05 - 2016-04-19 16:05 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-16 01:22 - 2016-06-15 00:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-17 23:51 - 2016-06-15 13:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 23:51 - 2016-06-15 13:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-05-18 19:53 - 2016-05-18 19:53 - 00679624 _____ () C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-08-27 23:15 - 2016-08-04 15:32 - 00174080 _____ () C:\Users\AlHameli\AppData\Roaming\vibranceGUI\vibranceDLL.dll
2016-01-20 05:23 - 2016-01-20 05:23 - 00120320 _____ () C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\sradarlauncher.dll
2016-03-23 11:04 - 2016-03-23 11:04 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2015-11-25 00:43 - 2015-11-25 00:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
2015-11-25 00:43 - 2015-11-25 00:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
2015-10-22 00:29 - 2015-10-22 00:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
2015-10-22 00:29 - 2015-10-22 00:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
2015-11-25 00:48 - 2015-11-25 00:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
2015-11-25 00:43 - 2015-11-25 00:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
2015-10-22 00:29 - 2015-10-22 00:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
2015-10-22 00:29 - 2015-10-22 00:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
2015-10-22 00:29 - 2015-10-22 00:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
2016-08-03 00:23 - 2016-08-03 00:23 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
2015-11-25 00:47 - 2015-11-25 00:47 - 00089600 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWinExtras.pyd
2015-11-25 00:47 - 2015-11-25 00:47 - 00030208 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\simplejson._speedups.pyd
2015-11-25 00:48 - 2015-11-25 00:48 - 00024064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32pipe.pyd
2015-11-25 00:45 - 2015-11-25 00:45 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PIL._imaging.pyd
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-05 15:24 - 2016-07-05 15:24 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-18 04:53 - 2016-03-18 04:56 - 00000915 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\AlHameli\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{d80f809b-4e96-4b7d-ad49-647c21c36277}.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PnkBstrA => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\StartupApproved\Run: => "f.lux"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F03724C2-E1AE-4DBD-867F-A72D182B89A1}] => (Allow) LPort=1900
FirewallRules: [{F37DB0DA-AB0A-4DD1-9F90-B6DB24A0719A}] => (Allow) LPort=2869
FirewallRules: [{93063448-80EF-45BB-A9CC-6DACC9D2796D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E3692BCD-0B95-45E0-9E80-AB4AE311E497}] => (Allow) F:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{99BE0BD4-233B-4680-96C6-94027299A370}] => (Allow) F:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{2D24135C-051B-4483-AB9A-85FF021144C4}] => (Allow) F:\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CEFA7C45-A4DB-4F9D-9756-EA5C5C5358B7}] => (Allow) F:\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{DD3D4770-CFE1-4E3E-BFE4-9CEB2E7E84A8}] => (Allow) F:\SteamLibrary\steamapps\common\Act of Aggression\ActOfAggression.exe
FirewallRules: [{D205B63D-7989-401B-9640-06B28A3996B2}] => (Allow) F:\SteamLibrary\steamapps\common\Act of Aggression\ActOfAggression.exe
FirewallRules: [UDP Query User{9B75CE56-353E-444A-9F2F-55D3BF1A1D08}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{35EC10BB-4B87-43D8-978D-72F0FF054ACC}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{5D869298-F35F-4599-BB5F-EC13A6407289}] => (Allow) D:\SteamLibrary\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{4EC4FB15-37E3-42C3-BB12-8F0B3675C155}] => (Allow) D:\SteamLibrary\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{A5B427B3-5228-44D1-B82B-73C08DBE68AB}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0A2D3F3E-1066-416B-A643-46A6647273A9}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{837DE65B-C695-4096-83E8-0EC326739344}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{77B96EE3-E954-43E4-AF54-CC266BCC9F8B}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1B4998B6-1EF8-4642-ABCE-C72387D7296D}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{17899301-594C-418E-97A3-85A6595BCD1F}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{01665DE8-52DB-49D1-B36A-346932F6768E}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{6747E7F4-AABC-44F2-9184-ECDC033357AF}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{C8E78DED-933F-4B19-AA32-324E374C0A8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B32DD965-6542-4660-81D0-34D5090CECF1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACE08082-ADDE-4B60-9EE3-43C0568441CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{113FA73D-3C8A-4031-A53A-A94A7552C6F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2FD9B8AD-BCB7-4639-8D3C-F84C9F672CC6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C3990C0F-D966-4C17-98B6-1F226C5D0151}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{50A76FCA-2F8A-4AF2-B179-34289D08B053}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C123830D-1EB9-4677-AED9-3D46293D3E61}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{5E9BC47D-EB1D-4F50-8358-1992FC70FD6A}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{05B7F84F-B91D-4607-9012-DA423EADFCC8}] => (Allow) D:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{980EAACD-5E5F-4730-A49A-0D3A54157EAD}] => (Allow) D:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{00190D5D-7C91-4A03-B16B-E7D6BFBC15C7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6DF983C3-4B60-49B7-ABFB-07A29F2575E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{2A643189-2829-4649-AF90-34D405D298B9}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{648E7229-778E-4A06-B010-E43083CD9B4A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{324B1CB3-A0E1-4A4D-B704-6E138E7F3272}E:\hirez\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hirez\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{96C89EFA-CCF8-489A-94AF-7E3840672559}E:\hirez\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hirez\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{78B984A4-442D-4256-95A5-6CEBC6C14720}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{5C0C3E33-E0CF-4BCB-83F1-208A5ACEEA4D}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{D2187005-741D-4837-8F89-6F60083740FB}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C395B72F-02FB-471F-BC99-FA372505F9EF}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C1342AA9-2DAC-41D3-B0F5-CB692866BB50}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{10C064B9-2879-4F31-927B-96A091D763CE}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{8FFBB73E-A422-4011-AF60-F5FA2D4A1479}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{D8A3624F-3188-4E43-9509-3DF005176950}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{F76D921F-E86C-45C0-BCE9-23B5F6A1FB43}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{8AD7EB7A-C3C7-4BD1-9B5D-5383B970F538}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{DA0911C6-4BA7-4A57-815C-DE761963D212}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{525CA844-A841-48B1-924D-0013ED60637A}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{672E5FA5-19AD-4CD1-BD8D-15E1BDC1AE43}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{7C85CF33-7FEB-4ABF-84F8-174FD1BDB45E}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{A588A87E-7219-4D07-997F-6EA5D09F2073}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{6DFA2EB5-FE76-4A08-987F-F302E7F5E35E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [TCP Query User{78D3F6B1-0C32-4CBC-877C-42108A179E41}C:\program files (x86)\freestyle gunz\gunz.exe] => (Allow) C:\program files (x86)\freestyle gunz\gunz.exe
FirewallRules: [UDP Query User{AC7EFB0A-93BB-4AAE-B251-C2A403BE98C7}C:\program files (x86)\freestyle gunz\gunz.exe] => (Allow) C:\program files (x86)\freestyle gunz\gunz.exe
FirewallRules: [{0C1D55B9-2072-4129-A2EA-D3E4A46A7935}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{2F0B9143-BCF6-4C83-954E-B33BE77F1B00}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{68CD91CA-0AED-43E5-B226-8AE6DEAFAE36}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{7F2D20D5-68E2-48BF-8773-23071EBB073C}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [{607551AE-C063-42E1-A66A-AF195FF5C26E}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{DB5AEE0E-592D-467B-AA8A-FADA89946DCA}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{6E5429D1-153A-4625-8B80-8A4649ECDFF5}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3D5BFBB0-D76E-4FE6-8568-E3FED42BB8DF}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{5A87FC48-2595-4E5F-8EC2-E31F8057E808}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{59DF18A0-80C6-4571-AAC6-7C0D649A2FC7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A7994CAD-B2B1-4496-A74A-E3EF5D48060B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{86B8E488-92E2-4FE1-BEAF-5C36D20A0111}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{49508831-EC2E-491A-BDF0-83C6F45138E2}] => (Allow) F:\Origin Games\BFH\bfh.exe
FirewallRules: [{04C3E97E-9236-4B3D-9DD2-B5D7F1B1EFD9}] => (Allow) F:\Origin Games\BFH\bfh.exe
FirewallRules: [{233D931D-42B1-4A75-8A64-E69D91B25EB3}] => (Allow) C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{E495F477-BA0D-4F98-AC34-A64F4641FF19}] => (Allow) E:\SteamLibrary\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{F48DF2BF-59A2-4166-B5D0-8AC38B6E66ED}] => (Allow) E:\SteamLibrary\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{6B67D8F9-5D30-4730-A0B7-ED070C0186B2}] => (Allow) D:\Origin\Battlefield 4\bf4_x86.exe
FirewallRules: [{7AAEADA3-5276-42F7-AFDA-4B833C261EDD}] => (Allow) D:\Origin\Battlefield 4\bf4_x86.exe
FirewallRules: [{CC2ED789-5010-49B6-BF92-58398E862932}] => (Allow) D:\Origin\Battlefield 4\bf4.exe
FirewallRules: [{6F943CB1-B5E9-44FD-88CF-283B5DC31A60}] => (Allow) D:\Origin\Battlefield 4\bf4.exe
FirewallRules: [{700630F9-E67C-4D5D-8A63-96787A136451}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{F813832E-B486-4D17-8C80-3FDDE5AD6B6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{CD61BC85-CE40-4992-A811-1AB4E1948429}] => (Allow) F:\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{18A4EC8A-13B8-49A4-80F7-9740BE4BECCC}] => (Allow) F:\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{583C9BB4-628E-408F-90CF-85E92A0E1278}] => (Allow) F:\Final\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{02477E3D-E9A2-48D8-AA1C-5C9321F413EF}] => (Allow) F:\Final\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{205BD323-176F-47D2-9537-891BF3E0F647}] => (Allow) F:\Final\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{455FAC35-EAB7-4DFA-93C7-721A49C2F26D}] => (Allow) F:\Final\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{81DC4742-BF74-440D-9D26-B588D8A5FC11}C:\users\alhameli\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\alhameli\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{647038B8-DB0A-44AE-9666-A9B93CCA333A}C:\users\alhameli\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\alhameli\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{53F6ACE4-874E-4719-AD68-EA30A25EB71F}C:\users\alhameli\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\alhameli\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{44EF1698-218C-413B-993C-8A92516B3386}C:\users\alhameli\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\alhameli\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [TCP Query User{16D90EEF-3594-4E6B-9D2F-0FA2962744ED}C:\users\alhameli\appdata\local\popcorn time community\nw.exe] => (Allow) C:\users\alhameli\appdata\local\popcorn time community\nw.exe
FirewallRules: [UDP Query User{CD76D745-4378-446F-B4E2-CCC7C264D0DF}C:\users\alhameli\appdata\local\popcorn time community\nw.exe] => (Allow) C:\users\alhameli\appdata\local\popcorn time community\nw.exe
FirewallRules: [{56E7EC2D-F6D6-42BE-A6FD-8E6A87DD0F09}] => (Allow) F:\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{70BAF348-175E-405B-87CD-ABA1645FDA93}] => (Allow) F:\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{6808BA6C-3A94-4D18-AA7E-5F573FBF17CB}] => (Allow) F:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61C437D3-C6E8-4452-8ADB-B82F6A42EDFD}] => (Allow) F:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B2B1E604-E16A-4F67-9B21-A96452092613}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{8D45B484-3BDC-4DEF-AF94-D89823C2A3A8}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{37F9F5BD-6067-4327-A8C7-8EAAD499F8F2}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{87EBA99F-9AFD-41ED-B2F8-37790BD5A2F3}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{96BB3890-170D-4D12-BC09-954AA7D08ECA}] => (Allow) D:\Origin\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{19E2A97F-0160-4BBB-8295-A3117383935F}] => (Allow) D:\Origin\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{EABFE257-49EC-4D11-B05D-EB3BBB305C4D}] => (Allow) D:\Origin\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{A6C7C509-66E1-4A01-B994-81324F39D862}] => (Allow) D:\Origin\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{94E8284B-DD9B-41A4-8A01-8384FCC76829}] => (Allow) F:\SteamLibrary\steamapps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
FirewallRules: [{BFC61961-5A4A-44B3-AC65-F0F6C4CBA268}] => (Allow) F:\SteamLibrary\steamapps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
FirewallRules: [{09DAA9A5-5232-46E0-8C98-5523E5E82994}] => (Allow) F:\Origin Games\BFH\BFHWebHelper.exe
FirewallRules: [{B7EED5B0-858C-4F9A-AA58-A61718B1D204}] => (Allow) F:\Origin Games\BFH\BFHWebHelper.exe
FirewallRules: [TCP Query User{EC6C14E9-0D0B-4495-9ECB-3A253A4122E8}F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{0A9D2FD2-60D9-4073-8E0D-8A2FC0B2F417}F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{964689CC-8A7A-477A-ADC7-163D85F6028B}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{DF22580C-B37F-445E-A7B1-B3109BD679EA}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{9A389FFA-F64F-4855-B158-EBD51FC96CD0}] => (Allow) F:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{A2E90CE2-4C18-4D57-AA9F-7826FC4CB4ED}] => (Allow) F:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{A5CE6893-C75B-47F7-BCCC-20D85991C4FF}] => (Allow) F:\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{2B82814F-5A90-4A7C-8B1A-A3E43081CE60}] => (Allow) F:\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{0EF33822-0EDB-468F-B668-D80AA2164F5A}] => (Allow) F:\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{8051C98B-6882-4712-9024-489F1890795E}] => (Allow) F:\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{5A0878B0-D688-428F-B93A-BEB63EDEBEA0}] => (Allow) F:\SteamLibrary\steamapps\common\Act of Aggression\ActOfAggressionRE.exe
FirewallRules: [{DB761844-1019-4707-BB86-529EE6B2A121}] => (Allow) F:\SteamLibrary\steamapps\common\Act of Aggression\ActOfAggressionRE.exe
FirewallRules: [{D397E6A5-1E79-4631-99D4-DBF37C455585}] => (Allow) F:\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{0A388F0D-382C-41D0-98F4-D346F031A625}] => (Allow) F:\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{BF60D992-3A60-4AF1-AD0E-780A7E435352}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{23A82FC8-3C1E-49E8-8778-03CCE85D6B73}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C76061B7-3C7D-43B8-B16A-79010E7904F1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6649BDE-56F4-4EAD-A95D-2C6EDA37C7A3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E64389A8-757F-4E4C-ACCC-92701B58EC35}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{619DF94A-BB29-4144-839A-5DFA53BC93EC}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC360047-706A-40B4-B22A-6DE5009ED376}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{738A502C-C4CB-41C4-9424-E403636C1B76}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D05A9CC-7892-4930-8DCA-C349FB178833}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5BE78A4F-5991-4981-AE7D-4842FF4D2F84}] => (Allow) C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F545E10D-1D92-4721-836E-20D68BCD7B52}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{7094BB81-DDCC-483C-9303-73C57F747515}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{7ED8B0F9-FAC2-4F8B-A926-CFE7B56E5DB3}F:\steamlibrary\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) F:\steamlibrary\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{7544CE3D-C7BA-4F61-B317-EF111B2C443C}F:\steamlibrary\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) F:\steamlibrary\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{47B9A11E-E8BD-4070-A064-DF504E35B0DC}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{DFE0213E-5C5B-4086-B830-9AD03DD95E60}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{EA175E20-F63F-4AAD-8E08-49AAA57D524B}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3D87043F-C1EA-4018-B970-D37812B1273A}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{97915A86-4C87-4771-947F-FE173925CF5B}] => (Allow) F:\SteamLibrary\steamapps\common\DOOM Open Beta\DOOMx64.exe
FirewallRules: [{9A304EA2-670A-4F93-9D49-F412A2800086}] => (Allow) F:\SteamLibrary\steamapps\common\DOOM Open Beta\DOOMx64.exe
FirewallRules: [{69A40698-EF23-4AA4-A4EB-E8549041EDF4}] => (Allow) C:\Users\AlHameli\Downloads\bin\BlackDesert32.exe
FirewallRules: [{6F1D4330-F441-4946-8A79-4A265553FDDB}] => (Allow) C:\Users\AlHameli\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{2A9B2DD4-F2CD-48AC-9311-3C36A3A71F16}] => (Allow) C:\Users\AlHameli\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{28653A28-326A-4CAF-88A7-9F85D6A1C0D9}] => (Allow) C:\Users\AlHameli\Downloads\BlackDesert_Downloader.exe
FirewallRules: [TCP Query User{80A0D28F-5A6E-496E-B459-E93B74B1573B}D:\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D372B87F-73FE-4832-8098-619335B8604D}D:\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3F9B56A6-A4CF-4E23-89B9-593ECF6F41A2}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{07E9245C-D00E-45A3-820B-52E1F8FC26FF}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{964E420E-A94D-49F3-A8F2-96FDD67ADE12}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{0AE9D4D5-CDC0-4131-B9E3-C76BD28006C1}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{37DD052D-E4AE-4332-AA60-FECB2BFD83F5}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{68FC2442-0197-4550-96D3-095B116BDED7}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{26DB2377-B70E-4042-85E6-5D2D1EDBA1A5}] => (Allow) F:\Origin Games\BFH\BFHWebHelper.exe
FirewallRules: [{989DD495-98C5-4E07-909D-1AAE043E353E}] => (Allow) F:\Origin Games\BFH\BFHWebHelper.exe
FirewallRules: [{5492DEE6-4BDA-47A8-8785-C7F1878C61A6}] => (Allow) C:\Users\AlHameli\AppData\Roaming\RIOTGames\rgDownload\rgDownload.exe
FirewallRules: [{9C16845D-DDF0-4F3F-9E66-258CA2A6C557}] => (Allow) C:\Users\AlHameli\AppData\Roaming\RIOTGames\rgDownload\rgDownload.exe
FirewallRules: [{AF097997-8901-4AC2-B439-50D7E7FE670C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{44E479D1-9772-4537-80EB-082EC4D9FD8A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F97012D4-8C3D-4614-B8F8-426C30CF4CAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F14EE037-41AB-4E95-9BFB-4D6490BAFA91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{85FB7D67-FC15-4948-94B2-C430CB7F5CD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{34D5E961-CCDA-4C26-BC39-C0FD27D45A93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA63B53F-2410-48C4-930C-9A0A93CECA59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E1D6CBD9-5A0C-43DE-9306-5D906E7C03FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{68FB3B63-1993-451F-BFCA-484F3ECDFCE5}] => (Allow) F:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{C78096B6-F6C4-4C83-9905-48B8EF4BB9C7}] => (Allow) F:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{29F4A6A6-54E7-47B3-8247-0E603E7DE87E}F:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{7825B198-5609-4D02-91B2-41F67F7B70F4}F:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{5E0AB5A0-D435-430E-9987-AA839CE91D15}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{F6498B70-03F5-4CD5-808C-E5B2E95176DA}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{635B40F5-1865-4001-8DE6-892B746555EA}F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{162BA584-A995-454A-9169-92A0DEFBE084}F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{A4EA07D7-CF58-44B3-9A2C-D26E49C5436B}] => (Allow) F:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{24DCC54E-A532-434A-93F3-75F1C428C0BE}] => (Allow) F:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [TCP Query User{36AB7CEC-A181-4C3E-AB3D-C0F31D5BBC18}F:\downloads\feribspumpkintoolv6.2.4.94.exe] => (Allow) F:\downloads\feribspumpkintoolv6.2.4.94.exe
FirewallRules: [UDP Query User{AC0DE500-3A3A-4995-9438-C9B8B14E230B}F:\downloads\feribspumpkintoolv6.2.4.94.exe] => (Allow) F:\downloads\feribspumpkintoolv6.2.4.94.exe
FirewallRules: [TCP Query User{B6DE224A-302B-4A2C-A18A-C752FD4F3A99}F:\downloads\ferib's pumpkin tool v6.2.4.993.exe] => (Allow) F:\downloads\ferib's pumpkin tool v6.2.4.993.exe
FirewallRules: [UDP Query User{74FA1758-05C1-43F2-B974-28E1C3E57412}F:\downloads\ferib's pumpkin tool v6.2.4.993.exe] => (Allow) F:\downloads\ferib's pumpkin tool v6.2.4.993.exe
FirewallRules: [TCP Query User{CBB314C0-5B00-456B-98F6-3BCB2BF981A1}C:\users\alhameli\desktop\feribspumpkintoolv6.2.4.94.exe] => (Allow) C:\users\alhameli\desktop\feribspumpkintoolv6.2.4.94.exe
FirewallRules: [UDP Query User{5A7156E1-5B6A-4F08-9419-80A5565AB689}C:\users\alhameli\desktop\feribspumpkintoolv6.2.4.94.exe] => (Allow) C:\users\alhameli\desktop\feribspumpkintoolv6.2.4.94.exe
FirewallRules: [TCP Query User{0994CBE5-AF1F-4E9F-829B-698C7C061805}C:\users\alhameli\desktop\ferib's pumpkin tool v6.2.4.993.exe] => (Allow) C:\users\alhameli\desktop\ferib's pumpkin tool v6.2.4.993.exe
FirewallRules: [UDP Query User{5B17D042-E381-400A-A5FD-EE8DB0220A62}C:\users\alhameli\desktop\ferib's pumpkin tool v6.2.4.993.exe] => (Allow) C:\users\alhameli\desktop\ferib's pumpkin tool v6.2.4.993.exe
FirewallRules: [{6C9E699A-EA57-4AAE-B013-A06D49D10B5D}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FC179EA0-DE3D-4DBB-BDAA-1FA5AFFDDD8D}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5EBA4642-B28E-4A7B-A916-8DE46E79ECF2}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{49345575-C830-4FCF-83E7-09D5FEFEF41D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{A7DF5DC3-74B9-4BD8-9940-91B651F3531F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{2977F722-9836-46D7-BDC6-39BBBEB74657}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{CFE61019-6219-47A6-B690-1914CEB81791}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{E5E40A61-9A79-49F0-AD50-DB5ADC8560A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1D818BD-90E1-48F1-A16B-994A913CF808}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1D1EDEFF-4ECF-4B86-A063-E6D80041A635}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3C11F7C-A357-4383-8CC0-D96F43F679C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{96BBE208-B75E-481B-BF66-522395783DFE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A0D7D5D2-8AA1-4ABE-A8FE-09A187619880}C:\program files (x86)\pp助手5.0\pphelper5.exe] => (Allow) C:\program files (x86)\pp助手5.0\pphelper5.exe
FirewallRules: [UDP Query User{B8348F1C-8911-4491-B2DB-F064B3260A6C}C:\program files (x86)\pp助手5.0\pphelper5.exe] => (Allow) C:\program files (x86)\pp助手5.0\pphelper5.exe
FirewallRules: [TCP Query User{18487CF2-CF6D-4CFF-A03F-8987B2F1FD8A}C:\program files (x86)\pp助手5.0\adevicehelpermon.exe] => (Allow) C:\program files (x86)\pp助手5.0\adevicehelpermon.exe
FirewallRules: [UDP Query User{DECDA827-F124-4D04-B35F-E79153D6CB13}C:\program files (x86)\pp助手5.0\adevicehelpermon.exe] => (Allow) C:\program files (x86)\pp助手5.0\adevicehelpermon.exe
FirewallRules: [{2AC7200E-C6CA-46C0-B94E-7317F3E4577B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A7B192C9-A26F-41E3-A172-E13E6B559E22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A87E5CAE-67D5-4CA0-B36F-8FEB09FF5896}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80032D9F-3066-4358-9494-02B4DBF4ECFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DA35C47F-306F-4A84-9FC8-947EA5EB8C99}] => (Allow) F:\SteamLibrary\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{2D1247D0-E183-4304-A4EF-8DDEEA89C71B}] => (Allow) F:\SteamLibrary\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [TCP Query User{B211EAFF-369B-44D5-B14F-019F176498DF}F:\steamlibrary\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) F:\steamlibrary\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{89B9EBDA-4E13-4D55-82BA-1D21ED8CB4B8}F:\steamlibrary\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) F:\steamlibrary\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{112F5ED2-2DCD-4EA7-B9BF-0A327DBC52E6}] => (Allow) F:\SteamLibrary\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{BEB07A6A-1C5D-4E84-B899-A8050D2A44A0}] => (Allow) F:\SteamLibrary\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{28C5CA5E-7EF2-4384-9CEA-FE344C2581AD}] => (Allow) F:\SteamLibrary\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [{E610BF1C-BA44-4BEB-80B6-94D43663FB3F}] => (Allow) F:\SteamLibrary\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [{508F77FB-2C58-41A2-96B8-E837D82D10F8}] => (Allow) F:\SteamLibrary\steamapps\common\Portal Knights\portal_knights_x64.exe
FirewallRules: [{E10B8B21-7F22-4BEE-94E4-EBD5A59939D1}] => (Allow) F:\SteamLibrary\steamapps\common\Portal Knights\portal_knights_x64.exe
FirewallRules: [{CA8D50DF-478E-4348-A77D-9FBD69E07B92}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1689E345-D2FC-4C5D-8A3D-EDAB50A5E7E8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

==================== Restore Points =========================

30-07-2016 20:28:28 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (08/04/2016 03:34:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (08/04/2016 03:35:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (08/04/2016 03:31:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4a34c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/04/2016 03:31:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4a34c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/04/2016 03:31:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4a34c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/04/2016 03:31:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4a34c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/04/2016 03:31:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/04/2016 02:56:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/04/2016 02:56:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/04/2016 02:38:17 PM) (Source: DCOM) (EventID: 10016) (User: SPEED-DEMON)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SPEED-DEMONAlHameliS-1-5-21-1896754100-3327351372-1527681635-1001LocalHost (Using LRPC)UnavailableS-1-15-2-3071495536-3820304972-3098050719-2577197995-2386594837-3248725673-3584707603

Error: (08/04/2016 02:31:25 PM) (Source: DCOM) (EventID: 10016) (User: SPEED-DEMON)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SPEED-DEMONAlHameliS-1-5-21-1896754100-3327351372-1527681635-1001LocalHost (Using LRPC)UnavailableS-1-15-2-3071495536-3820304972-3098050719-2577197995-2386594837-3248725673-3584707603


CodeIntegrity:
===================================
Date: 2016-08-04 15:08:18.524
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2016-08-04 14:38:13.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-04 14:38:13.804
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-04 14:38:13.791
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-04 14:38:09.669
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2016-08-04 14:33:42.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-04 14:27:43.297
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2016-08-04 14:27:38.212
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-04 14:26:56.275
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\symbols\narniadriver-2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-04 14:26:28.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16318.83 MB
Available physical RAM: 12024.41 MB
Total Virtual: 18750.83 MB
Available Virtual: 13205.52 MB

==================== Drives ================================

Drive c: (Intel 530) (Fixed) (Total:222.18 GB) (Free:6.18 GB) NTFS
Drive d: (Seagate HDD) (Fixed) (Total:931.39 GB) (Free:277.7 GB) NTFS
Drive e: (Samsung EVO) (Fixed) (Total:111.66 GB) (Free:30.62 GB) NTFS
Drive f: (SSHD) (Fixed) (Total:931.51 GB) (Free:22.03 GB) NTFS
Drive i: (MULTIBOOT) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7E6ACA62)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 4 (Size: 3.7 GB) (Disk ID: B0BCD68E)
No partition Table on disk 4.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 08 August 2016 - 08:35 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:19 AM

Posted 08 August 2016 - 08:37 AM

Greetings lehameli and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:19 AM

Posted 08 August 2016 - 09:06 AM

Thank you for your patience. Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
S1 gepfkxls; \??\C:\WINDOWS\system32\drivers\gepfkxls.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
2016-07-15 14:41 - 2016-07-01 06:49 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\3QXUM3HWrjihFjYcECHO.exe
2016-07-15 14:41 - 2016-07-01 06:49 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\7UKQXhBsjbWARD2RECHO.efi
2016-07-12 18:56 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\k9jnDMT1fRcqfECHOLZV.exe
2016-07-12 18:56 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwullJe1GMbrwOb2p.efi
2016-07-12 18:41 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\eRdOqfwH2JpbyO9Rj.exe
2016-07-12 18:41 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Bso4SF9giIzd82QnJ.efi
2016-07-12 18:12 - 2016-07-12 18:12 - 00012714 _____ C:\ProgramData\mptmqteo.hmi
2016-05-08 22:54 - 2016-05-08 22:54 - 0000038 ___SH () C:\Users\AlHameli\AppData\Local\1754111884ee9ab5277ca00.95260103
2016-07-12 18:12 - 2016-07-12 18:12 - 0012714 _____ () C:\ProgramData\mptmqteo.hmi
File: C:\Users\AlHameli\AppData\Local\Temp\ntddk.dll
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 lehameli

lehameli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 August 2016 - 09:11 AM

Hello Garry, you can call me Abdulla, i will post the logs soon.


Edited by lehameli, 08 August 2016 - 09:15 AM.


#5 lehameli

lehameli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 August 2016 - 09:27 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by AlHameli (2016-08-08 18:16:51) Run:2
Running from C:\Users\AlHameli\Desktop\Far
Loaded Profiles: AlHameli (Available Profiles: AlHameli)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
S1 gepfkxls; \??\C:\WINDOWS\system32\drivers\gepfkxls.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
2016-07-15 14:41 - 2016-07-01 06:49 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\3QXUM3HWrjihFjYcECHO.exe
2016-07-15 14:41 - 2016-07-01 06:49 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\7UKQXhBsjbWARD2RECHO.efi
2016-07-12 18:56 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\k9jnDMT1fRcqfECHOLZV.exe
2016-07-12 18:56 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwullJe1GMbrwOb2p.efi
2016-07-12 18:41 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\eRdOqfwH2JpbyO9Rj.exe
2016-07-12 18:41 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Bso4SF9giIzd82QnJ.efi
2016-07-12 18:12 - 2016-07-12 18:12 - 00012714 _____ C:\ProgramData\mptmqteo.hmi
2016-05-08 22:54 - 2016-05-08 22:54 - 0000038 ___SH () C:\Users\AlHameli\AppData\Local\1754111884ee9ab5277ca00.95260103
2016-07-12 18:12 - 2016-07-12 18:12 - 0012714 _____ () C:\ProgramData\mptmqteo.hmi
File: C:\Users\AlHameli\AppData\Local\Temp\ntddk.dll
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
gepfkxls => service removed successfully
IntcAzAudAddService => service removed successfully
C:\WINDOWS\system32\3QXUM3HWrjihFjYcECHO.exe => moved successfully
C:\WINDOWS\system32\7UKQXhBsjbWARD2RECHO.efi => moved successfully
C:\WINDOWS\system32\k9jnDMT1fRcqfECHOLZV.exe => moved successfully
C:\WINDOWS\system32\FwullJe1GMbrwOb2p.efi => moved successfully
C:\WINDOWS\system32\eRdOqfwH2JpbyO9Rj.exe => moved successfully
C:\WINDOWS\system32\Bso4SF9giIzd82QnJ.efi => moved successfully
C:\ProgramData\mptmqteo.hmi => moved successfully
C:\Users\AlHameli\AppData\Local\1754111884ee9ab5277ca00.95260103 => moved successfully
"C:\ProgramData\mptmqteo.hmi" => not found.
 
========================= File: C:\Users\AlHameli\AppData\Local\Temp\ntddk.dll ========================
 
"C:\Users\AlHameli\AppData\Local\Temp\ntddk.dll" => not found.
====== End of File: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 18:17:03 ====
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Dear Garry, can you briefly explain what exactly farbar does, i would like to learn more about it so i fix the issue on my own next time  :thumbup2:

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:19 AM

Posted 08 August 2016 - 09:49 AM

Greetings Abdullah.

Farbar Recovery Scan Tool scans identified parts of the computer system, reports some legitimate, normal entries, and it also flags some other entries for further research. In addition, it provides some information that may not be flagged but needs to be identified by a trained eye to do further research. The report is good information but you need to understand what you are looking at. Only then can you safely use FRST capabilities to help clean your computer.

How is your computer running? Are you experiencing any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 lehameli

lehameli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 August 2016 - 10:34 AM

Greetings Abdullah.

Farbar Recovery Scan Tool scans identified parts of the computer system, reports some legitimate, normal entries, and it also flags some other entries for further research. In addition, it provides some information that may not be flagged but needs to be identified by a trained eye to do further research. The report is good information but you need to understand what you are looking at. Only then can you safely use FRST capabilities to help clean your computer.

How is your computer running? Are you experiencing any issues?

So far there are no issues at all, i started this thread just to be safe, thanks for your help Garry appreciate it!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:19 AM

Posted 08 August 2016 - 10:44 AM

You are quite welcome. Let's run these.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 lehameli

lehameli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 August 2016 - 02:32 PM

=================================================

C:\Program Files (x86)\Cheat Engine 6.5.1\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting
C:\Users\AlHameli\Documents\Downloads\9G8G65DaXe.zip a variant of Win32/Packed.Themida suspicious application deleted
F:\Downloads\CheatEngine651.exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted
F:\Downloads\Rusthack (1).rar a variant of Win32/Packed.VMProtect.ABO trojan deleted
F:\Downloads\Rusthack (2).rar a variant of Win32/Packed.VMProtect.ABO trojan deleted
F:\Downloads\Rusthack.rar a variant of Win32/Packed.VMProtect.ABO trojan deleted
 
=======================================================================================================
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Emsisoft Anti-Malware   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Call of Duty: Ghosts - Multiplayer 
 AVG Web TuneUp   
 Java 7 Update 60  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 19.0.0.185 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome (51.0.2704.103) 
 Google Chrome (51.0.2704.84) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
 Emsisoft Anti-Malware a2guard.exe   
 EMSISOFT ANTI-MALWARE a2start.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:19 AM

Posted 08 August 2016 - 03:09 PM

Greetings,

Things look good except for Adobe Flash Player which needs to be updated. Please do this.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click the Desktop icon
  • Select either Allow Adobe to install updates (recommended) or Notify me to install updates then click Next
  • When completed click Finish
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Flash Player update properly?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 lehameli

lehameli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 August 2016 - 03:49 PM

I  have finished,

 

Yes it did update properly and i have no remaining issues,

 

thank you



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:19 AM

Posted 08 August 2016 - 05:52 PM

Excellent Abdullah.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:19 AM

Posted 09 August 2016 - 08:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users