Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.bot logs


  • Please log in to reply
26 replies to this topic

#1 nulgathlarva123

nulgathlarva123

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 11 November 2016 - 03:11 PM

Hi, sorry if I was meant to attach the .txt or something. Anyway, here's the addition.txt FRST generated.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by nulgathlarva123 (11-11-2016 16:09:28)
Running from C:\Users\nulgathlarva123\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-17 13:55:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3075780754-812217710-2540179311-500 - Administrator - Disabled)
Guest (S-1-5-21-3075780754-812217710-2540179311-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3075780754-812217710-2540179311-1006 - Limited - Enabled)
nulgathlarva123 (S-1-5-21-3075780754-812217710-2540179311-1002 - Administrator - Enabled) => C:\Users\nulgathlarva123
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark Demo (HKLM-x32\...\Steam App 231350) (Version:  - Futuremark)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
Akamai NetSession Interface (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.13.0 - Asmedia Technology)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.1.0 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.23.03 (HKLM\...\AutoHotkey) (Version: 1.1.23.03 - Lexikos)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.0.834 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Block N Load (HKLM\...\Steam App 299360) (Version:  - Jagex)
Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)
BlueStacks App Player (HKLM-x32\...\{2A19A03A-A339-4697-99A4-EBA3D035D41A}) (Version: 2.2.19.6015 - BlueStack Systems, Inc.)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarkComet Remover version 2.0 (HKLM-x32\...\DarkComet Remover_is1) (Version: 2.0 - Phrozen ® Software 2013.)
DEFCON Demo (HKLM-x32\...\Steam App 1522) (Version:  - Introversion Software)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Discord (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dying Light (HKLM-x32\...\Dying Light_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Clicker Journey (HKLM\...\Steam App 414730) (Version:  - Cleversan Software)
Fishing Planet (HKLM-x32\...\Steam App 380600) (Version:  - Fishing Planet LLC)
Futuremark SystemInfo (HKLM-x32\...\{185D7B00-8600-4716-A619-D8CBE689974B}) (Version: 4.40.560.0 - Futuremark)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Game Dev Tycoon DEMO version 1.0.1 (HKLM-x32\...\{9B1070C1-D522-4E00-8263-F442422D26CA}_is1) (Version: 1.0.1 - Greenheart Games Pty. Ltd.)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
join.me (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\JoinMe) (Version: 2.15.1.2637 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 2.15.1.2637 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-GB)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{f24de3d2-3f84-484d-81d3-7cc256da4a3f}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.15.828.0 - Hi-Rez Studios)
Pokémon Trading Card Game Online (HKLM-x32\...\{56E3456B-784B-408D-B9FC-F53CD7642149}) (Version: 2.31.0 - The Pokémon Company International)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.5.0 - Popcorn Time) <==== ATTENTION
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.1.5 - Razer Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.1.10.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28129 - Razer Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - )
Resource Hacker Version 4.4.26 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
ROBLOX Player for nulgathlarva123 (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for nulgathlarva123 (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for nulgathlarva123 (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for nulgathlarva123 (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
SetupManual (HKLM-x32\...\{CEDBB2CE-BDD3-4079-A172-2F365119C925}) (Version: 1.0.0.9 - ASUS)
Shakes and Fidget (HKLM-x32\...\Steam App 438040) (Version:  - Playa Games GmbH)
SharpDevelop 4.4 (HKLM-x32\...\{E0535D44-B913-4B51-BEEE-AB81EF53CC34}) (Version: 4.4.9749 - ic#code)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.1.0.3 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C8467D07-8872-4604-BCF2-08E5BE3D8FC1}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
Toribash (HKLM-x32\...\Steam App 248570) (Version:  - Nabi Studios)
Total War: WARHAMMER (HKLM\...\Steam App 364360) (Version:  - Creative Assembly)
Transformice (HKLM-x32\...\Steam App 335240) (Version:  - Atelier 801)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
World of Warships (HKU\S-1-5-21-3075780754-812217710-2540179311-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\nulgathlarva123\AppData\Local\Roblox\Versions\version-161924e8599b4102\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3075780754-812217710-2540179311-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\nulgathlarva123\AppData\Local\Roblox\Versions\version-161924e8599b4102\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3075780754-812217710-2540179311-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B6267DA-27A5-4DC9-8D3F-43EA599FC02A} - System32\Tasks\AdobeAAMUpdater-1.0-MikaelsComputer-nulgathlarva123 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {0DB5361A-C50D-4AFA-9D1B-EBC431E287C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {1D9483DE-ED29-41FC-8771-721815AD8B4A} - System32\Tasks\{B91B5D63-6B33-4C33-81AD-314314E11D7B} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.60.101/en/abandoninstall?page=tsProgressBar
Task: {31B165EF-8853-49F6-B51A-263A59A6A06D} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {541A2771-AED0-4413-A298-0E7E9A1BC4AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {5C98D704-5FD2-4665-87C3-90CB95843AB4} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe
Task: {61061D89-42E6-44C2-A241-D82BAD676560} - System32\Tasks\{3435D12C-DFB2-4B14-BC48-3532D0CFFEBC} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/abandoninstall?page=tsProgressBar
Task: {64AB0E15-E0AD-4220-9B22-771078095C37} - \Dregol tira -> No File <==== ATTENTION
Task: {69739567-325D-4134-97EB-A5E8A728B4B0} - System32\Tasks\{DF89EFFE-CCE4-4061-B6CF-4B2A291770FC} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {6D77F6AF-D919-4862-9500-DF6B84A0386D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {78AF5E41-7E2A-4AD1-9389-59BAAC84F8E5} - System32\Tasks\{398A8803-9587-4528-9754-607929E76B92} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {78D7D20C-A498-4B1C-8D4D-C07B5F5B4198} - System32\Tasks\{18DB82E6-CE4C-4577-83EE-C89A075080F7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {7C6FB0DC-24EE-42CD-8F63-2D9CA00AC1C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {873C088B-0704-4AD4-BDD4-C2A7B40E345D} - System32\Tasks\{1A7B0E37-C084-4DD0-A200-A4C65F156CB8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.0.101/en/abandoninstall?page=tsMain
Task: {88C21E6B-C31E-4BE2-AC02-B25598BA64FF} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe <==== ATTENTION
Task: {A09EC919-D03A-4560-8AC0-6AB4004B64F2} - System32\Tasks\{12054A05-17ED-4E55-8B68-799F5FD5B4FF} => pcalua.exe -a C:\Users\nulgathlarva123\Desktop\Installer.exe -d C:\Users\nulgathlarva123\Desktop
Task: {B3D83A43-E9FD-4227-A665-F9FD06B6D656} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {B6F075C6-6DEC-4F02-8402-70EA5B15373F} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {B9D749A8-48AF-417D-8C0E-2C49F4559E75} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {BB5FC15A-B24E-4C97-8729-41CCE4CB6E1C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-27] (AVAST Software)
Task: {C019CB30-AAF0-41F7-BC9B-857E7EF51032} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C19EEAF9-9835-405B-A905-062EBE05F8CC} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {DE352DD9-9BCE-447B-96D7-0F692EBC0CF5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {EFD755EB-DAF0-4F6A-876C-983094D259F2} - System32\Tasks\{9FFF4781-DD1E-46F7-81DC-826F6BC42502} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.64.105/en/go/help.faq.installer?LastError=1603
Task: {F1FB9286-0C36-472B-B3D8-463257C90D4E} - System32\Tasks\{F6C9951D-0B29-4828-80C5-AABEA596BEDD} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe-RunCheckUpdate C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Setup.lnk -> C:\xampp\xampp_setup.bat (No File)
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Shell.lnk -> C:\xampp\xampp_shell.bat ()
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Uninstall.lnk -> C:\xampp\uninstall_xampp.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-01 22:18 - 2016-04-01 22:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-04-18 20:07 - 2016-06-14 20:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-18 20:07 - 2016-06-14 20:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-18 20:07 - 2016-06-14 20:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-21 21:01 - 2016-06-14 20:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2014-12-10 22:49 - 2015-07-11 19:56 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-04-18 20:07 - 2016-06-14 20:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-18 20:07 - 2016-06-14 20:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-18 20:07 - 2016-06-14 20:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-10 10:19 - 2016-06-14 20:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-18 20:07 - 2016-06-14 20:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-18 20:07 - 2016-06-14 20:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-09-15 15:21 - 2016-08-25 21:10 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 15:23 - 2016-06-14 20:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-06 19:37 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\nulgathlarva123\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 19:37 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\nulgathlarva123\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-09-21 21:23 - 2016-09-21 21:23 - 37444168 ____H () C:\Users\nulgathlarva123\AppData\Local\osu!\osu.dll
2016-09-16 15:03 - 2016-09-21 21:24 - 22287928 ____H () C:\Users\nulgathlarva123\AppData\Local\osu!\osu!ui.dll
2016-09-16 15:03 - 2016-09-21 21:24 - 16405064 ____H () C:\Users\nulgathlarva123\AppData\Local\osu!\osu!gameplay.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-08-27 22:39 - 00000064 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 keystone.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3075780754-812217710-2540179311-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3075780754-812217710-2540179311-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: Ds3Service => 2
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LVPrcS64 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: Razer Chroma SDK Service => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: RzWizardService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TunnelBearMaintenance => 2
MSCONFIG\Services: UxTuneUp => 2
MSCONFIG\Services: vToolbarUpdater40.2.5 => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^nulgathlarva123^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^nulgathlarva123^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk => C:\Windows\pss\IMVU.lnk.Startup
MSCONFIG\startupfolder: C:^Users^nulgathlarva123^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PKBN.exe => C:\Windows\pss\PKBN.exe.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\nulgathlarva123\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\nulgathlarva123\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: Discord => C:\Users\nulgathlarva123\AppData\Local\Discord\app-0.0.295\Discord.exe
MSCONFIG\startupreg: EsternTimesMouseExRun => "C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" -runauto
MSCONFIG\startupreg: FolderInformer => C:\Program Files (x86)\OpenOffice 4\program\winlogon.exe
MSCONFIG\startupreg: FolderVerifyer => C:\Program Files (x86)\OpenOffice 4\program\wisptis.exe
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: join.me.launcher => C:\Users\nulgathlarva123\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RazerCortex => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
MSCONFIG\startupreg: RSDTRAY => "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: RzWizard => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TSMApplication => "C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe"
MSCONFIG\startupreg: TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe -autoconnect
MSCONFIG\startupreg: uTorrent => "C:\Users\nulgathlarva123\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VideoSaver => C:\Users\NULGAT~1\AppData\Local\Temp\Rar$EXb0.863\setup.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly
MSCONFIG\startupreg: XMouseButtonControl => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5B0E43D1-4C82-43D9-A4BF-AEF3108A8611}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{DA76F6DE-D13B-4898-8AFA-461735D23BD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{51B39DAF-C9AE-4948-A890-4E47DC86483E}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{8B472A89-E00A-4966-9A0A-39EF43DD81EA}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{BD371608-A66B-44CD-81EE-FFEA9EE36DEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{62AAAA75-A30C-44BA-8E67-563CE18834AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{C261127B-3CD9-4A40-A70B-5811989DFBB4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C3F9F6D1-DA1D-4047-B6E2-A8F1FD56557A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5B9CDF0C-8C3E-405D-A02A-947EE5BA6701}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0802DB24-C19F-4D8C-8870-F18728D08D68}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{031CF11D-8BC1-45FF-89B5-A81EFCB35CFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D8E4F308-976B-42A1-BA87-38E8DC0F23E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{21906B0A-4DC2-4132-B03F-19A0D0521BE6}] => (Allow) LPort=53
FirewallRules: [{FC48FC04-B27F-4FDF-9260-8DEFA46C04C4}] => (Allow) LPort=1542
FirewallRules: [{07A7C8F4-0D08-4277-BC37-3F6D7170EC9A}] => (Allow) LPort=1542
FirewallRules: [{37EB82EF-F0A1-4496-91F7-465D1942162E}] => (Allow) C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{E4942B28-1B61-4C51-B58F-9F9D3034C2AC}] => (Allow) C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{2CB078A8-46A0-48D4-B3CF-0A23635D1344}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{6B78784A-5C9A-4E92-9935-70A2561036B2}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{97259862-27BB-4B36-A9FD-4CA22CA51F26}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{733B397D-E58E-427B-8813-8FEBDCFBF7AA}] => (Allow) LPort=2869
FirewallRules: [{A13409C0-E5CD-40B3-A693-E317E5712A10}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{7567C2CC-25F7-40D9-91B4-6CE33724100F}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{2D65784C-994F-4E97-B5F1-729BEC6A95EA}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{3CE8E4F4-F09B-45E9-96A1-1EDF8C3B88E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{41B76F12-1DE8-4A00-8541-3B6272FFDA13}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{53E4570F-B43B-4FB6-A2A0-335EA0FCDC37}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E4253D10-6E65-442D-B072-81CD75CEB445}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0C025CCD-373E-40C4-BDD6-8EC8D892F43D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{7D76FA34-CD71-45C4-9271-4747BA7902E7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{F1F65EE4-1742-46C9-BF82-5574FC6EA26A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{5EB7DFDD-FB9F-4EF8-885B-DA113B2029A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{1E008374-3AA1-4CA8-939E-D4CFC2B490BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3C4A40D-87D3-45E0-AE30-D9A4EA9D4A1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{49FB9E5C-840E-45C7-A28B-55B72B76770C}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{E084F0E0-F34E-4B21-87CF-608A327E318F}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{4C3F7FAA-2B7C-4BFB-8E1C-51427A269DF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AA7A43BF-E65A-477D-96DB-38B14B67EE9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{897ADE2E-DF4F-488D-A9E3-8C1A9F025A4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{B61BF1D5-A7D2-4B53-B7D9-ACC91EFC6449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{569FD23C-2B45-477A-BFC0-DA4968B849E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{7EF9EB48-7593-477C-BC13-7E73A420A573}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [TCP Query User{0C91E5CC-9C7B-4570-83D5-4087FA43CFE1}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{1816197C-7ACD-4C4E-8AF3-32C4909E3036}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{EF7587E7-326A-4C4B-AFBB-84DD36960917}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{085C4710-CD0C-42CB-941E-4E489A7F4AB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{83446F22-8837-49FC-AFC7-A5128072B7B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{0A1B4CE6-A102-4202-88CC-EBECDF48FA61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{3805FCFD-FC48-4F72-A80C-16C060757493}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{F8248849-FC38-4C52-A3DF-1E9550C6CAA7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{BD9D8EB9-53C2-4F2E-9A57-3E2B10C1835F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{C970C3AD-2419-4A2D-97CA-808A2521234A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{3734D54F-12E3-48CE-8F32-A734A2F13088}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Transformice\Transformice.exe
FirewallRules: [{4C6CB6EE-F03A-4C62-B1CC-6BBBBEE42432}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Transformice\Transformice.exe
FirewallRules: [{FF27C914-F725-479F-841C-02599D2E7F76}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{BEF1A0B3-4E09-4EF4-824E-00F05FBFF293}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{747D90A6-813A-45D9-9164-F7C073D5FAE5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{25ECFDA6-BBC1-44D3-8CC1-8BECCD9CA207}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{00A4D684-9388-469F-8691-4B1CC4C8431C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0C79FD93-9F78-4898-8124-ED5312DD7EC0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{DDC0FD21-A8D8-4C5E-8A77-4CBB24A3C5D0}C:\xampp\filezillaftp\filezilla server.exe] => (Allow) C:\xampp\filezillaftp\filezilla server.exe
FirewallRules: [UDP Query User{A518EFA8-5A1D-40E2-B139-147FE53A8C05}C:\xampp\filezillaftp\filezilla server.exe] => (Allow) C:\xampp\filezillaftp\filezilla server.exe
FirewallRules: [TCP Query User{097114D8-5BE3-491E-8A81-3034AF94C16B}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{210DBFEB-BCC9-4D38-85C2-5920DC90F806}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{67E2AB96-10AF-4CD6-826E-AFC9F149F396}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C0FE0CE4-1DB2-438D-8F97-413A34402A22}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{2C0CE1BC-483A-4315-9644-B1C265B64182}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9AC01D30-95F7-403C-B8DA-49951B35D474}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{83AB9005-864A-497F-A0E5-D9680BD7D5E5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C5B2EDB5-CD63-4E4A-BE09-2C4D2B53C8F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1C146AE3-5433-4052-9257-9F45093ED185}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{57C2956A-EAEF-46BC-8794-38C9D3816E26}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9D45014D-AF10-4DED-A26F-5C9DCCB9DB1F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9F980556-79B6-4900-A524-61CF3350DF1C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2A901A4B-DEA7-427D-BAF4-D9431F105755}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F604ECB8-A6CE-4691-BF32-25F8214AAB2E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B1BC41EC-A5DE-4BD2-A55D-CA4473A53A5E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{39331720-099C-4C6D-A9DB-CFAF795E3D9D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{65D22D8D-3975-4E17-9259-A20F16A76172}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9061E34E-16A7-49E7-A5BF-8CED040F4267}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{957C2BA7-B507-4DB0-812B-D2EA2CCF590D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{2E725D9B-EA0F-4260-B2B6-10BD582B5803}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DC4F35D0-913A-41BC-88CB-9147D52C3DB2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CFFBE218-73D7-4BD0-9D9F-E4747D5467E9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{668B30DB-EE1E-4A09-B975-5381075B6D38}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8ABF367F-DCF7-446F-85FD-A5A76B6CE109}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4C7EB4B0-D627-4980-93EB-9D51E5AD9B8A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4AB61D20-3160-42A0-B9AA-F4ECE39DD540}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D4410DC5-08BD-4440-B88E-492FCA812256}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CC425879-E622-4D10-AD98-6CFB9D82A5BA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B5355F3C-8083-42E5-A85D-E98A2556EF52}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AA9609EC-A514-4565-871A-D59EC22874E3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A7B6A7C0-6EDA-48FE-B121-D415A85AC53F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{62577380-E978-4D99-8FBE-693D6D2E11E9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{33EF9BD1-A7E6-49FD-A080-AF9A22331EFB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D3FB811A-25E2-4A6C-B2F4-76203AD53555}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D78FE2DD-FC11-40B9-BFE9-16ACF3DB049F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{196BB52E-40B5-4483-BA12-400F6DF01D3E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9AA05531-1EC0-484A-A3F7-67E71F395358}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9B1215BC-505E-495E-8AC8-D788C0A0C11D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0395F6AC-1114-453B-9B1A-00FBA42FEF7C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{578674A2-36CD-4736-B283-665895B533DC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1498CFD1-603F-4869-8902-01BF26805370}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{C505D176-C76F-4BDB-9CA4-404834E6A668}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{C3E458B6-630B-4BE0-B883-5973DDCA3A18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{76152DF4-ADBD-479E-91D5-1BF9E37517C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{42FCA016-776E-4290-9C54-EBB823F3CEDB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{63791EC9-DDF8-46FB-A212-D7544B4C79EB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A56BAAEA-6F83-4D22-A223-28D62E688E02}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E68B2200-D956-4F83-9935-A096DC8CC044}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8313F059-699C-41F1-A608-304B4879BC9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{AABEA48A-843C-4364-B195-299693B0D618}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{F2D50121-AC16-47EB-8F11-FF0423ED34E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{23D67DAC-4351-4901-B34E-D8665AD6C722}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{925B50B9-92B8-4AA8-942F-4AAAB3021C79}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6A1CD5DC-EA85-4CB4-802C-FE44E0D51097}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2E0D9147-9854-43CD-AE4E-AA97C3E6DF9C}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{ED88C111-B2B0-4BE7-9733-410893DA01B6}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{B998FBB9-9F05-4EF8-AE2F-885A32C974BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{D5BE1B93-C929-4E74-8BBA-21A2DE229072}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{F473BA35-7909-423E-B0E2-55AD956B4DB7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{094CB5C2-254B-476D-9BC0-157C7EEF6FD3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{7D50AA1F-4DD6-4835-BC66-0ACC68A7756A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{13D5089B-65C2-45EC-BF11-A0D784071B08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [TCP Query User{2DF36233-6D2B-4641-A2E8-C8C6FF37A30C}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{4F67D222-5968-4F86-A88E-23AC2702E5F4}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [{CC55C9C8-BA07-4454-A3A9-00FE91332500}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{5110088C-3449-4E0F-8856-298971FC1C60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{4FF9DF85-041B-4BED-BE7B-BBDE1CE507F1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F552D278-8CAC-4DB0-A428-BF96DACF73A7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{D1CEDD5C-8242-467C-8CDE-5D6C226DFFD4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9EE06238-5157-4718-BBB2-6BBEB5675239}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B98D3733-70B4-4C10-A3C5-E5A1DE8FA73E}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{303D559E-AFB0-4D89-8FD4-9EA2F09D57C6}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{6B13CFE9-55E3-4A38-A1CD-272311FC6BE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [{3FC2A658-537A-4ACA-9EED-C8FA78DCAC5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [TCP Query User{1FA22CC1-1F57-4D6E-A643-1C8C12357AC8}C:\users\nulgathlarva123\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nulgathlarva123\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{EBF0CD84-9C6D-4153-908F-152AF1AB70BD}C:\users\nulgathlarva123\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nulgathlarva123\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F58BB5E3-35E3-4E20-9251-055CED72D345}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [{A4028C35-7970-461A-823B-8288DD59A70B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [{ADD79BDF-C1B3-449E-915D-6268CC855B34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9271EBE5-D47D-4B22-974E-94E843BB4040}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D027A4A5-4CC2-47EF-A689-CDACDA7F8DDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4CB67693-54DE-4CD3-BEFB-AFC6D9F768EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BC4035B0-8BE3-4C00-A525-B12BEB8440D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{54861856-5FB7-4182-AFAC-D2AFE67B6161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{7CD02781-493B-4D48-8A48-F1F12A5FE710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F4E7D95B-466D-4DE5-8095-860D3FC5B674}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{ABFFD41C-6B40-4DA4-9B8B-1D5AE72078A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B39917B5-54BC-4476-8837-9D150FB4CD0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E71546AF-15EC-42E3-9805-15AF37F9B40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{93BE374A-93E9-41C5-A953-28A53C99E91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{FF7E4F04-CC31-450D-A590-45CA7FD26DCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{4D4170BA-70C7-4416-B873-DC35785175BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [TCP Query User{ABABA543-5E69-4B26-9A4C-42545714B28C}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{2614997A-DFDE-4AC0-BF38-5178559A633E}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{512121E9-D860-4B4D-BCB0-1F7970A1292C}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{7E184267-E15D-4C76-9C76-1E933A3779EE}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{033DAF26-D300-4548-BC95-C509A7DCAC9E}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{68F81D1B-D3BA-48AB-909A-98AEE81DF7B3}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{A2412FE8-D967-4E18-9AED-C895AA544C5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Emily is Away\emily is away.exe
FirewallRules: [{B4FEF301-E325-4D38-B024-C5C847A89BAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Emily is Away\emily is away.exe
FirewallRules: [{9AF2DB08-3AB6-40CA-AFF5-DFAC06E7ACB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{53BCF2CC-2C51-4F3F-B664-335101B8E3FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B4B55E5D-A2F8-42F0-AEA7-9842BF5E7C38}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{226CFADA-0388-4949-80AC-35CD9068945E}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{4374345B-08E5-4FA0-86EC-D3F926A45500}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1933F6BE-5B57-40A8-BC9F-89CF424812F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A2FCEE53-B471-4DEF-AD76-AF0967611034}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{360D7AA3-93BC-4541-AB4E-A67F8223DD60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{051537FA-1574-4BE7-97DC-43FD58DE8BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{8867DA40-3D38-4AAA-9296-BD4BAF979412}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{40F45AE5-6D9D-48EE-AD95-09337EBE5422}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{83E9E17D-1D26-45A2-B078-3714D0408576}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{02599B86-4D00-45DC-84A7-3F8AB031B8D3}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{37E8C5ED-1590-488A-8A11-3F2992BD8032}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{9E45088E-447F-482A-9326-EBE27F193D7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{547C0CD1-4996-441F-90EE-83B8691553DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F2F3712E-71DD-4356-A5D1-5CB25B33D20A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defcon\defcon.exe
FirewallRules: [{427D9E7E-98B1-4D87-B156-295C894ADEA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defcon\defcon.exe
FirewallRules: [{7D38CDD9-206C-49FB-A97E-174BCA3342C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{FEE4B6C8-F710-46A1-B91E-3A9D0B0FAB7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [TCP Query User{1B27F5B5-12CE-499F-B89E-73ACB0AFB9F0}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{FA895E55-7177-4D32-BB29-2FDD588B0094}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [{2EAEF387-6C91-4975-BFB4-13C25B019B46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{4A5D6B33-7050-40F9-BB35-27E47E9C31AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{CBAB222E-1AA5-4A5E-B6F5-E2E6901DFCE5}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{98DD0B14-BE61-4A7E-984F-6CEDC0E523F2}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{60634168-35E9-4E09-8BA3-4934C273DF0B}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{47868573-5D1B-4EDF-8AB6-F2037C3702E9}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{1D45EFC5-B075-489B-98F8-92FD9EB7860B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shakes & Fidget\Shakes and Fidget.exe
FirewallRules: [{5718D673-1056-4464-AF98-A31DC8CC3CB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shakes & Fidget\Shakes and Fidget.exe
FirewallRules: [TCP Query User{5C58515B-1A92-41BF-A6F6-C233FEBC9213}C:\users\nulgathlarva123\appdata\local\temp\joi6a74.tmp\join.me.exe] => (Allow) C:\users\nulgathlarva123\appdata\local\temp\joi6a74.tmp\join.me.exe
FirewallRules: [UDP Query User{51C812D6-8A46-4BD4-9C9D-D6A7753537D5}C:\users\nulgathlarva123\appdata\local\temp\joi6a74.tmp\join.me.exe] => (Allow) C:\users\nulgathlarva123\appdata\local\temp\joi6a74.tmp\join.me.exe
FirewallRules: [{EC2FF3CE-2E26-4210-911C-46BCB0715504}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4DDBED26-078E-4978-8CDA-3A72EF2FDFFF}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{69CD4CC7-881A-44F1-B732-29B2C87BDF2A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{753A0294-0354-45CB-BBEA-286EC6973078}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{512E820C-1829-469B-AB38-B55A44861608}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{ED733EC7-2755-4A10-B0B6-12790ABC58CC}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{BCE7A6B2-4C74-4EF8-A131-0313A52AF64B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Epic Clicker Journey\Epic Clicker Journey.exe
FirewallRules: [{05D980A9-4888-411A-9F3B-1CE5752A7BB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Epic Clicker Journey\Epic Clicker Journey.exe
FirewallRules: [{D161F0C2-FA48-4878-AB0C-B31C4DCCDC2F}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{18F1D60F-030B-4475-9C90-A7DAB2E8D701}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{9B1590A8-EB45-4E85-8BD5-9E48C8D3B5AF}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [UDP Query User{71C59AE5-C045-4AE8-85A3-7B9A72E32264}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [TCP Query User{64A1E203-AD9B-46C6-A620-90C2FFB947DE}C:\users\nulgathlarva123\appdata\local\temp\joic6ab.tmp\join.me.exe] => (Allow) C:\users\nulgathlarva123\appdata\local\temp\joic6ab.tmp\join.me.exe
FirewallRules: [UDP Query User{BB3D4B1E-A6B8-458D-93AB-DC678265B708}C:\users\nulgathlarva123\appdata\local\temp\joic6ab.tmp\join.me.exe] => (Allow) C:\users\nulgathlarva123\appdata\local\temp\joic6ab.tmp\join.me.exe
FirewallRules: [TCP Query User{A6781FB5-FE51-4F41-A4E3-46E0CD0D059C}C:\users\nulgathlarva123\desktop\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\nulgathlarva123\desktop\igg-youtuberslife\youtuberslife.exe
FirewallRules: [UDP Query User{ECDEDC16-F84D-4600-AE7A-24817B50DCEE}C:\users\nulgathlarva123\desktop\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\nulgathlarva123\desktop\igg-youtuberslife\youtuberslife.exe
FirewallRules: [TCP Query User{7BAC9634-EB22-419A-945D-C2B10F4F2794}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{29CBC1A8-4764-430B-8C5E-0995BF62D684}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{1CFA1302-3029-4A65-9201-1EA9CCE52FD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{57E4794F-D29C-408C-A560-F403BA30E915}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{6ED5BFF8-D9B2-4B06-A3D4-59542A300B72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{F2226C1F-AC79-4519-8ADA-4F9602C9D2E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{A446619B-0482-4B2A-B922-B799C07B35B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{8FC4E2B0-A499-406E-8E61-D853AAFCC95E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{6CA923DE-0655-401F-A93E-E72D44CBA96D}C:\users\nulgathlarva123\appdata\local\join.me\join.me.exe] => (Allow) C:\users\nulgathlarva123\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{22AD3CF8-7B8B-4094-9D88-CF3C170497A1}C:\users\nulgathlarva123\appdata\local\join.me\join.me.exe] => (Allow) C:\users\nulgathlarva123\appdata\local\join.me\join.me.exe
FirewallRules: [TCP Query User{79729D4E-D472-4176-8C0A-69EF8CB1306A}C:\users\nulgathlarva123\desktop\eclipse\eclipse.exe] => (Allow) C:\users\nulgathlarva123\desktop\eclipse\eclipse.exe
FirewallRules: [UDP Query User{F4936C6C-0D58-4EE4-AECD-4A078E1105CF}C:\users\nulgathlarva123\desktop\eclipse\eclipse.exe] => (Allow) C:\users\nulgathlarva123\desktop\eclipse\eclipse.exe
FirewallRules: [TCP Query User{3536A00A-E9A5-4A18-A76E-5C7F2D29B0B5}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{E63EF06E-19C8-41FD-8926-242E2CD627EA}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{FD1EBD6E-4DB8-4A4B-A938-D59C4C9D848B}C:\users\nulgathlarva123\desktop\eclipse\javaw.exe] => (Allow) C:\users\nulgathlarva123\desktop\eclipse\javaw.exe
FirewallRules: [UDP Query User{85D89597-BAA2-4C0C-A816-98FB4C609D7E}C:\users\nulgathlarva123\desktop\eclipse\javaw.exe] => (Allow) C:\users\nulgathlarva123\desktop\eclipse\javaw.exe
FirewallRules: [TCP Query User{9F3FBD07-F7EE-4E86-872D-30CCD83D2275}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [UDP Query User{36C85086-1D15-4D9B-A958-45AB1A371449}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [TCP Query User{00A08441-2D0C-4E90-92EC-482EB9AF519A}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{802E512A-8E07-45E2-8DF3-F0CDD48274B0}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{A8BC3F77-8150-4EF9-A611-1B214FB66C04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{D710DA89-6262-47B2-8BE4-F0EA57077A7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5860E379-351E-4C55-9618-7E2B7B2F9A79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A5210E53-306C-41A0-B6ED-E1AA0C21D81C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{1B5AFABF-8426-44D3-AF83-C0F049128F0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{1A3A26CA-7E93-40C3-8A90-2E2D4A409384}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{8B279474-8173-4DD2-927F-B76198C82ED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{6CAF36C8-C591-45C9-8C1E-6E83D02F22BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{BE44D7AB-A3A0-4590-9115-0FACE37F9A06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{CEF850A1-3C72-425E-BC2D-7B7EB25262AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{19BA12FF-CB47-4977-96FA-1C219E43AE56}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{02013A16-D80D-4AA0-9262-5243EC17BFDA}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{06773E8D-C801-4381-B643-0F98D5079751}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{F7F57C2F-B4EE-4AB5-B62D-4DE5F0582387}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{A2E7444C-51A8-4436-A2A6-BB20041B2AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{A6F2A386-2D7F-4A8B-A451-E5F735E26352}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
 
==================== Restore Points =========================
 
05-11-2016 19:50:47 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
05-11-2016 20:14:07 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
05-11-2016 20:15:13 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
05-11-2016 20:15:33 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
05-11-2016 20:16:11 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
05-11-2016 20:24:02 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
05-11-2016 20:24:31 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
05-11-2016 20:25:21 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
05-11-2016 20:25:50 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
05-11-2016 21:46:04 Installed SharpDevelop 5.1
05-11-2016 23:28:37 Removed SharpDevelop 5.1
05-11-2016 23:30:59 Installed SharpDevelop 4.4
06-11-2016 10:48:52 Windows Update
07-11-2016 16:26:41 Windows Update
10-11-2016 16:01:31 Removed Vegas Pro 13.0 (64-bit)
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: AppEx Networks Accelerator LWF
Description: AppEx Networks Accelerator LWF
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: APXACC
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (11/11/2016 04:13:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
 
System errors:
=============
Error: (11/11/2016 03:58:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {DCAB0989-1301-4319-BE5F-ADE89F88581C} did not register with DCOM within the required timeout.
 
Error: (11/11/2016 03:51:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/11/2016 03:50:28 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.
 
Error: (11/11/2016 03:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Firewall service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/11/2016 03:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (11/11/2016 03:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Genuine Software Integrity Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/11/2016 03:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AdobeUpdateService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/11/2016 03:47:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/11/2016 03:47:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/11/2016 03:46:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-02-15 20:19:21.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:21.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:21.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:21.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:21.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:21.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:21.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:21.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 20:19:20.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-14 14:48:52.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6600K APU with Radeon™ HD Graphics 
Percentage of memory in use: 25%
Total physical RAM: 16323.8 MB
Available physical RAM: 12121.04 MB
Total Virtual: 32645.8 MB
Available Virtual: 28333.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.29 GB) (Free:212.13 GB) NTFS
Drive d: (Install) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EF060A92)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by nulgathlarva123, 11 November 2016 - 03:15 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 13 November 2016 - 09:53 AM

hi,

 

We will get a download to use and go from there. Its called Adwcleaner.

Usually only on this site once or twice per day so you may not get a reply back from me until the following day.

 

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 


How Can I Reduce My Risk to Malware?


#3 nulgathlarva123

nulgathlarva123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 November 2016 - 03:39 PM

Okay, I ran this a few days back after FRST, it picked up 16 threats or so, here is the log for that:

# AdwCleaner v6.030 - Logfile created 11/11/2016 at 15:45:18
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-10.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : nulgathlarva123 - MIKAELSCOMPUTER
# Running from : C:\Users\nulgathlarva123\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  vToolbarUpdater40.2.5
Service Found:  WtuSystemSupport
Service Found:  Update service
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\nulgathlarva123\AppData\Roaming\wyupdate au
Folder Found:  C:\Program Files\Common Files\AVG Secure Search
Folder Found:  C:\ProgramData\TweakBit
Folder Found:  C:\ProgramData\BSD
Folder Found:  C:\ProgramData\Application Data\TweakBit
Folder Found:  C:\ProgramData\Application Data\BSD
Folder Found:  C:\Users\Public\Documents\Guid
Folder Found:  C:\Users\Public\Documents\pc faster
Folder Found:  C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
Folder Found:  C:\extensions
Folder Found:  C:\Users\nulgathlarva123\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Files ] *****
 
File Found:  C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found:  C:\Users\nulgathlarva123\AppData\Roaming\Mozilla\Firefox\Profiles\os10qcic.default-1450526944076\searchplugins\yahoo! powered.xml
File Found:  C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found:  C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\torchcrashhandler
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Update service
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKU\S-1-5-21-3075780754-812217710-2540179311-1002\Software\torch
Key Found:  HKU\S-1-5-21-3075780754-812217710-2540179311-1002\Software\WEBAPP
Key Found:  HKCU\Software\torch
Key Found:  HKCU\Software\WEBAPP
Key Found:  HKLM\SOFTWARE\torch
Key Found:  HKLM\SOFTWARE\Uniblue
Key Found:  HKLM\SOFTWARE\AVG Tuneup
Key Found:  HKLM\SOFTWARE\TWEAKBIT
Key Found:  [x64] HKCU\Software\torch
Key Found:  [x64] HKCU\Software\WEBAPP
Data Found:  HKU\S-1-5-21-3075780754-812217710-2540179311-1002\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://mysearch.avg.com/?cid={5D17EBC8-9B84-4170-ACEB-BADF4E577834}&mid=a4f6ecf04
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://mysearch.avg.com/?cid={5D17EBC8-9B84-4170-ACEB-BADF4E577834}&mid=a4f6ecf04a9047d28d4d31760f52f6f4-553fa1f3f6353acd6733e
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_chtengin_16_44&param1=1&param2=f%3D2%26b%3DIE%26cc%3Dgb%2
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://mysearch.avg.com/?cid={5D17EBC8-9B84-4170-ACEB-BADF4E577834}&mid=a4f6ecf04a9047d28d4d31760f52f6f4-553fa1f3f6353acd673
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_chtengin_16_44&param1=1&param2=f%3D2%26b%3DIE%26cc%3Dgb
Key Found:  HKU\S-1-5-21-3075780754-812217710-2540179311-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
Key Found:  HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Key Found:  HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found:  HKLM\SOFTWARE\Classes\s
Key Found:  HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
Firefox pref Found:  [C:\Users\nulgathlarva123\AppData\Roaming\Mozilla\Firefox\Profiles\os10qcic.default-1450526944076\prefs.js] - "browser.search.defaultenginename" -  "Yahoo! Powered"
Firefox pref Found:  [C:\Users\nulgathlarva123\AppData\Roaming\Mozilla\Firefox\Profiles\os10qcic.default-1450526944076\prefs.js] - "browser.search.selectedEngine" -  "Yahoo! Powered"
Chrome pref Found:  [C:\Users\nulgathlarva123\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd
Chrome pref Found:  [C:\Users\nulgathlarva123\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [11083 Bytes] - [05/09/2015 23:11:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [10562 Bytes] - [05/09/2015 22:44:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [10562 Bytes] - [05/09/2015 22:48:03]
C:\AdwCleaner\AdwCleaner[S3].txt - [10562 Bytes] - [05/09/2015 23:04:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [7249 Bytes] - [11/11/2016 15:45:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [7322 Bytes] ##########


#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 13 November 2016 - 07:29 PM

Ok we will use FRST to remove some items.

 

Copy/paste whats below into notepad, Save it as fixlist.txt in the same place you have FRST, your desktop.

Start FRSt like before except this time click on the Fix button once.

Machine will reboot to finish. Upon reboot it will display a new log called fixlog.txt which you can copy/paste in your reply.

Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe-RunCheckUpdate C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATTENTION
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Setup.lnk -> C:\xampp\xampp_setup.bat (No File)
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Shell.lnk -> C:\xampp\xampp_shell.bat ()
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Uninstall.lnk -> C:\xampp\uninstall_xampp.bat (No File)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.5.0 - Popcorn Time) <==== ATTENTION
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION
Task: {64AB0E15-E0AD-4220-9B22-771078095C37} - \Dregol tira -> No File <==== ATTENTION
Task: {88C21E6B-C31E-4BE2-AC02-B25598BA64FF} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe <==== ATTENTION
Task: {64AB0E15-E0AD-4220-9B22-771078095C37} - \Dregol tira -> No File <==== ATTENTION
Empty Temp:


How Can I Reduce My Risk to Malware?


#5 nulgathlarva123

nulgathlarva123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 14 November 2016 - 11:23 AM

Here it is:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by nulgathlarva123 (14-11-2016 16:10:33) Run:1
Running from C:\Users\nulgathlarva123\Desktop\FRST
Loaded Profiles: nulgathlarva123 (Available Profiles: nulgathlarva123)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe-RunCheckUpdate C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATTENTION
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Setup.lnk -> C:\xampp\xampp_setup.bat (No File)
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Shell.lnk -> C:\xampp\xampp_shell.bat ()
Shortcut: C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Uninstall.lnk -> C:\xampp\uninstall_xampp.bat (No File)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.5.0 - Popcorn Time) <==== ATTENTION
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION
Task: {64AB0E15-E0AD-4220-9B22-771078095C37} - \Dregol tira -> No File <==== ATTENTION
Task: {88C21E6B-C31E-4BE2-AC02-B25598BA64FF} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\nulgathlarva123\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe <==== ATTENTION
Task: {64AB0E15-E0AD-4220-9B22-771078095C37} - \Dregol tira -> No File <==== ATTENTION
Empty Temp:
*****************
 
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => moved successfully
C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Setup.lnk => moved successfully
C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Shell.lnk => moved successfully
C:\Users\nulgathlarva123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows\XAMPP Uninstall.lnk => moved successfully
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.5.0 - Popcorn Time) <==== ATTENTION => Error: No automatic fix found for this entry.
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64AB0E15-E0AD-4220-9B22-771078095C37}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64AB0E15-E0AD-4220-9B22-771078095C37}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dregol tira => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88C21E6B-C31E-4BE2-AC02-B25598BA64FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88C21E6B-C31E-4BE2-AC02-B25598BA64FF}" => key removed successfully
C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64AB0E15-E0AD-4220-9B22-771078095C37} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dregol tira => key not found. 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23342569 B
Java, Flash, Steam htmlcache => 371288720 B
Windows/system/drivers => 680147572 B
Edge => 0 B
Chrome => 447784601 B
Firefox => 359760385 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 82612 B
Public => 0 B
ProgramData => 0 B
systemprofile => 134880 B
systemprofile32 => 171737 B
LocalService => 115860 B
NetworkService => 1168035 B
nulgathlarva123 => 2042867331 B
 
RecycleBin => 544 B
EmptyTemp: => 3.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:17:53 ====


#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 14 November 2016 - 05:23 PM

So after you ran Adwcleaner the last time you clicked on the Clean button to have the items removed, right? Just checking.


How Can I Reduce My Risk to Malware?


#7 nulgathlarva123

nulgathlarva123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 15 November 2016 - 11:12 AM

Yeah.

 

I wanted to mention something by the way:

This could be an unimportant detail however, whenever I start up my PC I click on the arrow in the bottom right of my taskbar to display more items. I see two of these - https://gyazo.com/71d4cf986176e9ffd17a2faab939aeb5.

Both have the same icon, and the same message if I hover over them (Disable Hardware and No Link). (The duplicate disappears after a few seconds.) Perhaps that's unrelated to any malware however I still wanted to mention it.

I'm not sure if the above has changed ^^ because I haven't checked recently, I think it stopped though.



#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 15 November 2016 - 04:51 PM

Dosnt seem to be malware related. You have Gyazo 3.2.2 installed. do you use it at all? If not uninstall it via the add/remove programs panel.


How Can I Reduce My Risk to Malware?


#9 nulgathlarva123

nulgathlarva123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 15 November 2016 - 05:06 PM

I use gyazo relatively often.



#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 16 November 2016 - 08:23 PM

Log looks ok You think you had a Remote Admin Tool installed?


How Can I Reduce My Risk to Malware?


#11 nulgathlarva123

nulgathlarva123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 17 November 2016 - 10:56 AM

Not had, I still have it in my PC. Basically, I found something called lsas.exe (backdoor.bot) as malwarebytes called it. I removed it normally but it came back a few days later. Again I removed it, everything was okay since maybe a week ago, when I made my first post then it came back. So something is causing it to keep coming back. 



#12 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 17 November 2016 - 06:49 PM

Where is the .exe located? you can go to the link below, browse for the .exe on your machine and upload it to the site.

 

https://virusscan.jotti.org/


How Can I Reduce My Risk to Malware?


#13 nulgathlarva123

nulgathlarva123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 18 November 2016 - 08:49 AM

It was deleted by malware bytes as soon as I right clicked on it to view properties.

https://gyazo.com/bd26978c684968ca83502be95a8a40c6



#14 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 18 November 2016 - 03:51 PM

Did you try browsing for the file then uploading it to that website?


How Can I Reduce My Risk to Malware?


#15 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:43 AM

Posted 18 November 2016 - 03:55 PM

You can also browse for the file on your machine and upload it to my channel using this link:

 

http://www.bleepingcomputer.com/submit-malware.php?channel=67


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users