Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

after trying to remove a virus computer is not full admin?


  • This topic is locked This topic is locked
5 replies to this topic

#1 unfriendlykeyboard

unfriendlykeyboard

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 21 October 2016 - 05:26 AM

Hello, so i was redirected from this post http://www.bleepingcomputer.com/forums/t/628677/i-ran-a-suspicious-file-and-hell-began/page-2 because after finishing the virus removal instructions my computer started to ask me if lets say when running cmd "do you want the following program to make changes on this computer" program name: windows command processor verified publisher: Microsoft windows
i think this may be happening because ive run delfix (like instructed in the end) and the computer got a black screen and i had to restart
Here is the farber recovery scan tool log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by USER (administrator) on USER-PC (21-10-2016 12:58:11)
Running from C:\Users\USER\Desktop\FArber
Loaded Profiles: USER (Available Profiles: USER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
(NVIDIA Corporation) C:\Users\USER\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamuseragent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1009632 2016-08-29] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.)
HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2194728 2014-10-17] (Gainward Co. Ltd.)
HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-20] (SUPERAntiSpyware)
HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1345288 2015-08-17] (Bogdan Sharkov)
HKU\S-1-5-21-1949633235-3253496934-901557982-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: C:\Windows\SysWOW64\win32spl.dll [497152 2016-06-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-02] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\USER\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-06-06]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ati.EXE [2015-08-07] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.57.2.5 213.57.22.5
Tcpip\..\Interfaces\{3573B5B7-1D52-48AF-BC74-0B2E61C17B1C}: [DhcpNameServer] 192.117.235.236 192.168.0.1
Tcpip\..\Interfaces\{72A18083-72C2-45FC-A7FE-BB5B73555BC9}: [DhcpNameServer] 213.57.2.5 213.57.22.5
 
Internet Explorer:
==================
HKU\S-1-5-21-1949633235-3253496934-901557982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1949633235-3253496934-901557982-1000 -> DefaultScope {435BA183-F05E-44BE-B1AF-6AAF5886C92E} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1949633235-3253496934-901557982-1000 -> {435BA183-F05E-44BE-B1AF-6AAF5886C92E} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-02] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-02] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: ga7dcf1r.default
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ga7dcf1r.default [2016-10-21]
FF Homepage: Mozilla\Firefox\Profiles\ga7dcf1r.default -> hxxps://www.google.com/?gfe_rd=cr&ei=_NbVVbzPNIKJ8Qf4sKKgBQ&gws_rd=ssl,cr&fg=1
FF Extension: (RequestPolicy) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ga7dcf1r.default\Extensions\requestpolicy@requestpolicy.com.xpi [2016-05-22]
FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ga7dcf1r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-02]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-09-06] (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1949633235-3253496934-901557982-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-09-30]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-21]
CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (LoungeDestroyer) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-10-18]
CHR Extension: (Saba Meeting Chrome Connector) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjedkhmeelbomjafdlehdcomjhobcnbk [2015-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-02] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1456136 2016-10-12] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2621448 2016-09-13] (LogMeIn Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-08-31] (LogMeIn, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310960 2016-09-27] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-10-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-07-07] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108768 2016-07-08] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-14] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-17] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-21 12:57 - 2016-10-21 12:58 - 00000000 ____D C:\FRST
2016-10-21 12:56 - 2016-10-21 12:58 - 00000000 ____D C:\Users\USER\Desktop\FArber
2016-10-20 19:28 - 2016-10-20 19:28 - 00000055 _____ C:\Users\USER\Desktop\Weather Forecast & Reports - Long Range & Local - Wunderground - Weather Underground.url
2016-10-20 19:07 - 2016-10-20 19:07 - 00000224 _____ C:\Users\USER\Desktop\Civ 6 - Iron Tide #8 - The Salty Gamblers Civilization 72,529 views.URL
2016-10-20 18:39 - 2016-10-21 12:58 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-10-20 15:58 - 2016-10-20 15:58 - 00000224 _____ C:\Users\USER\Desktop\Civ 6 - Iron Tide #7 - Pillage Worship Civilization 86,861 views.URL
2016-10-20 00:29 - 2016-10-20 00:31 - 00000158 _____ C:\Users\USER\Desktop\Altis life Interview for medic.txt
2016-10-19 19:13 - 2016-10-19 19:13 - 00000002 _____ C:\END
2016-10-18 14:16 - 2016-10-18 14:16 - 00000110 _____ C:\Users\USER\Desktop\עידן הנאורות - oren robin - Google Docs.url
2016-10-18 14:15 - 2016-10-18 14:15 - 00000111 _____ C:\Users\USER\Desktop\קראו בכותר - מסע אל העבר - קדמה ומהפכות - מאות 16 - 19.url
2016-10-15 19:04 - 2016-10-15 19:04 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-10-15 19:04 - 2016-10-15 19:04 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-10-15 19:04 - 2016-10-15 19:04 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-10-15 19:04 - 2016-10-15 19:04 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-10-15 19:04 - 2016-10-15 19:04 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-10-15 19:04 - 2016-10-15 19:04 - 00000000 ____D C:\Users\Administrator
2016-10-15 19:04 - 2016-09-15 18:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2016-10-15 19:04 - 2015-02-01 09:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2016-10-15 19:04 - 2010-11-21 12:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-10-15 14:08 - 2016-10-15 14:08 - 00000000 _____ C:\Windows\system32\netstat
2016-10-14 22:29 - 2016-10-14 22:29 - 00000650 _____ C:\DelFix.txt
2016-10-14 22:29 - 2016-10-14 22:29 - 00000000 ____D C:\Windows\ERUNT
2016-10-14 22:26 - 2016-10-14 22:26 - 00781312 _____ C:\Users\USER\Downloads\delfix_1.010.exe
2016-10-12 19:44 - 2016-10-12 19:44 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-10-10 19:22 - 2016-10-10 19:26 - 568158675 _____ C:\Users\USER\Downloads\CMCR 2 8 5.zip
2016-10-10 16:53 - 2016-10-10 16:53 - 00002743 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-10-10 16:53 - 2016-10-10 16:53 - 00000000 ____D C:\Users\USER\Desktop\Sophos Virus Removal tool
2016-10-10 16:53 - 2016-10-10 16:53 - 00000000 ____D C:\ProgramData\Sophos
2016-10-10 16:53 - 2016-10-10 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-10-10 16:51 - 2016-10-10 16:52 - 154441928 _____ (Sophos Limited) C:\Users\USER\Downloads\Sophos Virus Removal Tool.exe
2016-10-09 18:11 - 2016-10-09 18:11 - 00000000 ____D C:\Users\USER\Documents\MEGAsync
2016-10-09 18:10 - 2016-10-12 19:44 - 00000000 ____D C:\Users\USER\AppData\Local\MEGAsync
2016-10-09 18:10 - 2016-10-09 18:10 - 00000000 ____D C:\Users\USER\AppData\Local\Mega Limited
2016-10-09 18:09 - 2016-10-09 18:10 - 12903336 _____ (MEGA Limited) C:\Users\USER\Downloads\MEGAsyncSetup.exe
2016-10-09 18:03 - 2016-10-09 18:03 - 00012856 _____ C:\Users\USER\Desktop\Arma3Launcher_Exception_20161009T150343.txt
2016-10-08 13:38 - 2016-10-08 13:56 - 00000000 ____D C:\Users\USER\.idlerc
2016-10-08 13:32 - 2016-10-08 13:32 - 00000245 _____ C:\Users\USER\Desktop\Python Programming Tutorials.URL
2016-10-08 13:27 - 2016-10-08 13:28 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-10-08 13:27 - 2016-10-08 13:27 - 00000000 ____D C:\Users\USER\AppData\Local\Package Cache
2016-10-07 22:40 - 2016-10-07 22:40 - 03591433 _____ C:\Users\USER\Downloads\ArmA3Sync-launcher-and-addons-synchronization-version-1.5.80.7z
2016-10-06 20:35 - 2016-10-06 20:35 - 00000107 _____ C:\Users\USER\Desktop\[NRA] National Republic Of Altis {Recruiting!!} - Altis - Roleplay UK.url
2016-10-06 17:00 - 2016-10-07 10:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-06 16:57 - 2016-10-06 16:57 - 16563352 _____ (Malwarebytes Corp.) C:\Users\USER\Downloads\mbar-1.09.3.1001.exe
2016-10-05 22:16 - 2016-10-05 22:16 - 00000126 _____ C:\Users\USER\Desktop\i ran a suspicious file and hell began - Am I infected- What do I do-.url
2016-10-05 20:57 - 2016-10-05 20:57 - 00000114 _____ C:\Users\USER\Desktop\Registration Successful - BleepingComputer.com.url
2016-10-05 20:21 - 2016-10-05 20:21 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-10-05 19:59 - 2016-10-05 20:00 - 16270006 _____ C:\Users\USER\Downloads\sa-mp-0.3.7-install.exe
2016-10-01 14:23 - 2016-10-01 14:23 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-01 14:23 - 2016-09-17 01:30 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-01 14:23 - 2016-09-09 21:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-10-01 14:23 - 2016-09-09 21:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-10-01 14:23 - 2016-09-09 21:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-10-01 14:23 - 2016-09-09 21:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-10-01 14:21 - 2016-09-20 02:09 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-10-01 14:21 - 2016-09-20 02:09 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 34809912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 28214840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 14118336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-10-01 14:21 - 2016-09-17 03:46 - 10868288 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 10746872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 10287344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 09090952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 08877480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 08684304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 03595832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 01020472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00956864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00895032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00179952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-10-01 14:21 - 2016-09-17 03:46 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-10-01 14:21 - 2016-09-17 03:46 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-10-01 14:07 - 2016-10-06 22:29 - 00003778 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-01 14:07 - 2016-10-06 22:29 - 00001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-01 14:07 - 2016-10-06 22:28 - 00003590 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-01 14:07 - 2016-09-30 07:24 - 01842624 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-01 14:07 - 2016-09-30 07:24 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-01 14:07 - 2016-09-30 07:24 - 01444288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-01 14:07 - 2016-09-30 07:24 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-01 14:07 - 2016-09-30 07:24 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-01 14:07 - 2016-09-29 22:27 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-01 14:06 - 2016-10-06 22:28 - 00003828 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-01 14:06 - 2016-10-06 22:28 - 00003828 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-01 14:06 - 2016-10-06 22:28 - 00003766 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-01 14:06 - 2016-10-06 22:28 - 00003530 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-01 14:06 - 2016-09-17 04:42 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-10-01 14:06 - 2016-09-17 04:42 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-10-01 14:06 - 2016-09-17 04:42 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-10-01 14:05 - 2016-10-01 14:05 - 68857168 _____ (NVIDIA Corporation) C:\Users\USER\Downloads\GeForce_Experience_v3.0.6.48.exe
2016-09-27 19:28 - 2016-09-27 19:28 - 00000000 ____D C:\Users\USER\AppData\Local\FalloutNV
2016-09-26 20:48 - 2016-09-26 20:48 - 00001008 _____ C:\Users\Public\Desktop\Fallout New Vegas Ultimate Edition.lnk
2016-09-24 17:14 - 2016-09-24 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-22 15:42 - 2016-08-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-22 15:42 - 2016-08-05 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-21 12:58 - 2012-10-28 16:49 - 00000000 ____D C:\Users\USER\AppData\Local\Adobe
2016-10-21 12:56 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-21 12:56 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-21 12:54 - 2015-01-06 00:32 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-21 12:52 - 2015-08-21 14:39 - 00000000 ____D C:\Users\USER\AppData\Local\LogMeIn Hamachi
2016-10-21 12:52 - 2015-01-10 19:32 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-21 12:51 - 2015-01-06 00:13 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-21 12:47 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-20 19:40 - 2015-11-06 19:11 - 00000000 ____D C:\Users\USER\AppData\Roaming\TS3Client
2016-10-20 19:17 - 2015-01-06 00:13 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-20 19:12 - 2015-11-06 19:12 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-10-20 19:00 - 2015-09-12 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-20 15:17 - 2015-12-05 00:22 - 00000000 ____D C:\Users\USER\AppData\Roaming\vlc
2016-10-20 00:29 - 2016-03-26 15:01 - 00000000 ____D C:\Users\USER\AppData\Local\Arma 3 Launcher
2016-10-19 22:52 - 2016-04-02 14:33 - 00000000 ____D C:\Users\USER\Documents\Arma 3 - Other Profiles
2016-10-19 22:45 - 2016-02-18 22:35 - 00000000 ____D C:\Users\USER\AppData\Local\Arma 3
2016-10-19 22:33 - 2015-01-09 17:34 - 00000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
2016-10-19 22:24 - 2015-08-31 10:23 - 00000000 ____D C:\Users\USER\Desktop\games
2016-10-19 21:57 - 2016-05-12 23:16 - 00000000 ____D C:\Users\USER\Desktop\Forgotten
2016-10-19 17:56 - 2016-02-18 23:25 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2016-10-19 16:08 - 2015-11-20 01:22 - 00001565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-10-17 20:25 - 2015-01-06 09:51 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2016-10-17 18:45 - 2015-01-06 09:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-17 18:45 - 2015-01-06 09:50 - 00000000 ____D C:\ProgramData\Skype
2016-10-15 14:21 - 2015-08-07 16:17 - 00007619 _____ C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2016-10-15 13:48 - 2015-01-09 17:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-15 13:35 - 2016-02-01 17:33 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru
2016-10-15 13:35 - 2016-01-16 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2016-10-14 22:07 - 2015-07-25 18:29 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D9623AFE-22E8-4078-BFC6-F373C3413647}
2016-10-13 18:32 - 2016-09-02 19:03 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-10-12 21:00 - 2015-09-12 13:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-12 21:00 - 2012-10-29 09:31 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-12 21:00 - 2012-10-29 09:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-12 21:00 - 2012-10-29 09:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-12 21:00 - 2012-10-29 09:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-09 18:11 - 2016-05-19 17:51 - 00000000 ____D C:\Users\USER\Desktop\Arma ~
2016-10-08 13:35 - 2015-01-21 18:15 - 00000000 ___RD C:\Users\USER\Desktop\Languges
2016-10-08 13:27 - 2015-05-24 20:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-07 22:48 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-06 23:06 - 2016-06-14 19:21 - 00000000 ____D C:\Program Files (x86)\A3Launcher
2016-10-06 23:03 - 2016-06-29 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2016-10-06 22:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-10-06 22:29 - 2015-01-06 00:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-06 22:28 - 2015-01-06 00:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-06 22:28 - 2015-01-06 00:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-06 18:15 - 2009-07-14 06:20 - 00000000 __RSD C:\Windows\Media
2016-10-06 16:59 - 2015-01-09 17:44 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-05 20:21 - 2015-03-20 20:50 - 00000000 ____D C:\SUPERDelete
2016-10-05 20:21 - 2012-10-28 16:44 - 00000000 ____D C:\Program Files (x86)\DivX
2016-10-05 20:21 - 2012-10-28 16:42 - 00000000 ____D C:\ProgramData\DivX
2016-10-05 20:20 - 2015-07-20 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-10-05 20:20 - 2012-10-28 16:46 - 00000000 ____D C:\Users\USER\AppData\Roaming\DivX
2016-10-05 19:58 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-03 11:28 - 2015-01-06 00:32 - 00000000 ____D C:\Users\USER\AppData\Local\NVIDIA Corporation
2016-10-01 14:24 - 2015-01-06 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-01 14:13 - 2015-01-06 00:32 - 00000000 ____D C:\Users\USER\AppData\Local\NVIDIA
2016-10-01 11:24 - 2016-03-26 20:26 - 00000000 ____D C:\Users\USER\AppData\Local\AltisLifeUKLauncher
2016-10-01 00:19 - 2015-01-06 00:14 - 00002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-29 15:35 - 2009-07-14 08:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-27 19:28 - 2015-01-09 18:49 - 00000000 ____D C:\Users\USER\Documents\My Games
2016-09-25 16:14 - 2015-07-24 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-24 17:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-09-22 15:39 - 2016-09-02 19:02 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
 
==================== Files in the root of some directories =======
 
2016-05-11 13:04 - 2016-05-11 13:04 - 6748160 _____ () C:\Program Files (x86)\GUT5438.tmp
2015-01-24 21:15 - 2015-01-24 21:15 - 0000046 _____ () C:\Users\USER\AppData\Roaming\Camdata.ini
2015-01-24 21:15 - 2015-01-24 21:15 - 0000408 _____ () C:\Users\USER\AppData\Roaming\CamLayout.ini
2015-01-24 21:15 - 2015-01-24 21:15 - 0000408 _____ () C:\Users\USER\AppData\Roaming\CamShapes.ini
2015-01-24 21:15 - 2015-01-24 21:15 - 0004535 _____ () C:\Users\USER\AppData\Roaming\CamStudio.cfg
2015-05-26 18:26 - 2015-05-26 18:46 - 0000099 _____ () C:\Users\USER\AppData\Roaming\LauncherSettings_live.cfg
2015-01-11 18:06 - 2015-01-11 18:56 - 0000073 _____ () C:\Users\USER\AppData\Roaming\MinecraftLog.txt
2015-05-26 18:27 - 2015-05-26 18:27 - 0000039 _____ () C:\Users\USER\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-01-24 21:15 - 2015-01-24 21:15 - 0000096 _____ () C:\Users\USER\AppData\Roaming\version2.xml
2015-11-24 20:34 - 2015-11-24 20:34 - 0003584 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-30 20:29 - 2015-08-30 20:29 - 0000000 ___SH () C:\Users\USER\AppData\Local\LumaEmu
2015-08-07 16:17 - 2016-10-15 14:21 - 0007619 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\USER\AppData\Local\Temp\jre-8u111-windows-au.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2016-10-15 15:51
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by USER (21-10-2016 12:59:19)
Running from C:\Users\USER\Desktop\FArber
Windows 7 Ultimate Service Pack 1 (X64) (2012-10-28 21:55:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1949633235-3253496934-901557982-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1949633235-3253496934-901557982-1002 - Limited - Enabled)
Guest (S-1-5-21-1949633235-3253496934-901557982-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1949633235-3253496934-901557982-1004 - Limited - Enabled)
USER (S-1-5-21-1949633235-3253496934-901557982-1000 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
A3Launcher version 0.1.2.9 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.2.9 - Maca134)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Apple Application Support‏ (64 סיביות) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Souls Prepare to Die Edition version 1.0.2.0 (HKLM-x32\...\Dark Souls Prepare to Die Edition_is1) (Version: 1.0.2.0 - Mr DJ)
Dead Bits (HKLM-x32\...\Steam App 303390) (Version: - Microblast Games)
Defy Gravity (HKLM\...\Steam App 96100) (Version: - Paul Fisch)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.92 - DivX, LLC)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EXPERTool v9.7 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 9.7.0.1 - Gainward Co. Ltd.)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth (HKLM-x32\...\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}) (Version: 7.1.7.2600 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software)
I A F (HKLM-x32\...\I A F) (Version: - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel A/V Codecs V2.0 (HKLM-x32\...\CodInstl) (Version: - )
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.2.0.4 - GOG.com)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.519 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.519 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapleRoyals version 10.1.2 (HKLM-x32\...\{F4D5EE65-CE54-41A5-804D-428D19987D76}_is1) (Version: 10.1.2 - MapleRoyals)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 ‏(עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Nero 9 Essentials (HKLM-x32\...\{d0b6f537-fe10-49e3-b052-b187c143deb5}) (Version: - Nero AG)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.99.9.0 - Overwolf Ltd.)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
Realms of the Haunting (HKLM-x32\...\Steam App 292390) (Version: - Gremlin Interactive)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.68.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25422 - Microsoft Corporation) Hidden
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.0) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.0 - SteelSeries ApS)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
Thomas Was Alone (HKLM-x32\...\Thomas Was Alone_is1) (Version: 2.0.0.0 - )
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.35.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Unreal Development Kit: 2015-01 (HKLM\...\UDK-e6f1826c-a214-489e-a3a2-0387120a628f) (Version: - Epic Games, Inc.)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25422 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25422 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
תמיכה ביישומים של Apple‏ (32 סיביות) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F9C555C-5943-4441-AE56-F64B404769CE} - System32\Tasks\{75565A88-B287-4B7A-BCAD-E0632DBAC08E} => pcalua.exe -a "C:\Program Files (x86)\NightSoulMS\Uninstal.exe"
Task: {2C18A3D7-43B7-4581-AFCA-FF908F9DC000} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-02] (AVAST Software)
Task: {326BAE76-519C-4C7B-A093-CFC602DFE942} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {3FC6596E-2230-4946-A0DF-32095505730E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {482C7B43-F90B-4FA3-B164-7D9B0687BFF2} - System32\Tasks\{EA7A6E4B-1D70-43B8-87FF-D6C5B6EB0801} => C:\Users\USER\Desktop\TechnicLauncher.exe [2016-07-27] ()
Task: {4B4E5C90-789E-4252-A3A1-0DB8B468D30E} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-08-29] (DivX, LLC)
Task: {558AFF85-5583-4A8A-9294-493F7E605152} - System32\Tasks\{B7399B3A-0CCD-4CEF-9EDB-226C8AC8C1E1} => pcalua.exe -a C:\Windows\iun6002ev.exe -c "C:\Users\USER\Desktop\Cracked\San Andreas Mod Installer\irunin.ini" <==== ATTENTION
Task: {584E716E-DF96-44C9-8E58-2D1AF33ACFE1} - System32\Tasks\{2007FBC9-81EB-4D49-875D-468F22899CE9} => C:\Users\USER\Desktop\TechnicLauncher.exe [2016-07-27] ()
Task: {6E0F68DE-E92D-411F-8F58-CEA7BC6D4102} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {8235E948-36EC-4D81-BF5A-AC03DEDF2358} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {86905595-41DB-478E-AD0F-674269665E7C} - System32\Tasks\{48544739-ED4E-4506-AAEB-48B6240B0A38} => C:\Users\USER\Desktop\TechnicLauncher.exe [2016-07-27] ()
Task: {949D7508-3B13-42AB-A544-4B531307E096} - System32\Tasks\{70AA94DF-76C0-41E3-9EF5-0493CC946EFA} => pcalua.exe -a C:\Users\USER\Desktop\forge-1.7.10-10.13.4.1558-1.7.10-installer-win.exe -d C:\Users\USER\Desktop
Task: {9609D9A5-6DC1-4C4F-9398-570D0809CF7C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {9746941B-3836-49A4-A9DE-F11684F20F48} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {ACB31DAA-B6DB-4302-9166-1797F1F5CEC3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {B05B098A-6441-4011-812C-7268AAA2EA36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B2C50500-3F5A-43F6-BA43-52D5F91F6ACC} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-09-27] (Overwolf LTD)
Task: {B3BB3F37-7502-4EF6-81F8-74B53D86FC8D} - System32\Tasks\{EDAB6FB4-44C0-40D9-8485-62632AC1F9B4} => Firefox.exe hxxp://ui.skype.com/ui/0/7.16.85.102/en/abandoninstall?page=tsProgressBar
Task: {C324A8AC-7A2E-4523-A124-E5F9F474D591} - System32\Tasks\SessionAgent => C:\windows\gdp32.exe
Task: {C6888C10-6735-4ECB-AA01-633CA8765158} - System32\Tasks\EXPERTool => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2014-10-17] (Gainward Co. Ltd.)
Task: {C6F52ACD-08DA-41F7-853E-31730637823F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {D175E9AC-A5F5-48A2-9368-A839761CAE7F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {D80A7E12-4D21-48F6-A841-D1BDA60C6985} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D9E9BF2B-EE98-4D50-843D-8E5B718EFC18} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-09-02] (AVAST Software)
Task: {DB70AD50-2DA7-48FA-94C6-987C526651BE} - System32\Tasks\AdobeAAMUpdater-1.0-USER-PC-USER => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {E2422515-E8E1-43D5-8575-AD056A13BE5D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2009-07-14] (Microsoft Corporation)
Task: {E6E5EF45-84A1-4CEF-BBD0-DB2F654CA3A1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F1373E55-55FE-45D9-BCAB-3BC6EEF8763B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FC2171C4-9E9E-4E73-A77D-FD204CAD23C8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\USER\Desktop\games\Counter-Strike 1.6 Original\cstrike\FAQ.lnk -> C:\Games\Counter-Strike 1.6 Original\FAQ.bat (No File)

ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-01-06 00:31 - 2016-09-17 01:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-01 14:07 - 2016-09-30 07:24 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-01 14:07 - 2016-09-30 07:24 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-01 14:07 - 2016-09-30 07:24 - 00418240 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2015-10-07 14:37 - 2016-07-07 22:58 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-06-30 11:23 - 2016-06-30 11:23 - 00592384 _____ () C:\Users\USER\AppData\Local\MEGAsync\ShellExtX64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-10-29 10:24 - 2005-06-07 13:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-06 22:28 - 2016-09-30 07:24 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\nvstreamsrv\boost_system-vc120-mt-1_58.dll
2016-10-06 22:28 - 2016-09-30 07:24 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\nvstreamsrv\boost_regex-vc120-mt-1_58.dll
2016-09-02 19:02 - 2016-09-02 19:02 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-21 12:48 - 2016-10-21 12:48 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16102001\algo.dll
2016-09-02 19:02 - 2016-09-02 19:02 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-03-30 20:29 - 2016-09-30 07:24 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-01-10 19:33 - 2016-09-08 06:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-24 13:49 - 2016-09-01 04:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-24 13:49 - 2016-09-01 04:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-24 13:49 - 2016-09-01 04:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-10 19:33 - 2016-10-13 04:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-10 19:32 - 2016-01-27 10:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-10 19:32 - 2016-01-27 10:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-10 19:32 - 2016-01-27 10:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-10 19:32 - 2016-01-27 10:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-10 19:32 - 2016-01-27 10:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-10 19:33 - 2016-10-13 04:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 14:51 - 2016-07-05 01:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-01 14:07 - 2016-09-29 20:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-01 14:07 - 2016-09-29 20:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-01 14:07 - 2016-09-29 20:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-01 14:07 - 2016-09-29 20:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-01 14:07 - 2016-09-29 20:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-01 14:07 - 2016-09-29 20:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-01 14:07 - 2016-09-29 20:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-09-02 19:02 - 2016-09-02 19:02 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-10-01 14:07 - 2016-09-30 07:23 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-06-30 14:24 - 2016-06-30 14:24 - 00564224 _____ () C:\Users\USER\AppData\Local\MEGAsync\ShellExtX32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-10-01 00:19 - 2016-09-25 06:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-01 00:19 - 2016-09-25 06:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
2016-10-14 18:04 - 2016-08-04 23:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1949633235-3253496934-901557982-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2015-11-20 01:11 - 00001083 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1949633235-3253496934-901557982-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.57.2.5 - 213.57.22.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NexonUp.vbs => C:\Windows\pss\NexonUp.vbs.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8A7E6591-96D0-4DB0-98E3-EAF40BEE8B99}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{93540255-2B2B-433E-8256-7344A8AB8775}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{E92032A4-F50A-4A69-910B-E8809F12EE89}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{BCCA5963-99A1-47E3-A329-6D687F4218C9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DC650DB5-CFD6-45CB-8EBB-7C3A89EAF859}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{449C4E85-C4AB-4FE6-A693-AB23AAFE1DE1}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{CA854880-C4F2-4A3D-8FCF-4870B3DDBC4A}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{A2E6D04F-58E2-448F-BFB9-CEFD44E648C3}C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\java.exe] => (Allow) C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{9F9F533A-9DCB-4C3E-AF58-1AB44C63E6E6}C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\java.exe] => (Allow) C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{02B5BBE7-095B-435A-9744-BC32593EF4F7}] => (Allow) C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{CB1EE23B-7F3E-4CA2-8841-725F6DD6621D}] => (Allow) C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [TCP Query User{7DE8B4D9-16FE-41A5-ACB7-D653828602DF}C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A71FCEF7-99F3-4E95-AD22-DE90BECD2FA8}C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{0DC98579-141D-464C-B3F9-3F80E85FAF3A}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{C9322840-B2AB-4BEA-BF73-1801D7605AC6}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{2F7FABD6-A581-4B9B-AEFA-83B651D8FC44}C:\users\user\desktop\game files\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\desktop\game files\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{592C0B46-8E0A-4B4F-AC33-C9B4F0EB6311}C:\users\user\desktop\game files\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\desktop\game files\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B0FFC044-945C-4885-81D1-5F08C3500F84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{59439BC1-C3BE-41B3-88EA-2D96B570DEDD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AECA44AF-7BC2-4165-A7E2-9961DE78B364}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4F913B8-0A17-4D12-A6C9-971E1CB803B4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4646708C-9940-4657-BCD6-EAC2982578C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{36A31BB7-D2F9-437C-99F2-D6410B1866D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{5E139446-7B4D-4A57-B436-C8FBE1E5986C}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{51AB43D5-580A-4518-8B1F-C32E4ABF3F0E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{56CE7BEB-52EB-42B0-A045-2C8182F51C3B}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1423BB1D-75E6-41FE-A07E-E707CF36EDE5}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3CBEC868-4D0C-49D3-98AA-0418034EFCCE}C:\users\user\desktop\game files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\desktop\game files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0986BF87-8960-412E-A90A-FF2AAA9CD767}C:\users\user\desktop\game files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\desktop\game files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E1B8E4A7-90B8-42AB-AF6B-C9FB31A187EB}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{3239984A-81BB-4370-BDCF-AABC5C843F15}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{6930D298-E3E9-492C-8BB9-2882845997C1}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{3911D025-DAC3-4DBD-A908-84E9D4CD3080}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{A8E29FF4-03CB-4017-8DCD-8E22276C9A4B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AC65D07E-2021-4A48-BED7-E872FECB3021}] => (Allow) LPort=2869
FirewallRules: [{E910E13E-6DF5-4F6D-986E-0AFEB1D1B682}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{AFF02812-E328-41B4-879B-6418ED7A1E9E}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\ige_wpf64.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\ige_wpf64.exe
FirewallRules: [UDP Query User{E47CBC0B-93BD-4A35-B992-2BB74142C2ED}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\ige_wpf64.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\ige_wpf64.exe
FirewallRules: [TCP Query User{40E3D665-9BCC-4A34-8168-411AB41F5197}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{1042AE96-5694-4C66-8474-F96D519C078B}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{36C208EA-8FD6-4365-9AF6-4AA818088BE0}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{6988B4F3-9C74-41A7-AFAF-F110AB35FF22}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{245B07AE-F4F4-48FC-B03D-F3D0B0C9502B}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{0EBB723A-E6E7-4FBB-8B78-CC55209C0DDB}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{CF91ED7E-6B6B-4492-BE41-E4686981DC7B}C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe] => (Block) C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe
FirewallRules: [UDP Query User{6024ED9C-591F-4694-9A44-2E6DAB5E22F9}C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe] => (Block) C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe
FirewallRules: [{7C812C5E-882C-4EF9-A863-BDC5529C4AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{0E3FD2E5-A5E8-4DCF-A8C0-DCEAD3C4B360}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [TCP Query User{02242A5D-368F-48D4-A4E0-8233AA1A4272}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [UDP Query User{A97F1253-2080-46CB-B6B1-A99CF4323371}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{DA66ADB6-3F43-432C-B114-83BF1A1C3439}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{79EE74AB-3EF3-4552-96B5-5753CD0EB244}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5249537F-891D-4492-A6A5-CE1F96E40E1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9CB8C6D1-662B-4094-A247-5F733901F7AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{159D277F-2C0E-4525-9F68-E07B920D6608}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8A259799-574B-4B9B-B698-DC836F46E057}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE383DDF-11FC-44C1-8E32-0505E8D8B9BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{06C2ED6B-CDF3-4191-B076-36AE25274752}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{9A72E125-FB28-47D2-BCB5-783BABDCD92F}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{CFDACEC7-543F-44C1-92A6-BFFE6509AB42}C:\users\user\desktop\soundwire server\soundwireserver.exe] => (Allow) C:\users\user\desktop\soundwire server\soundwireserver.exe
FirewallRules: [UDP Query User{B864973B-774A-4FBE-B0AB-D88C41B8F45F}C:\users\user\desktop\soundwire server\soundwireserver.exe] => (Allow) C:\users\user\desktop\soundwire server\soundwireserver.exe
FirewallRules: [TCP Query User{311199F6-5D10-4A7E-BB57-73D9533AAD14}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{DD7134C7-76FF-486B-9DE9-E12785065952}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{848E0D60-4A50-48A0-849C-92EDF1B90E5F}C:\program files (x86)\counter strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{B7C078F5-791A-441B-9ACF-5C1A92678DBA}C:\program files (x86)\counter strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter strike 1.6\hl.exe
FirewallRules: [TCP Query User{99D7E021-5821-4A28-A6B5-A32309C2154C}C:\users\user\desktop\maplestory privet server\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\users\user\desktop\maplestory privet server\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{96AB2B79-BAF6-4076-9AED-7F2CE00E82DF}C:\users\user\desktop\maplestory privet server\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\users\user\desktop\maplestory privet server\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{ADCF8E91-8DB6-4354-A6EC-16794AF3CA1C}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{32C723BA-71BD-4DA7-B2E4-C58B10C14E1B}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{26D8EA34-C2F0-45D0-8E2F-CC3E61EAEADB}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [UDP Query User{49E16597-FD93-42D7-A11A-21B49A002596}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{D37B51B2-CD3A-403B-A331-F2B111D6CB2E}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{AEC5B9FF-BB8A-4B58-B1FD-01500880DC33}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{86597642-8DC9-41AB-AAD1-CD66398524DB}C:\users\user\desktop\tools\soundwire server\soundwireserver.exe] => (Allow) C:\users\user\desktop\tools\soundwire server\soundwireserver.exe
FirewallRules: [UDP Query User{71864ECD-5312-46B2-B986-0A9EFC7DF7FE}C:\users\user\desktop\tools\soundwire server\soundwireserver.exe] => (Allow) C:\users\user\desktop\tools\soundwire server\soundwireserver.exe
FirewallRules: [TCP Query User{E07C4921-E974-4534-B62D-4096DBFFE204}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{A8090610-CF9F-4AD6-9812-2F01CCDBAF9E}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{466BEFB0-16A4-45C2-8AB3-DEA498D1D430}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{9353AC12-CB6D-4F63-A5F2-F50D74DE4904}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [TCP Query User{70A1F8EE-7A93-4176-AF3D-27ACFCE707EF}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{263075D4-30BC-4FD0-921E-6D51DBBFA075}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{23648D4F-84AB-4DAE-AFA5-0115147832CA}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{7E6B1EC7-7F2E-4783-AF62-F88B2C0F2030}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{D0C6DE2D-FB97-4B0E-9E28-126CA6F92A3D}C:\users\user\desktop\internet explorer\game\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\user\desktop\internet explorer\game\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8C9D2E4A-1496-4CBA-B056-59A8BF5D35AC}C:\users\user\desktop\internet explorer\game\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\user\desktop\internet explorer\game\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{67AE327A-A9F8-4C61-9226-1E126DA986A1}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{E01C6B0C-CA2D-4090-80C1-E947D1D826B7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{5F4E813C-6D12-4ED7-8756-847F049F8B13}C:\program files\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\java.exe
FirewallRules: [UDP Query User{0E6DC940-0626-48EC-A352-6B97B9AC03D5}C:\program files\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\java.exe
FirewallRules: [{C6684947-4041-4ADC-9836-4E624CD2450C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D62C921-18F6-4137-ACE7-BCFD8CF99D42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4233CF85-0B01-4B4E-A222-B7905D78F122}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base38793\HeroesOfTheStorm_x64.exe
FirewallRules: [{D85D6DE6-E762-4704-9D86-3876F466D9F8}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base38793\HeroesOfTheStorm_x64.exe
FirewallRules: [TCP Query User{6684A4BD-5300-4C99-97E6-BE881DDA606B}C:\users\user\desktop\cracked\gunz freestyle\gunz.exe] => (Block) C:\users\user\desktop\cracked\gunz freestyle\gunz.exe
FirewallRules: [UDP Query User{53BA0AFE-DFEB-4C5D-A9FD-2585D1A8DEDA}C:\users\user\desktop\cracked\gunz freestyle\gunz.exe] => (Block) C:\users\user\desktop\cracked\gunz freestyle\gunz.exe
FirewallRules: [{5F15509C-0A32-46DC-9BA7-35A696EF11E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{CA069645-96DD-4308-9CF0-8986A3B662A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B024E566-4CFE-4FAE-858D-48AE2F65129C}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{1B340FE5-B89E-48DD-9F06-12015B921BB5}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{2DC1A643-E863-4DCB-997E-106AF12CAB87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04942F0E-5FC1-4550-A321-BE562FE37731}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EDFFC36A-6A73-4246-B39A-ECB5461BFB9F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5821BF4-EAB4-4BF3-A0E4-36241D728079}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4225382D-1D67-4C84-BF7D-4630FE824722}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{FF94307B-DA52-483A-B54A-2B284F01FF38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{E92BD0C0-9463-4525-9257-3D2A0B5490CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{0FCC9DF6-9D90-48ED-BC07-97083C06DBB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [TCP Query User{54DE0637-F0A4-4F07-AFAF-E63268FD01C1}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A7A02E76-CA7E-4073-B1BF-193DA9758555}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [{67396E45-AF42-46F3-B846-0EDED0821DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realms of the Haunting\DOSBOX\DOSBox.exe
FirewallRules: [{6321AD6E-84FE-45A3-8CD3-68175D190A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realms of the Haunting\DOSBOX\DOSBox.exe
FirewallRules: [{52F40C56-6126-4021-B3C0-2975ACF00000}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Bits\Dead Bits.exe
FirewallRules: [{D12BC842-926E-402E-B1F4-2EB4394BF131}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Bits\Dead Bits.exe
FirewallRules: [{E8964198-0000-4154-B407-CB8A6A0DE86F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{BE0B80CA-BC1B-402D-9B3A-4C582CCEC8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{6791894D-1FCE-47E0-BB33-0B85D800B293}C:\users\user\desktop\cracked\counter-strike 1.6 original\hl.exe] => (Allow) C:\users\user\desktop\cracked\counter-strike 1.6 original\hl.exe
FirewallRules: [UDP Query User{44473CB2-BB9C-4457-B0F8-CA11D7A48347}C:\users\user\desktop\cracked\counter-strike 1.6 original\hl.exe] => (Allow) C:\users\user\desktop\cracked\counter-strike 1.6 original\hl.exe
FirewallRules: [{13E768ED-624F-4DE8-8A73-E6610B4B17F0}] => (Block) C:\users\user\desktop\cracked\counter-strike 1.6 original\hl.exe
FirewallRules: [{37770AF1-C2EE-4885-A373-24A37739454E}] => (Block) C:\users\user\desktop\cracked\counter-strike 1.6 original\hl.exe
FirewallRules: [TCP Query User{3FA8B230-CD84-400D-BAE5-69D223315D71}C:\users\user\desktop\cracked\arma 3\arma3.exe] => (Block) C:\users\user\desktop\cracked\arma 3\arma3.exe
FirewallRules: [UDP Query User{7019B7BD-61B4-4D26-8887-E8B22B978428}C:\users\user\desktop\cracked\arma 3\arma3.exe] => (Block) C:\users\user\desktop\cracked\arma 3\arma3.exe
FirewallRules: [TCP Query User{DF0F8A5C-164A-4B39-B28E-0B760F870934}C:\users\user\desktop\cracked\stranded deep v0.10.h2\stranded_deep_x64.exe] => (Block) C:\users\user\desktop\cracked\stranded deep v0.10.h2\stranded_deep_x64.exe
FirewallRules: [UDP Query User{B5F9F1E4-D935-496B-BF96-D05DA777AE14}C:\users\user\desktop\cracked\stranded deep v0.10.h2\stranded_deep_x64.exe] => (Block) C:\users\user\desktop\cracked\stranded deep v0.10.h2\stranded_deep_x64.exe
FirewallRules: [{2D6F8EDC-7C43-48F3-8C02-79AD9F5CD6DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8F1A3CD2-E2F9-48EB-835B-9DE7DAB0E1F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{85499574-48CA-4E4F-BC90-BAB0701D0A47}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{76CAD18A-1EAD-44AB-A0D0-9817A172E84B}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{CE6BBA43-64CA-4373-9871-35FA5D6AEFA7}] => (Block) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{41EFB5AA-36E5-4940-BAD5-5004DDE4D7ED}] => (Block) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [TCP Query User{1781C5FE-EC4C-4853-877E-AE7C77478AFF}C:\users\user\appdata\local\temp\i1458396836\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\temp\i1458396836\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B3BB3CDD-959A-4AEB-919B-62E19A260EB8}C:\users\user\appdata\local\temp\i1458396836\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\temp\i1458396836\windows\resource\jre\bin\javaw.exe
FirewallRules: [{5A71F84F-CD28-47E7-BE2E-D94A9E49D25E}] => (Block) C:\users\user\appdata\local\temp\i1458396836\windows\resource\jre\bin\javaw.exe
FirewallRules: [{F63FEA26-3E40-49E7-9CAC-426A4F7811BE}] => (Block) C:\users\user\appdata\local\temp\i1458396836\windows\resource\jre\bin\javaw.exe
FirewallRules: [{D1999773-38D7-44FD-85D3-33C457611015}] => (Allow) C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [{7662BD07-366B-4D22-A6D1-588F65F4AE90}] => (Allow) C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [{8A47AA81-A0BC-48BC-A238-1B8476D05AFC}] => (Allow) C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [{BA1097E7-3BAA-446B-B3CE-B1352B03D2DC}] => (Allow) C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [TCP Query User{49B21F98-F8DC-4E12-8A51-07CF13705894}C:\users\user\desktop\cracked\the long dark\tld.exe] => (Block) C:\users\user\desktop\cracked\the long dark\tld.exe
FirewallRules: [UDP Query User{513A753D-1A92-4F84-B0DD-1C51A1933519}C:\users\user\desktop\cracked\the long dark\tld.exe] => (Block) C:\users\user\desktop\cracked\the long dark\tld.exe
FirewallRules: [TCP Query User{10E202C5-DF45-4551-AB0D-06502E801D9F}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{F9BBEAC9-727A-4367-9F73-CE0E07057B32}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{4B729552-F086-4C70-B760-4A9568EF7E18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{0183C721-A3C2-431F-B310-73DAEBE70BE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{57FF1631-566A-4F58-ABEA-4912F5BE7587}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{B32988D2-F96D-4320-B2EF-30647E9FD9B7}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{706EBA28-010F-4416-B328-67CCB8AD2CA6}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{FF09F0CA-699B-4F77-A287-F79E18EAC581}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{9DCE7896-EE9F-4485-A97D-DB243D988620}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{C914ACD4-B181-49A4-A7AF-509E773597EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [TCP Query User{F4946275-3CD7-4689-A38B-448674E2833C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DCBBEC0D-F120-4436-8BE0-BBDEFC157FB1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6330FE6A-2AED-4DD0-813F-616C8A27AB80}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{87BC4F67-BB5D-40FA-9143-88750A8C0DE4}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{FA59A4AE-20A7-4444-8022-75C7F61DF384}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{A5EC8B0A-0120-4024-B3BA-CE770EAFD74B}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{503D4EB0-6957-4824-A5A9-9C984FA7ED11}] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{1F411F7A-A666-40B0-92ED-FCCEBE9D5592}] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{B773B8A7-81FB-4E1D-86E1-F1EF7376DF8F}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{272BCD93-468F-4ABF-AD19-A584032B3D53}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{87D1EDB1-88A4-4D7D-9CEF-1C5502FCEC63}] => (Block) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{3B763FC0-6486-4AC6-9042-87C8D4DCC207}] => (Block) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [TCP Query User{CC4092D1-E837-422C-8192-73DD93D9BA2A}C:\users\user\desktop\games\the long dark\tld.exe] => (Block) C:\users\user\desktop\games\the long dark\tld.exe
FirewallRules: [UDP Query User{A8993816-233B-4940-9BBA-6453A6F0EB04}C:\users\user\desktop\games\the long dark\tld.exe] => (Block) C:\users\user\desktop\games\the long dark\tld.exe
FirewallRules: [{F3DBBF9F-F336-4455-B90A-7A166454C671}] => (Allow) C:\Program Files (x86)\MapleRoyals\MapleRoyals.exe
FirewallRules: [{23861232-1C26-4231-BEDA-C8B4A49B0D8D}] => (Allow) C:\Program Files (x86)\MapleRoyals\MapleRoyals.exe
FirewallRules: [{21A6CB56-4C45-481F-B478-CFF8CDEAA788}] => (Allow) C:\Program Files (x86)\MapleRoyals\MapleRoyals.exe
FirewallRules: [{21C0F5D8-3474-4023-A86F-F0191F41CBF7}] => (Allow) C:\Program Files (x86)\MapleRoyals\MapleRoyals.exe
FirewallRules: [{2D463E6F-A902-41B7-AA27-96DC5804AE95}] => (Allow) C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{655881C9-BC53-4E3F-94B7-67309507DD9E}] => (Allow) C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{813D1988-03D4-45A4-8980-65E236EB42AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1946B995-28E0-4166-B06B-AE82529C9DA7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{70B62020-30BD-424D-A595-EAAED4BCC64E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7E13C527-7E6F-435D-BE0D-0448E2D0F999}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3087BDEF-7777-4A97-B446-93D3511E3013}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{0DE6B5F5-6F18-40B3-8D95-D41F7B5C3D05}C:\users\user\appdata\local\temp\rar$ex02.554\sfs2x\sfs2x-standalone.exe] => (Allow) C:\users\user\appdata\local\temp\rar$ex02.554\sfs2x\sfs2x-standalone.exe
FirewallRules: [UDP Query User{8D0E787A-F420-4016-AB02-5F867B529078}C:\users\user\appdata\local\temp\rar$ex02.554\sfs2x\sfs2x-standalone.exe] => (Allow) C:\users\user\appdata\local\temp\rar$ex02.554\sfs2x\sfs2x-standalone.exe
FirewallRules: [{5ABAE9D4-C45B-4F9A-9070-94464DE895F1}] => (Block) C:\users\user\appdata\local\temp\rar$ex02.554\sfs2x\sfs2x-standalone.exe
FirewallRules: [{53746A08-55D8-4159-823E-323FDD980889}] => (Block) C:\users\user\appdata\local\temp\rar$ex02.554\sfs2x\sfs2x-standalone.exe
FirewallRules: [{C3DDED7E-9D8E-4E59-AF40-63FA939CA337}] => (Allow) C:\Users\USER\Desktop\games\The Elder Scrolls V Skyrim\SkyrimLauncher.exe
FirewallRules: [{2BA80B55-D552-4CE8-B4EF-2C42996D35ED}] => (Allow) C:\Users\USER\Desktop\games\The Elder Scrolls V Skyrim\SkyrimLauncher.exe
FirewallRules: [{BCB16524-24E4-4685-8C25-22F14BD88711}] => (Allow) C:\Users\USER\Desktop\games\Dark Souls Prepare to Die Edition\DARKSOULS.exe
FirewallRules: [{D7D1D018-C014-43F8-9753-6FED2AE5F795}] => (Allow) C:\Users\USER\Desktop\games\Dark Souls Prepare to Die Edition\DARKSOULS.exe
FirewallRules: [{D4692876-338A-412E-90FF-495894C4FC41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defy Gravity\DefyGravity.exe
FirewallRules: [{81BB87AA-6E46-42B3-96C9-0C0215013C2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defy Gravity\DefyGravity.exe
FirewallRules: [TCP Query User{84E4389A-5FC3-4BEB-868B-1053641E0986}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{225EA294-6EAC-4C8B-8A38-83261520FAF8}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [{DCDCC806-6BA6-442E-B454-45D5D38A9CAE}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [{5004F963-328E-4C29-83D4-899FBD843A99}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [{8B445BC4-A2E9-44CD-A247-6E928A03E5EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{696B0058-B5EB-4779-ACEA-97B59C565ABC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{DA7E419D-65F2-438B-A302-9E56BE6E5C06}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AA36B24F-7DBF-4F17-9ACA-82C7545213F0}] => (Allow) C:\Users\USER\Desktop\games\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{B91D424E-6EE4-41B0-8F5A-D47E71BE389B}] => (Allow) C:\Users\USER\Desktop\games\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{02ABD701-BA35-42EE-A8A4-7B49ABBF184B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-10-2016 16:58:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2016 12:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 06:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 02:21:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2016 09:00:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2016 05:56:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Exception code: 0xc0000005
Fault offset: 0x00037b59
Faulting process id: 0x1984
Faulting application start time: 0x01d229fcc6e5c11b
Faulting application path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Faulting module path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Report Id: 35b350b6-960c-11e6-9db3-d05099378265

Error: (10/19/2016 02:33:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2016 07:22:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2016 12:46:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2016 06:38:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/16/2016 04:22:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname USER-PC.local already in use; will try USER-PC-2.local instead


System errors:
=============
Error: (10/21/2016 12:48:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/21/2016 12:48:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

Error: (10/20/2016 06:40:01 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ADMINISTRATOR
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D458749-D74D-4CA3-9870-7D5D79CC637F}.
The master browser is stopping or an election is being forced.

Error: (10/20/2016 03:38:32 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/20/2016 02:55:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Error: (10/20/2016 02:40:45 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ךמכƒ-ןך
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D458749-D74D-4CA3-9870-7D5D79CC637F}.
The master browser is stopping or an election is being forced.

Error: (10/20/2016 02:20:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/20/2016 02:20:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

Error: (10/19/2016 09:00:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.13.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/19/2016 09:00:02 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{72A18083-72C2-45FC-A7FE-BB5B73555BC9} because another computer on the network has the same name. The server could not start.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 37%
Total physical RAM: 8130.39 MB
Available physical RAM: 5059.43 MB
Total Virtual: 16258.97 MB
Available Virtual: 12693.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.43 GB) (Free:564.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E9ECDA07)
Partition 1: (Active) - (Size=78 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 25 October 2016 - 02:08 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:35 PM

Posted 25 October 2016 - 08:53 AM

Greetings unfriendlykeyboard and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 unfriendlykeyboard

unfriendlykeyboard
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 October 2016 - 01:02 PM

Hello there thank you for responding to my post (:



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:35 PM

Posted 25 October 2016 - 02:22 PM

Greetings and thank you for your patience.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Adobe Premiere Pro CC 2015 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:35 PM

Posted 30 October 2016 - 09:10 AM

User PM'd me saying issue was resolved.

Edited by Oh My!, 30 October 2016 - 09:12 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:35 PM

Posted 30 October 2016 - 09:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users