Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wpad.browsersecurity.info


  • This topic is locked This topic is locked
49 replies to this topic

#1 Ztnerg

Ztnerg

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 10 August 2016 - 09:12 PM

Attached File  Addition.txt   66.74KB   5 downloads     Found a chrome extension Dealz. Attempted to uninstall. Fail due to being locked. unable to remove to delete extension. Malware bytes found and removed some things. along with ADWcleaner. Currently I went to google sync and logged in. Stoped and cleared syncing for this PC. Uninstalled chrome and reinstalled it.

When I open chrome I get wpad.browsersecurity.info. See image link. http://i.imgur.com/VjwqnDe.png

When full scan is done. Malwarebytes no longer detects anything. Windows defender, nothing. ADWcleaner, nothing.

 

Much appreciated effort. Thanks.

 

-TOM

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 PM

Posted 15 August 2016 - 08:16 AM

Greetings Tom and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 15 August 2016 - 05:06 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Ztnerg (administrator) on THE_BIG_BOX (15-08-2016 17:57:35)
Running from D:\Desktop
Loaded Profiles: Ztnerg &  (Available Profiles: Ztnerg)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) D:\Programs (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Programs (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Malwarebytes) D:\Programs (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
(Hammer & Chisel, Inc.) C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
() D:\Programs\Rainmeter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hammer & Chisel, Inc.) C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\Discord.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(NVIDIA Corporation) C:\Users\Ztnerg\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-06] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCui.exe [1332224 2016-06-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-09-17] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-09-17] (Saitek)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-03-20] (Intel Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2066432 2014-10-31] (AimerSoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2852128 2016-08-02] (Valve Corporation)
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [86904 2016-06-14] ()
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\...\Run: [Discord] => C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\Discord.exe [62385336 2016-08-01] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2852128 2016-08-02] (Valve Corporation)
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [86904 2016-06-14] ()
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Discord] => C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\Discord.exe [62385336 2016-08-01] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
Startup: C:\Users\Ztnerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-10-09]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ztnerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-07-09]
ShortcutTarget: Rainmeter.lnk -> D:\Programs\Rainmeter.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6ad699de-85c3-4014-a59f-594e1650547c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
ManualProxies:
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO-x32: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programs (x86)\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-10]
CHR Extension: (Google Drive) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-10]
CHR Extension: (YouTube) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-10]
CHR Extension: (Google Sheets) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-10]
CHR Extension: (Google Docs Offline) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-10]
CHR Extension: (Gmail) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-10]
CHR Extension: (Chrome Media Router) - C:\Users\Ztnerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-10]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-10-09] (Adobe Systems) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1392648 2016-07-08] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-21] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 MBAMScheduler; D:\Programs (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Programs (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-08] ()
R3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-07-21] (Echobit, LLC)
R3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
S3 lgLowAudio; C:\Windows\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-03-16] (Intel Corporation)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2015-12-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
S3 SaiH0BAC; C:\Windows\system32\DRIVERS\SaiH0BAC.sys [176128 2015-07-21] (Saitek)
S3 SaiK075C; C:\Windows\System32\drivers\SaiK075C.sys [181920 2016-02-02] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [23968 2015-09-18] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [51616 2016-02-02] (Saitek)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2015-01-06] (Splashtop Inc.)
R3 USBIPEnum; C:\Windows\System32\drivers\USBIPEnum.sys [52296 2011-06-04] (Windows ® Win 7 DDK provider)
R3 vhhcd; C:\Windows\System32\drivers\vhhcd.sys [20808 2016-01-05] (VirtualHere Pty. Ltd.)
R3 vhhub; C:\Windows\System32\drivers\vhhub.sys [64328 2016-01-05] (VirtualHere Pty. Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-06] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-10 22:42 - 2016-08-10 22:42 - 00090420 _____ C:\TDSSKiller.3.1.0.11_10.08.2016_22.42.05_log.txt
2016-08-10 22:41 - 2016-08-10 22:41 - 00090420 _____ C:\TDSSKiller.3.1.0.11_10.08.2016_22.41.06_log.txt
2016-08-10 21:54 - 2016-08-10 21:54 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-10 21:53 - 2016-08-15 17:57 - 00000000 ____D C:\FRST
2016-08-10 20:31 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 20:31 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 20:31 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 20:31 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 20:31 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 20:31 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 20:31 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 20:31 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 20:31 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 20:31 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 20:31 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 20:31 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 20:31 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 20:31 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 20:31 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 20:31 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 20:31 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 20:31 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 20:31 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 20:31 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 20:31 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 20:31 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 20:31 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 20:31 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 20:31 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 20:31 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 20:31 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 20:31 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 20:31 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 20:31 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 20:31 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 20:31 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 20:31 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 20:31 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 20:31 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 20:31 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 20:31 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 20:31 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 20:31 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 20:31 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 20:31 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 20:31 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 20:31 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 20:31 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 20:31 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 20:31 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 20:31 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 20:31 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 20:31 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 20:31 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 20:31 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 20:31 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 20:31 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 20:31 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 20:31 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 20:31 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 20:31 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 20:31 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 20:31 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 20:31 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 20:31 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 20:31 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 20:31 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 20:31 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 20:31 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 20:31 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-10 20:31 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 20:31 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-10 20:31 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 20:31 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 20:31 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 20:31 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 20:31 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 20:31 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 20:31 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 20:31 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 20:31 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 20:31 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 20:31 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 20:31 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 20:31 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 20:31 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 20:31 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 20:31 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 20:31 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 20:31 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 20:31 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 20:31 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 20:31 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 20:31 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 20:31 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 20:31 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 20:31 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 20:31 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 20:31 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 20:31 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 20:31 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 20:31 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 20:31 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 20:31 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 20:31 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 20:31 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 20:31 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 20:31 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 20:31 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 20:31 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 20:31 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 20:31 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 20:31 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 20:31 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 20:31 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 20:31 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 20:31 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 20:31 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 20:31 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 20:31 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 20:31 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 20:31 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 20:31 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 20:31 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 20:31 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 20:31 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 20:31 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 20:31 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 20:31 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 20:31 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 20:31 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 20:31 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 20:31 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 20:31 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 20:31 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 20:31 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 20:31 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 20:31 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-08 22:54 - 2016-08-08 22:54 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-08-08 22:51 - 2016-08-08 22:56 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-08 21:14 - 2016-08-10 21:39 - 00000000 ____D C:\AdwCleaner
2016-08-08 20:39 - 2016-08-08 20:39 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-08-08 20:39 - 2016-08-08 20:39 - 00000000 _____ C:\autoexec.bat
2016-08-08 20:13 - 2016-08-15 17:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-08 20:12 - 2016-08-08 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-08 20:12 - 2016-08-08 20:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-08 20:12 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-08 20:12 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-08 20:12 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-15 17:56 - 2015-11-22 20:39 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{359C4A1F-10D2-4BD1-9C37-C4AA07452C6D}
2016-08-15 17:56 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-15 17:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-10 23:02 - 2016-02-02 21:52 - 00000000 ____D C:\Users\Ztnerg\AppData\Local\CrashDumps
2016-08-10 22:59 - 2015-01-18 00:26 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-10 22:12 - 2015-05-15 17:32 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f56a106ce9c.job
2016-08-10 22:12 - 2015-01-18 00:22 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-10 21:54 - 2015-01-18 00:22 - 00000000 ____D C:\Users\Ztnerg\AppData\Local\Google
2016-08-10 21:54 - 2015-01-18 00:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-10 21:38 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-10 21:38 - 2015-04-30 19:17 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-10 21:34 - 2015-05-01 14:25 - 00000000 ____D C:\Users\Ztnerg\AppData\Local\ActiveSync
2016-08-10 21:32 - 2016-02-04 21:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-10 21:32 - 2016-02-04 21:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-10 21:32 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-10 21:32 - 2015-01-20 11:34 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 21:32 - 2015-01-18 00:22 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-10 21:31 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 21:31 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 21:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 20:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 20:50 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 20:50 - 2015-03-13 21:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 20:48 - 2015-03-13 21:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 21:16 - 2016-02-04 21:11 - 00000000 ____D C:\Users\Ztnerg
2016-08-08 20:23 - 2015-12-11 18:29 - 00000000 ____D C:\Users\Ztnerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-08 20:23 - 2015-12-11 18:29 - 00000000 ____D C:\Users\Ztnerg\AppData\Roaming\discord
2016-08-08 20:23 - 2015-12-11 18:29 - 00000000 ____D C:\Users\Ztnerg\AppData\Local\Discord
2016-08-08 20:22 - 2016-06-26 22:23 - 00000258 __RSH C:\Users\Ztnerg\ntuser.pol
2016-08-08 20:22 - 2016-06-26 22:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-08-08 20:22 - 2015-05-23 09:06 - 00000000 ____D C:\WINDOWS\vpnplugins
2016-08-04 22:07 - 2015-05-15 17:32 - 00003786 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08f56a106ce9c
2016-08-04 22:07 - 2015-01-18 00:22 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-27 15:25 - 2015-01-20 03:16 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-21 18:33 - 2016-02-04 21:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-20 20:50 - 2015-01-18 00:31 - 00000000 ____D C:\Users\Ztnerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Files in the root of some directories =======
2015-04-02 23:53 - 2015-04-02 23:53 - 0000291 _____ () C:\Users\Ztnerg\AppData\Roaming\OpenSceneryX Installer.plist
2016-04-29 18:35 - 2016-04-29 18:35 - 0000274 _____ () C:\Users\Ztnerg\AppData\Roaming\vhui.ini
2015-04-03 01:09 - 2015-04-03 01:09 - 0002335 _____ () C:\Users\Ztnerg\AppData\Roaming\WED.prefs
2015-01-25 20:36 - 2015-01-25 20:36 - 0003584 _____ () C:\Users\Ztnerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-24 22:36 - 2015-09-24 22:36 - 0005076 _____ () C:\Users\Ztnerg\AppData\Local\recently-used.xbel
2015-01-26 02:38 - 2016-03-02 19:11 - 0007642 _____ () C:\Users\Ztnerg\AppData\Local\Resmon.ResmonCfg
2015-01-18 02:50 - 2016-06-21 20:39 - 0000015 _____ () C:\Users\Ztnerg\AppData\Local\X-Plane_drm.prf
2015-01-18 02:50 - 2015-01-18 02:50 - 0000046 _____ () C:\Users\Ztnerg\AppData\Local\x-plane_install_10.txt
2016-02-04 21:11 - 2016-02-04 21:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-27 23:47 - 2015-07-27 23:47 - 0000100 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some files in TEMP:
====================
C:\Users\Ztnerg\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ztnerg\AppData\Local\Temp\nvStInst.exe
C:\Users\Ztnerg\AppData\Local\Temp\proxy_vole7280218252707120468.dll
C:\Users\Ztnerg\AppData\Local\Temp\setup.exe
C:\Users\Ztnerg\AppData\Local\Temp\SIntf16.dll
C:\Users\Ztnerg\AppData\Local\Temp\SIntf32.dll
C:\Users\Ztnerg\AppData\Local\Temp\SIntfNT.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-06 15:33
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Ztnerg (15-08-2016 17:58:02)
Running from D:\Desktop
Windows 10 Pro Version 1511 (X64) (2016-02-05 01:17:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2072056269-1345151140-1346286065-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2072056269-1345151140-1346286065-503 - Limited - Disabled)
Guest (S-1-5-21-2072056269-1345151140-1346286065-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2072056269-1345151140-1346286065-1008 - Limited - Enabled)
Ztnerg (S-1-5-21-2072056269-1345151140-1346286065-1000 - Administrator - Enabled) => C:\Users\Ztnerg
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro CS3 Third Party Content (HKLM-x32\...\Adobe_71c180716438072ebd356ce2549df41) (Version: 3 - Adobe Systems Incorporated)
American Truck Simulator (HKLM\...\Steam App 270880) (Version:  - SCS Software)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA3Sync 1.4.54 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.4.54 - The [S.o.E] team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Brothers - A Tale of Two Sons (HKLM\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.14.35734 - Eagle Dynamics)
DCS World (HKLM-x32\...\Steam App 223750) (Version:  - Eagle Dynamics)
DCS World 2 OpenAlpha (HKLM\...\DCS World 2 OpenAlpha_is1) (Version: 2.0 - Eagle Dynamics)
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 1.5.0.45208 - Eagle Dynamics)
DiRT Rally (HKLM\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
Discord (HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DRAGON BALL XENOVERSE (HKLM\...\Steam App 323470) (Version:  - DIMPS)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.2.0.1 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.1 Alpha - ETS2MP Team)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.17 - Echobit, LLC)
FanaLEDs (HKLM-x32\...\FanaLEDs) (Version: 2.3f - Gerben bol & Dirk Teurlings)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
Fishing Planet (HKLM-x32\...\Steam App 380600) (Version:  - Fishing Planet LLC)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Helios (HKLM-x32\...\{853F06FE-B3D2-443A-8E69-0FE2AEE04A1D}) (Version: 1.3.190 - Gadroc's Workshop)
HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version:  - Arrowhead Game Studios)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.60 - Oracle Corporation)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version:  - Squad)
LEGO® Jurassic World (HKLM\...\Steam App 352400) (Version:  - TT Games Ltd)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medieval Engineers (HKLM-x32\...\Steam App 333950) (Version:  - Keen Software House)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.2.1212 - Microsoft Garage)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NaturalPoint USB Drivers x64 (HKLM\...\{533773B8-9AC1-4C0F-A2BF-57466A45C6F5}) (Version: 2.70.0000 - NaturalPoint)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.69 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
Plan-G v3.1.2 version 3.1.2 (HKLM-x32\...\{BC13ABF2-2C08-42A6-A5C4-AFCE666ABE58}_is1) (Version: 3.1.2 - TA Studio)
Pool Nation FX (HKLM-x32\...\Steam App 314000) (Version:  - Cherry Pop Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
Prepar3D v2 Academic Bundle (x32 Version: 2.4.11570.0 - Lockheed Martin) Hidden
Project 64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
Project CARS (HKLM\...\Steam App 234630) (Version:  - Slightly Mad Studios)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rugby World Cup 2015 (HKLM\...\Steam App 365750) (Version:  - HB Studios)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Smart Technology Programming Software 7.0.42.12 (HKLM\...\{7A88EA50-F625-4717-9D77-EF42F6EFA181}) (Version: 7.0.42.12 - Mad Catz)
SNOW (HKLM-x32\...\Steam App 244930) (Version:  - Poppermost Productions)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version:  - Nomad Games Limited)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TrackIR 5 (HKLM-x32\...\{6984ac4b-af1a-46af-bb10-ca1d3b7d4aba}) (Version: 5.4.2.0000 - NaturalPoint)
Virtual Cockpit Server for DCS World (HKLM\...\{6EBE576D-BEE9-463D-8E0E-C636BC581DEC}) (Version: 5.6.610 - Bit Shift Software, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Windows Driver Package - VirtualHere (vhhcd) USB  (01/05/2016 22.15.56.983) (HKLM\...\40747DCE97E9ED6D7DA0C1E7BFE622C5E9D18EAD) (Version: 01/05/2016 22.15.56.983 - VirtualHere)
Windows Driver Package - VirtualHere (vhhub) USB  (01/05/2016 22.15.56.999) (HKLM\...\9AB7B0A490420A0214B0B4667FD4E3D87E1F0634) (Version: 01/05/2016 22.15.56.999 - VirtualHere)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
X-Plane 10 Global - 64 Bit (HKLM-x32\...\Steam App 292180) (Version:  - Laminar Research)
You Need A Budget 4 Trial (YNAB) (HKLM-x32\...\Steam App 228240) (Version:  - YouNeedABudget.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01B6AB6F-9888-4C96-921F-36FFE32F5ECB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {0976FE88-37BC-4EE0-AE87-A76703B0ADC1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {16252C40-A10C-4C93-A105-7A4DF823A0CC} - \EssentialUpdateMachine -> No File <==== ATTENTION
Task: {1DCDDC77-53DE-48AD-A0F9-5D2B06BB8C5E} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\TelTask
Task: {339B295C-BFD2-4DC9-96D2-7113A3EBF434} - System32\Tasks\{B717A6B4-886F-4574-91D4-3B0D66D01125} => pcalua.exe -a D:\Downloads\Saitek_X52_Flight_Controller_7_0_27_13_x64_Drivers.exe -d D:\Downloads
Task: {4C3E505D-6508-4E6D-9005-51A5D293C66A} - System32\Tasks\Microsoft\Windows\ContextManager\Triggers => C:\Windows\system32\ContextManagerNotificationHandler.exe
Task: {5015F7B3-258C-46FA-A05E-F5E8D3610AC6} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f56a106ce9c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5ACAB365-3176-4648-8FAF-B25C3060DDCA} - System32\Tasks\Microsoft\Windows\ContextManager\Logon => C:\Windows\system32\ContextManagerNotificationHandler.exe
Task: {61DCAC38-ABF5-4C50-9100-259A76ECEACF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {82B68E5D-FE3D-468C-868E-C10A19D8DE0F} - System32\Tasks\SpeechRuntimeTask => C:\Windows\system32\speech_onecore\common\SpeechRuntime.exe [2016-05-28] (Microsoft Corporation)
Task: {8B82229F-AE30-49DC-B7D2-2B9F5AF0ED20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A244FF79-8619-437F-A180-FB01B8460504} - System32\Tasks\Microsoft\Windows\User Data Service\Unistore Logon => C:\Windows\System32\UnistackSvcWrapper.exe
Task: {C8A23626-DD41-41B0-A459-63AF15ABC8AE} - System32\Tasks\Microsoft\Windows\NetworkDriverPlatform\TelemetryGatherer => C:\Windows\system32\NetCfgDiagnostics.exe
Task: {CE5AF82E-D2F7-4484-99CF-EF2716C921CC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {FC92D65F-F183-4157-8E22-4D47B0DFC474} - \Winupdate -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f56a106ce9c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Ztnerg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\68712832bc7a55b0\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Ztnerg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-02-04 21:10 - 2016-06-29 13:50 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-21 10:45 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-31 19:53 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-04 17:35 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-21 10:45 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-06-23 15:11 - 2015-06-23 15:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-05-04 17:35 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-04 17:35 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-04 17:35 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-31 19:53 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-13 17:25 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-13 17:25 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-28 20:51 - 2016-04-28 20:51 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-13 17:25 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-08 22:35 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 17:27 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 17:27 - 2016-06-30 23:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2012-12-28 10:44 - 2012-12-28 10:44 - 00039648 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-04-28 18:49 - 2016-04-28 18:49 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-04-28 18:49 - 2016-04-28 18:49 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-23 15:07 - 2016-06-14 16:01 - 00086904 _____ () C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
2015-03-24 09:28 - 2015-03-24 09:28 - 00036544 _____ () D:\Programs\Rainmeter.exe
2015-03-24 09:28 - 2015-03-24 09:28 - 00775872 _____ () D:\Programs\Rainmeter.dll
2015-03-24 09:27 - 2015-03-24 09:27 - 00058368 _____ () D:\Programs\Plugins\WebParser.DLL
2016-07-13 17:25 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 17:25 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 17:25 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 17:25 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-04 17:35 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-04 17:35 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-28 20:51 - 2016-04-28 20:51 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-28 20:51 - 2016-04-28 20:51 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-06-23 15:07 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-01-18 00:26 - 2016-08-02 18:08 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 03:18 - 2016-08-02 18:10 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-18 00:26 - 2016-08-02 20:00 - 02320160 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 03:18 - 2016-08-02 18:09 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 03:18 - 2016-08-02 18:09 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-18 00:26 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-18 00:26 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-18 00:26 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-18 00:26 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-18 00:26 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-18 00:26 - 2016-08-02 19:59 - 00831776 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-12 11:25 - 2016-07-06 18:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-06-23 15:07 - 2016-06-14 16:01 - 00621104 _____ () C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvGpuInterface.dll
2016-08-08 20:23 - 2016-08-01 13:11 - 01950392 _____ () C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\ffmpeg.dll
2016-08-08 20:23 - 2016-08-08 20:23 - 01043640 _____ () \\?\C:\Users\Ztnerg\AppData\Roaming\discord\0.0.295\modules\discord_voice\discord_voice.node
2016-08-08 20:23 - 2016-08-08 20:23 - 03784376 _____ () \\?\C:\Users\Ztnerg\AppData\Roaming\discord\0.0.295\modules\discord_voice\libdiscord.dll
2016-08-08 20:23 - 2016-08-08 20:23 - 00887992 _____ () \\?\C:\Users\Ztnerg\AppData\Roaming\discord\0.0.295\modules\discord_utils\discord_utils.node
2016-08-08 20:23 - 2016-08-08 20:23 - 00775864 _____ () \\?\C:\Users\Ztnerg\AppData\Roaming\discord\0.0.295\modules\discord_toaster\discord_toaster.node
2016-08-08 20:23 - 2016-08-01 13:11 - 02230456 _____ () C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\libglesv2.dll
2016-08-08 20:23 - 2016-08-01 13:11 - 00088760 _____ () C:\Users\Ztnerg\AppData\Local\Discord\app-0.0.295\libegl.dll
2015-01-18 00:26 - 2016-06-14 15:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-19 22:29 - 2015-05-19 22:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-08-10 21:33 - 2016-08-10 21:33 - 00170496 _____ () \\?\C:\Users\Ztnerg\AppData\Local\Temp\A4B.tmp.node
2014-03-20 15:43 - 2014-03-20 15:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-01-20 03:18 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:058E79EB [294]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-03-14 04:58 - 2015-03-14 04:57 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ztnerg\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a931a96a-f4b1-4fd9-9a62-e3c526463971}.jpg
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ztnerg\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a931a96a-f4b1-4fd9-9a62-e3c526463971}.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\...\StartupApproved\Run: => "ManyCam"
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "ManyCam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{6BDD6BC2-232F-4B90-9B5B-D804655BE291}D:\programs (x86)\dcs world openbeta\bin\dcs_updater.exe] => (Allow) D:\programs (x86)\dcs world openbeta\bin\dcs_updater.exe
FirewallRules: [TCP Query User{4AF061F3-2C3A-4176-8F1D-F4C48FBF91CD}D:\programs (x86)\dcs world openbeta\bin\dcs_updater.exe] => (Allow) D:\programs (x86)\dcs world openbeta\bin\dcs_updater.exe
FirewallRules: [UDP Query User{A01D80CD-5FE9-4C3D-9B78-6BF57EB62FC8}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{2A495402-34B7-4213-97C2-E45EB17EF8D9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{98B44E2F-68D5-43FB-9D0B-0C1D106DA84F}D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{19650780-4ADD-491F-A9CB-F662797E7AF0}D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{01AE04E5-E2F6-4FB3-A797-C2ADF14EBC73}] => (Allow) D:\SteamLibrary\steamapps\common\YNAB 4 (Demo)\YNAB 4.exe
FirewallRules: [{113E3CFB-E124-4843-A19A-BCA18F2C4472}] => (Allow) D:\SteamLibrary\steamapps\common\YNAB 4 (Demo)\YNAB 4.exe
FirewallRules: [UDP Query User{C99E5599-FCB2-4DD5-B17C-4CCAB69E0C88}D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [TCP Query User{61EAA7DB-49B3-4485-8FD6-6EBA8998F78D}D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{4F6982BF-BBAC-4A3A-9709-58CA3435092C}] => (Allow) D:\SteamLibrary\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{D3BD8B5D-3BC1-4141-887B-3874EAEB26E5}] => (Allow) D:\SteamLibrary\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{E0E6AE50-9F9B-4E2B-B748-0F12088C079E}] => (Allow) D:\SteamLibrary\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{CA221A95-5970-4879-9320-2C1471562D7A}] => (Allow) D:\SteamLibrary\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{0163542B-10B0-41C8-89B8-521E1D38AAB8}] => (Allow) D:\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [{A3A1369D-87C0-4E9E-B33D-17F4D26954CC}] => (Allow) D:\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [{1532AF59-46A7-49AA-80D6-3C9E09641621}] => (Allow) D:\SteamLibrary\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{5FCD2D70-69B5-490F-949D-C6EA74844829}] => (Allow) D:\SteamLibrary\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{2231FDE7-D39C-4C12-8F1D-521C06C177A7}] => (Allow) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
FirewallRules: [{AB151D25-A72B-45C7-AB96-3317218981E2}] => (Allow) D:\SteamLibrary\steamapps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [{D5D1FD5F-98BB-44F2-81F5-8DBD6D9BCF57}] => (Allow) D:\SteamLibrary\steamapps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [{F3A6149F-0A62-4B4B-8F04-49FE40EA76AF}] => (Allow) D:\Programs\USB Network Gate\UsbConfig.exe
FirewallRules: [{AB0DE41D-BFC6-4F40-848B-C10625E62ABD}] => (Allow) D:\Programs\USB Network Gate\UsbService64.exe
FirewallRules: [{DD58ACA0-01CE-4C02-95DE-4FF136C81355}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2A13F2D4-CF1E-4617-BB15-F64A33B9A695}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D4A96131-D3C6-4BF5-AAC1-30257AEADB1D}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E19159F4-6D1D-4564-8FA0-4281B6EAC6FF}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD63CEC1-F907-4241-864B-F3E129192394}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9DB03255-EE41-4BC8-8311-675BC21BB6FF}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{588715F9-0E9E-486A-B9D7-15C8C4E134B4}D:\programs (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\programs (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{37449482-6146-4796-A5B3-5A8F22FE73FD}D:\programs (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\programs (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{8AD79C24-090D-4662-A8CE-739B033D6655}D:\programs (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\programs (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1D7A3C77-453D-4477-8288-3B0B2406A7EC}D:\programs (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\programs (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{39648FCE-88C6-4289-946A-01531F5BAA25}] => (Allow) D:\Programs (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{4DA39FB0-8F91-4150-8F4E-B9E83A5CC8E7}] => (Allow) D:\Programs (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3609386C-2188-47F2-8F27-E207A828D788}] => (Allow) D:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{712CE6AC-95E8-4DF5-9C4A-BACAC2483027}] => (Allow) D:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [UDP Query User{6407A162-8ADF-45EF-B844-2F712A68FBA7}D:\programs (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\programs (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4728267F-29C0-450A-AF61-3266E1984D7C}D:\programs (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\programs (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{54EB6A20-7E50-4151-AE67-DCA291F83A20}] => (Allow) D:\Programs (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BA195B51-3D74-4925-B863-10B0FD042380}] => (Allow) D:\Programs (x86)\Battle.net\Battle.net.exe
FirewallRules: [{054B8E14-2AE3-4C3B-9CC7-70CCAD7B36F4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{672FB9B9-0628-4148-9AC1-4455F17A484C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FED8FC18-56A6-4E8B-9F32-0EC345692289}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [{021FA922-DDF6-4215-BB6D-EB4E17987CC6}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [{F9717566-6F08-4BEA-84A9-98967C099F5B}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{7F9A49E7-7CF3-4611-A81A-BA1F3E12A266}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{88245F40-8E3C-422D-8B2D-C05B9E32AC4E}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{675044A2-0D56-4691-821A-88328622FEE9}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{41C73207-8005-4C7E-868E-F05922543781}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\X-Plane.exe
FirewallRules: [{C146B735-2F7B-45B6-9AD0-55F198EB507D}] => (Allow) D:\SteamLibrary\steamapps\common\X-Plane 10\X-Plane.exe
FirewallRules: [UDP Query User{5A5A7960-CE6F-40C7-B296-212B483A0B00}D:\programs\facetracknoir\facetracknoir.exe] => (Allow) D:\programs\facetracknoir\facetracknoir.exe
FirewallRules: [TCP Query User{81A912C0-B881-450B-A310-03D0AAADD8F2}D:\programs\facetracknoir\facetracknoir.exe] => (Allow) D:\programs\facetracknoir\facetracknoir.exe
FirewallRules: [{B7AB4095-1C74-491D-9847-3DAAB48E1E02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{C8F26078-4AEE-4F7F-A1E4-EA0B343E020E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{40A30AAC-236B-428A-8BA7-0BDA46DBACA4}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{5538FF9A-8B6B-475B-A362-C52DC67F5A05}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{7191FD0C-A342-42F3-9614-AEA551FCD0FE}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{155A0FA3-6B63-4C27-9F71-F11430AFF729}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D287C14D-B638-4FA4-AE25-E100AFB736F4}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{2E4AFC7C-0BD5-4F1D-AF00-0D2AA69716B4}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{767CA0F2-B4C4-4398-B8E6-29E9A199188B}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{D047D64C-1B94-4EED-A162-23F23F716F73}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{266E4345-4111-471A-A79F-A1454C93B172}] => (Allow) D:\Programs (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{39B8BE2B-5D9E-4580-8CCB-E9966F45BEB7}] => (Allow) D:\Programs (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{0FBBC12C-786F-46CF-BDC9-C2ADD280D854}] => (Allow) D:\Programs (x86)\Lightworks\Lightworks.exe
FirewallRules: [{B759A0ED-11F3-4FB1-8F42-B9EB4EDC09D1}] => (Allow) D:\Programs (x86)\Lightworks\Lightworks.exe
FirewallRules: [{936DB18D-9D03-45A6-9CF8-87E7ABA58D2F}] => (Allow) LPort=1900
FirewallRules: [{A85CFBBD-9530-497D-A64D-1412EC719494}] => (Allow) LPort=2869
FirewallRules: [{4F3C9BF8-1944-4AAD-96D6-CB47F1FCA545}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6DFEF05E-9F7D-432F-8A5F-618D02F1CB02}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5940C69A-EC59-4C21-ABC0-67CFC1FE0811}] => (Allow) C:\Users\Ztnerg\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1E437A8A-210B-49DD-8728-2B0101D1058B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0285631C-8218-45E4-AD6E-C7A1557424F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF0D52A6-5B3A-4C47-8F14-6873BFEDAC7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F072AD58-93F3-462C-9E7E-DC81B0455678}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68DAD896-DAFF-46FF-9F05-9B4E00B2B3BB}] => (Allow) D:\Programs (x86)\DolbyAxon\Axon.exe
FirewallRules: [{88F2E126-91B3-4A6D-9DB3-D302142A7B06}] => (Allow) D:\Programs (x86)\DolbyAxon\Axon.exe
FirewallRules: [{A52EDE32-39C7-4CEB-969B-4B7F7309A1C0}] => (Allow) D:\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{57F4514E-6298-44B0-B2E9-355DE3D3EE4F}] => (Allow) D:\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{A699DE04-2A74-4EEB-9931-3F6B29D79DDE}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{174CA9FD-D343-4F00-8169-498A8D4BCFCF}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B53212BD-23B1-40AC-99A7-E742EECAB047}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FA76F0CF-CD10-4775-BF1D-FE448D66661C}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{14B8D240-7E71-4BAD-A4C6-05EFDF0A4823}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8526DB86-70BB-4E52-ADFF-55A1EE2F3880}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{36E0284C-DEE1-4275-83FD-E5E2ADE4C79B}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F0E951B7-9449-4C2A-8C02-A82F56EFE504}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [UDP Query User{E1233835-5D3D-434A-9FFF-42E2A059F7F1}D:\programs\dcs world\bin\dcs.exe] => (Allow) D:\programs\dcs world\bin\dcs.exe
FirewallRules: [TCP Query User{7E35D6F3-ACA3-4619-ACC1-6E3FB4967321}D:\programs\dcs world\bin\dcs.exe] => (Allow) D:\programs\dcs world\bin\dcs.exe
FirewallRules: [{9F893ACF-D0AF-4871-A362-DB740695743C}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{BD6F1769-749B-4DCA-86AF-6B6471F952EF}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{E427A2D6-1836-4705-A310-D855568E691F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{A2221688-2543-422C-8172-30CC6BB5BF57}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BC5636FB-ED59-431F-9B22-01862FD74299}] => (Allow) D:\SteamLibrary\steamapps\common\Talisman\Talisman.exe
FirewallRules: [{BED51AD1-53F9-40CC-99C9-281D3D45288C}] => (Allow) D:\SteamLibrary\steamapps\common\Talisman\Talisman.exe
FirewallRules: [{668647BB-1E27-46F2-896F-0FD518F417C8}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{CDF38989-30FD-4591-A851-A38A65D50276}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{5BC3C1C9-BB21-4D77-BD00-3B1F593EED1E}] => (Allow) D:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{2C095A22-EC33-4C1A-9B88-3A86CB876748}] => (Allow) D:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{16ECF63F-7877-4404-87C7-A926B6AFCB6F}] => (Allow) D:\SteamLibrary\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{6C91297F-5840-4985-BD0B-1B4B4CAD4BD5}] => (Allow) D:\SteamLibrary\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{88BD66A1-937C-4852-A233-57EE066B8D88}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{1713012E-992F-43E0-89CC-58D3368A593E}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{B86C79F7-8BC9-4695-95BE-14301197730F}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3.exe
FirewallRules: [{4D40962C-DC91-431E-BC3D-6E389AE17C67}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3.exe
FirewallRules: [{5800D453-268B-4F78-99B8-488A02020B6F}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{08D8439B-80BC-4A1A-8221-9B5028768ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [UDP Query User{58670386-248F-4D94-BABD-3C841CC64159}D:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) D:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [TCP Query User{E93C09FC-F341-4CC1-9F9B-E880C1560CDA}D:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) D:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [{1748CDE7-F859-4C90-88EC-00254DB293F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EB3440F5-FA0F-4D9E-9775-9C104C4560C2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{481CC2AE-458B-4110-9164-E3003D1238BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{582805AF-FB1D-4E7A-BA5D-0F237BBB2CAA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{E08873A3-9A7C-4D54-8D7D-016D96D1B683}D:\programs (x86)\virtual cockpit server for dcs world.exe] => (Allow) D:\programs (x86)\virtual cockpit server for dcs world.exe
FirewallRules: [UDP Query User{BEFB1E98-95A1-4264-A795-C6EB8B7A1DE2}D:\programs (x86)\virtual cockpit server for dcs world.exe] => (Allow) D:\programs (x86)\virtual cockpit server for dcs world.exe
FirewallRules: [TCP Query User{6BABF288-32F2-4AC3-A2BC-C4E01B0C0747}D:\programs\noirfreetrack\facetracknoir.exe] => (Block) D:\programs\noirfreetrack\facetracknoir.exe
FirewallRules: [UDP Query User{830CBF4B-D2DC-4444-BC1C-37EDB6B427B7}D:\programs\noirfreetrack\facetracknoir.exe] => (Block) D:\programs\noirfreetrack\facetracknoir.exe
FirewallRules: [{42277284-366A-47A4-8210-60255A846029}] => (Allow) D:\Programs (x86)\Prepar3D.exe
FirewallRules: [{9018CA21-511E-4544-B263-8FF6F1CA91EB}] => (Allow) D:\Programs (x86)\Prepar3D.exe
FirewallRules: [{42FF2A2B-AEDC-4F46-A54A-8325C2B12B62}] => (Allow) D:\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{A70C7A7B-707E-4873-85C7-D384E87A8F0D}] => (Allow) D:\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{4DEC51E9-73D7-47CC-B04C-FD5095051DA2}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{E7CAB4F6-AFA3-4CB4-9502-72D691CB1417}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{EAB42601-EA7F-4591-8FB3-5ADFD266EF47}] => (Allow) D:\SteamLibrary\steamapps\common\Anarchy Arcade\AArcade.exe
FirewallRules: [{F95815E9-6E60-4FD6-BFD5-1C5C106AE72A}] => (Allow) D:\SteamLibrary\steamapps\common\Anarchy Arcade\AArcade.exe
FirewallRules: [{1341ECEA-EE02-4AD4-87BF-88B76363B4E1}] => (Allow) D:\SteamLibrary\steamapps\common\MedievalEngineers\Bin64\MedievalEngineers.exe
FirewallRules: [{2680E64D-6D3D-43B4-BA7A-9EBC6A6E3FDD}] => (Allow) D:\SteamLibrary\steamapps\common\MedievalEngineers\Bin64\MedievalEngineers.exe
FirewallRules: [{AF5FA412-94E2-4D76-B0C0-544D6105CFE7}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{F5D71050-EA2A-46CA-A6E0-1DC087593D82}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe
FirewallRules: [TCP Query User{1791213C-1669-4379-9BE1-A31A8724A724}D:\steamlibrary\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\steamlibrary\steamapps\common\assettocorsa\acs.exe
FirewallRules: [UDP Query User{9EAADDB7-4B7A-47BC-9D68-E3372BA7C963}D:\steamlibrary\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\steamlibrary\steamapps\common\assettocorsa\acs.exe
FirewallRules: [{12B481BA-EF3F-4E90-A875-B97922E3613B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FB354996-ABC8-4E95-BF5D-7F74D2C0F9F6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{684F2CD6-B266-491E-BEC9-C5E2FE672293}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{178B4225-E9C8-4F6D-8E9D-3C96F86122DA}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{8EA380A7-2C73-4812-8FBC-E854D674BE7B}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{198C717E-46DF-429C-AC6A-FC39A0B88228}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{7FBC41AB-B090-44CC-8CC7-81D3E39F60E8}] => (Allow) D:\SteamLibrary\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
FirewallRules: [{D0C32FAF-4797-491A-9BF2-260CA17A5FF1}] => (Allow) D:\SteamLibrary\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
FirewallRules: [{54436CD7-D256-42CA-8DA5-BDF294DAF4E9}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{94D2D345-07C3-46C1-9FD4-D2DF5BE425D2}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{95B2CA2B-AB0F-409D-B80A-BA7E68F9ECED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{145105FC-8114-446B-BF69-03DE6C54631C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{46E2A0F0-0DC3-4AE1-BCB7-285D22DF3FC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1C08190F-BD90-4EB3-A720-EE62C21C601D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1BCC3E4E-0721-47AF-BD0A-4FED27BF9D67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9078A421-5C62-4FC6-9B0E-8FF7330781B2}] => (Allow) D:\SteamLibrary\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{A9AB8D6E-FC8B-4221-AFF2-B3D33F44D933}] => (Allow) D:\SteamLibrary\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [TCP Query User{68196480-6318-41F2-B50B-3C4BA1517089}D:\programs\dcs world\bin\dcs_updater.exe] => (Allow) D:\programs\dcs world\bin\dcs_updater.exe
FirewallRules: [UDP Query User{498AF387-AE72-4443-9E8E-4F369A7D9BFD}D:\programs\dcs world\bin\dcs_updater.exe] => (Allow) D:\programs\dcs world\bin\dcs_updater.exe
FirewallRules: [{1266AC79-317E-4C2C-8521-0135889EFF18}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{E4EF1DCA-D3A2-4ADE-9989-5AEE3450C450}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{4C345107-4615-44D2-AEB7-297EFDE94DD5}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{95A955ED-1C02-4D8C-BF34-BD3E1A571959}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{AE36AA90-FA68-480A-BE56-67D07ED99C49}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{EC506EEF-B62C-4125-8FF9-AFD72F526C46}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{6437F28B-A06F-4D75-9B66-5B388B442220}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{A208EB75-301E-4911-B3FF-31DCEC0E97CE}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{2051B7FE-FA65-4E8F-9AA5-4348C34D8690}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{32A32DA3-0B05-4E45-83E2-4EB01AC4E408}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [TCP Query User{C3AFD2CB-CD34-4FE5-8087-9B22F6CD1BBD}D:\programs (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Block) D:\programs (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BC2B505F-E027-4CC3-A64B-2D7572B0D042}D:\programs (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Block) D:\programs (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [{597A4575-E2D7-4BF7-AEC7-DE5729CA7F85}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{B75DC482-DCF6-4CDA-8886-346CBD390F5E}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{780D2494-64C4-4891-B720-76C47973D4AE}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{AEA51FF0-8E25-41AE-84A6-E05E18D1721E}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B6ADFB3E-89D1-440E-AA19-F951EDAB4B7B}] => (Allow) D:\SteamLibrary\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{16F7DEEF-F93E-4873-9C59-0C19C1DB1F95}] => (Allow) D:\SteamLibrary\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{FD16005A-0710-474E-9D93-315C5EEBC71F}] => (Allow) D:\SteamLibrary\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{9DC2C339-D502-4799-A006-EF0E012AB1B4}] => (Allow) D:\SteamLibrary\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{A22C53DA-012A-40A2-BCC6-2282552207B2}] => (Allow) D:\SteamLibrary\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{4AAE0A60-DA0C-46EE-97F9-49B8C2013315}] => (Allow) D:\SteamLibrary\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{A114BE51-A56F-4EBC-845F-60AB3FABF4C8}] => (Allow) D:\SteamLibrary\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{021CE735-56E8-4332-A95E-811AF3565723}] => (Allow) D:\SteamLibrary\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{437134AA-8FFD-4436-9FB0-D48D4933D6FC}] => (Allow) D:\SteamLibrary\steamapps\common\Rugby World Cup 2015\RWC_2015.exe
FirewallRules: [{08BC8334-713B-4CA6-B687-90900EE842D9}] => (Allow) D:\SteamLibrary\steamapps\common\Rugby World Cup 2015\RWC_2015.exe
FirewallRules: [TCP Query User{B82752E5-9928-48EA-9F2A-D8007CF29250}D:\programs (x86)\helios\helioscontrolcenter.exe] => (Allow) D:\programs (x86)\helios\helioscontrolcenter.exe
FirewallRules: [UDP Query User{EEB1CE98-BCF8-4140-9389-7E2C6239A079}D:\programs (x86)\helios\helioscontrolcenter.exe] => (Allow) D:\programs (x86)\helios\helioscontrolcenter.exe
FirewallRules: [TCP Query User{8A0EB97F-722A-4ABB-B6E8-C8E261547E5A}D:\programs (x86)\dcs world 2 openalpha\bin\dcs_updater.exe] => (Allow) D:\programs (x86)\dcs world 2 openalpha\bin\dcs_updater.exe
FirewallRules: [UDP Query User{0E5C54D7-1E3A-41C7-A424-F686351A0FC3}D:\programs (x86)\dcs world 2 openalpha\bin\dcs_updater.exe] => (Allow) D:\programs (x86)\dcs world 2 openalpha\bin\dcs_updater.exe
FirewallRules: [TCP Query User{B49105FD-75FD-4A5C-A9C5-26DFF00B3F99}D:\programs (x86)\virtualcockpit\virtual cockpit server for dcs world.exe] => (Allow) D:\programs (x86)\virtualcockpit\virtual cockpit server for dcs world.exe
FirewallRules: [UDP Query User{B071C5DF-F1E7-4083-8C38-FD78A2127AD4}D:\programs (x86)\virtualcockpit\virtual cockpit server for dcs world.exe] => (Allow) D:\programs (x86)\virtualcockpit\virtual cockpit server for dcs world.exe
FirewallRules: [{B979B9F6-1CE4-42A9-BAD7-7CE01336CFC8}] => (Allow) D:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{A9A135B8-C731-4D9C-841D-684DA5F86658}] => (Allow) D:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{0986BD8A-37BB-47AB-BFB1-2BD875A41D48}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2245C3CF-6442-4ED3-9BE7-1D08FCD0D371}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6A4FDB8A-FA37-424F-B808-00EFA3DF6337}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{38F69180-1DB4-4F84-B051-4B7C861FD3A9}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{E9170282-5203-42C3-9BEF-E3A2D34605A7}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{02FD385B-8A05-42A7-84F7-F966956638DB}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{538B9576-8C56-4CFC-A159-AC34BA5DC168}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{81D827CB-C177-4039-8AAC-ABFCFA2AABFB}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B149FBCD-442F-43AE-A1F2-DB52D5AC6E80}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8D438CA0-5DA6-4BB5-900A-90DADD386CEE}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{C314A5A9-3730-4A58-98A8-FB0372B12CC7}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{9BCE0451-B3C6-4FCC-BC62-558CA4E688E2}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{B1646FD6-C2F5-42EF-BD4A-AA786FED61CE}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5BF5D8E2-B3FA-4B3A-A1C9-903A3D835443}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{C09EBBE5-B227-4912-AA05-8B3CDB38271C}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [TCP Query User{DA92E114-7A63-4DA6-B2B4-9D13B738AF43}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{49004482-0699-4DC0-8030-B7CB21FE6F73}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{1A094FAF-0E91-4A68-B732-037CEC789CB4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/10/2016 11:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.545, time stamp: 0x57a1bca1
Exception code: 0xc000027b
Fault offset: 0x0000000000517ad4
Faulting process id: 0x311c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (08/10/2016 10:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: dwmcore.dll, version: 10.0.10586.494, time stamp: 0x5775e327
Exception code: 0x80000003
Fault offset: 0x00000000000bc6ce
Faulting process id: 0x150
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report Id: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5
Error: (08/10/2016 10:31:08 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
Error: (08/10/2016 10:31:08 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
Error: (08/10/2016 09:30:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.494, time stamp: 0x5775e715
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x5775df1f
Exception code: 0xc0000005
Fault offset: 0x00000000000782c7
Faulting process id: 0x12b4
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
Error: (08/10/2016 08:06:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THE_BIG_BOX)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/10/2016 08:06:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THE_BIG_BOX)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/10/2016 08:06:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THE_BIG_BOX)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/10/2016 08:06:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THE_BIG_BOX)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/10/2016 08:06:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THE_BIG_BOX)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147023169 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (08/10/2016 09:33:12 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: HDDRECOVERY\Device\HarddiskVolume63
Error: (08/10/2016 09:31:00 PM) (Source: DCOM) (EventID: 10010) (User: THE_BIG_BOX)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/10/2016 09:30:58 PM) (Source: DCOM) (EventID: 10010) (User: THE_BIG_BOX)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/10/2016 09:30:58 PM) (Source: DCOM) (EventID: 10010) (User: THE_BIG_BOX)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/10/2016 09:30:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4d5a4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/10/2016 09:30:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4d5a4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/10/2016 09:30:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4d5a4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/10/2016 09:30:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4d5a4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/10/2016 09:30:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (08/10/2016 09:30:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2016-08-15 17:57:42.526
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\spartan_broker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-08-15 17:57:42.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\spartan_broker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-08-15 17:57:42.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\spartan_broker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-08-10 22:38:07.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-08-10 22:38:07.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-08-10 22:38:07.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-08-10 22:38:07.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-08-10 22:38:07.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-08-10 22:38:00.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-08-10 22:38:00.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 16326.38 MB
Available physical RAM: 11354.36 MB
Total Virtual: 19582.38 MB
Available Virtual: 13954.65 MB
==================== Drives ================================
Drive c: (FAST DISK!) (Fixed) (Total:111.01 GB) (Free:30.81 GB) NTFS
Drive d: (BIG DISK!) (Fixed) (Total:931.51 GB) (Free:299.58 GB) NTFS
Drive e: (Old Disk) (Fixed) (Total:286.29 GB) (Free:14.7 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 58FDD2FF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BEFB4D1C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 73A218CA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

Attached Files



#4 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 15 August 2016 - 06:44 PM

Really appreciate the help!



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 PM

Posted 15 August 2016 - 08:53 PM

Greetings Tom and thank you for the information. My pleasure to work with you on this.

Are you aware of this on your computer?

Chrome Remote Desktop

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-08] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
C:\Users\Ztnerg\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ztnerg\AppData\Local\Temp\nvStInst.exe
C:\Users\Ztnerg\AppData\Local\Temp\proxy_vole7280218252707120468.dll
C:\Users\Ztnerg\AppData\Local\Temp\setup.exe
C:\Users\Ztnerg\AppData\Local\Temp\SIntf16.dll
C:\Users\Ztnerg\AppData\Local\Temp\SIntf32.dll
C:\Users\Ztnerg\AppData\Local\Temp\SIntfNT.dll
Task: {16252C40-A10C-4C93-A105-7A4DF823A0CC} - \EssentialUpdateMachine -> No File <==== ATTENTION
Task: {FC92D65F-F183-4157-8E22-4D47B0DFC474} - \Winupdate -> No File <==== ATTENTION
C:\Users\Ztnerg\AppData\Local\Temp\A4B.tmp.node
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:058E79EB [294]
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
wpad.browsersecurity.info;wpad
  • Click Search Registry button
  • When completed click OK and a SearchReg.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you aware of Chrome Remote Desktop?
  • Fixlog
  • SearchReg.txt
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 August 2016 - 08:04 AM

I have no problems with any PC functions currently. No actually symptoms or signs other than alerts other than what was previously noted. When I get home from work I will run the fix you have posted. Will this delete any photos? If I move photos and certain documents to outside drive can the ransom ware travel with it. Say a USB jump drive or separate internal hard drive that isn't the OS drive? Thanks 

Edited by Oh My!, 16 August 2016 - 08:22 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 PM

Posted 16 August 2016 - 08:25 AM

Hi Tom,
 

can the ransom ware travel with it.

Have you been hit with Ransomware already or are you just concerned about it for the future?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 August 2016 - 05:31 PM

- I was not aware of chrome remote desk top

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Ztnerg (16-08-2016 18:22:34) Run:1
Running from D:\Desktop\FRST
Loaded Profiles: Ztnerg (Available Profiles: Ztnerg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-08] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
C:\Users\Ztnerg\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ztnerg\AppData\Local\Temp\nvStInst.exe
C:\Users\Ztnerg\AppData\Local\Temp\proxy_vole7280218252707120468.dll
C:\Users\Ztnerg\AppData\Local\Temp\setup.exe
C:\Users\Ztnerg\AppData\Local\Temp\SIntf16.dll
C:\Users\Ztnerg\AppData\Local\Temp\SIntf32.dll
C:\Users\Ztnerg\AppData\Local\Temp\SIntfNT.dll
Task: {16252C40-A10C-4C93-A105-7A4DF823A0CC} - \EssentialUpdateMachine -> No File <==== ATTENTION
Task: {FC92D65F-F183-4157-8E22-4D47B0DFC474} - \Winupdate -> No File <==== ATTENTION
C:\Users\Ztnerg\AppData\Local\Temp\A4B.tmp.node
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:058E79EB [294]
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2072056269-1345151140-1346286065-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} => key not found.
"HKCR\PROTOCOLS\Handler\WSAMVCUchrome" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\AMVCU@Aimersoft.com => value removed successfully
EsgScanner => service removed successfully
C:\Windows\System32\DRIVERS\EsgScanner.sys => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\CmdLineExt02.dll => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\proxy_vole7280218252707120468.dll => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\setup.exe => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\SIntf16.dll => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\SIntf32.dll => moved successfully
C:\Users\Ztnerg\AppData\Local\Temp\SIntfNT.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16252C40-A10C-4C93-A105-7A4DF823A0CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16252C40-A10C-4C93-A105-7A4DF823A0CC}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EssentialUpdateMachine => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC92D65F-F183-4157-8E22-4D47B0DFC474}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC92D65F-F183-4157-8E22-4D47B0DFC474}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winupdate => key not found.
C:\Users\Ztnerg\AppData\Local\Temp\A4B.tmp.node => moved successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\TEMP => ":058E79EB" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog 18:22:36 ====

 

 

AT THIS POINT I REBOOTED BECAUSE FRST ASKED ME TO REBOOT

 

Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Ztnerg (16-08-2016 18:27:08)
Running from D:\Desktop\FRST
Boot Mode: Normal

================== Search Registry: "wpad.browsersecurity.info;wpad" ===========

===================== Search result for "wpad.browsersecurity.info" ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-97-14-06]
"WpadDetectedUrl"="http://wpad.browsersecurity.info/wpad.dat"

===================== Search result for "wpad" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"WpadHost"=""

[HKEY_USERS\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"WpadHost"=""

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-97-14-06]
"WpadDecisionReason"="0"

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-97-14-06]
"WpadDecisionTime"="0x0253B7D50CF8D101"

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-97-14-06]
"WpadDecision"="1"

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-97-14-06]
"WpadDetectedUrl"="http://wpad.browsersecurity.info/wpad.dat"

[HKEY_USERS\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"WpadHost"=""

[HKEY_USERS\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Microsoft\Internet Explorer\TypedURLs]
"url3"="http://www.bleepingcomputer.com/forums/t/622969/wpadbrowsersecurityinfo/#entry4060658"

[HKEY_USERS\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]

[HKEY_USERS\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Classes\Local Settings\MuiCache\20\52C64B7E]
"@%SystemRoot%\system32\winhttp.dll,-101"="WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol."

====== End of Search ======



#9 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 August 2016 - 06:09 PM

I still have the same popup alert from Malwarebytes telling be of this problem as described in original post 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 PM

Posted 16 August 2016 - 07:52 PM

Thank you for the information. Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Chrome Remote Desktop

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
StartRegedit:
Windows Registry Editor Versio 5.00

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-97-14-06]
"WpadDetectedUrl"=-

[HKEY_USERS\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Microsoft\Internet Explorer\TypedURLs]
"url3"=-
EndRegedit:
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • Your computer will automatically reboot
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check for the pop up
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Pop up?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 August 2016 - 08:31 PM

I think we are onto something, I've been doing some general use. Launched and looked at the "steam store". Normally created a popup. Did not.

Also launch and browsed via internet explorer. No popup from Malwarebytes. Seems...good.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Ztnerg (16-08-2016 21:20:47) Run:2
Running from D:\Desktop\FRST
Loaded Profiles: Ztnerg (Available Profiles: Ztnerg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
StartRegedit:
Windows Registry Editor Versio 5.00

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-97-14-06]
"WpadDetectedUrl"=-

[HKEY_USERS\S-1-5-21-2072056269-1345151140-1346286065-1000\SOFTWARE\Microsoft\Internet Explorer\TypedURLs]
"url3"=-
EndRegedit:
emptytemp:
*****************

====> Registry

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 439197655 B
Java, Flash, Steam htmlcache => 458198197 B
Windows/system/drivers => 24233620 B
Edge => 30659236 B
Chrome => 10761044 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 788 B
NetworkService => 12050 B
Ztnerg => 883991335 B

RecycleBin => 1023516554 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:21:11 ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 PM

Posted 16 August 2016 - 08:36 PM

:thumbsup2:

Let's do this now.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 August 2016 - 08:49 PM

Thank you currently running ESET. Currently it had found 1 threat as " a variant of MSIL/Agent.QZT Trojan"

 

I will let it finish and than post the requested information that will be exported.

Shall I continue with second part of the current step or stop due to finding a threat at part 1 of this current step?

 

-Thank you! Already eternally thankful!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 PM

Posted 16 August 2016 - 08:53 PM

Let ESET fully finish, then run the Security Check program. You can post both results in one post.

I am glad we were able to hunt down the offending Registry entries and take care of them. Hopefully things will stay stable and ESET won't find anything too troubling. ESET is very thorough so I expect it find items to remove. Very common.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Ztnerg

Ztnerg
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 August 2016 - 08:54 PM

Just had an random occurrence of after quite some time.

See attached

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users