Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Featured Deal: Get 96% off a Xamarin Cross Platform Development Bundle Deal

Photo

Zodiac Games // Kb-ribaki malware pop-ups

Started by Bazyks , Feb 01 2017 03:17 AM

  • This topic is locked This topic is locked
4 replies to this topic

#1 Bazyks

Bazyks

  • Members
  • 2 posts
  • OFFLINE
    •  

Posted 01 February 2017 - 03:17 AM

Hello.Everytime i turn on or restart the PC those sites pop up.I saw threads for them but the fix there says it's good just for that user.Help  :smash:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by User (administrator) on USER-PC (01-02-2017 10:16:02)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Wargaming.net) F:\World_of_Tanks\WargamingGameUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Gaming Mouse\G2 Mouse\G2Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) F:\STEAM\Steam.exe
(Valve Corporation) F:\STEAM\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) F:\STEAM\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-01-19] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [G2 mouse] => C:\Program Files (x86)\Gaming Mouse\G2 Mouse\G2Monitor.exe [495616 2013-10-07] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2016-08-17] (AVAST Software)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [628280 2016-12-11] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Run: [Steam] => F:\STEAM\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Run: [User] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-07-29] (Disc Soft Ltd)
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Run: [World of Tanks] => F:\World_of_Tanks\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\MountPoints2: {680dd4c4-e18a-11e6-9480-7a7919699fad} - I:\HiSuiteDownLoader.exe
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\MountPoints2: {8e33b380-886d-11e6-bd85-7a7919699fad} - P:\autorun.exe
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\MountPoints2: {b2b405ca-6448-11e6-88bf-7a7919699fad} - J:\setup.exe
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\MountPoints2: {d7a70ce7-8892-11e5-8692-bc5ff4d709fe} - H:\setup.exe
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\MountPoints2: {f04a962f-af53-11e6-beb1-7a7919699fad} - I:\HiSuiteDownLoader.exe
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\MountPoints2: {f04a963f-af53-11e6-beb1-7a7919699fad} - I:\HiSuiteDownLoader.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-17] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-182026927-3631979950-4123045738-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tggoy5qb.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tggoy5qb.default [2017-02-01]
FF NetworkProxy: Mozilla\Firefox\Profiles\tggoy5qb.default -> type", 4
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tggoy5qb.default\extensions\amcontextmenu@loucypher [not found]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-18] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-182026927-3631979950-4123045738-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-182026927-3631979950-4123045738-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-182026927-3631979950-4123045738-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxps://www.google.ro/?gws_rd=cr,ssl&ei=LC1sVcTQDYmNsgHilIG4Ag"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-11]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-11]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-11]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-08-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-08-17]

Opera:
=======
OPR Extension: (AdBlocker Ultimate) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\pmpmnoinbkdojlnknogfeoagmhmhgakc [2016-07-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-08-18] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2016-08-17] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2016-08-17] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2017-01-28] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [249104 2016-07-12] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3758336 2015-11-29] (INCA Internet Co., Ltd.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-08-08] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-29] (A-Volute) [File not signed]
S3 TunngleService; D:\AA\Tunngle\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 ArcService; F:\Xcom\Arc\ArcService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2016-08-17] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2016-08-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2016-08-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2016-08-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2016-08-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2016-08-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2016-08-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2016-08-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2016-08-17] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-23] (Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30264 2016-08-15] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18816 2016-11-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-07-29] (Windows ® Win 7 DDK provider)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2016-08-17] (Avast Software)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-01 10:16 - 2017-02-01 10:16 - 00023361 _____ C:\Users\User\Desktop\FRST.txt
2017-02-01 10:14 - 2017-02-01 10:16 - 00000000 ____D C:\FRST
2017-02-01 10:12 - 2017-02-01 10:12 - 02420736 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-02-01 09:44 - 2014-10-23 22:57 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2017-01-29 12:50 - 2017-01-29 12:50 - 07650529 _____ C:\Users\User\Desktop\FTB_Launcher.exe
2017-01-28 19:42 - 2017-01-28 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-01-28 19:42 - 2017-01-28 19:42 - 00000000 ____D C:\Program Files\7-Zip
2017-01-28 19:10 - 2017-01-28 19:10 - 00000000 ____D C:\Users\User\AppData\Roaming\Curse
2017-01-28 16:57 - 2017-01-28 16:57 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-28 16:57 - 2017-01-28 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-25 09:13 - 2017-01-25 09:13 - 00580461 _____ C:\Users\User\Downloads\Attachments_2017125.zip
2017-01-23 21:58 - 2017-01-23 21:58 - 00000991 _____ C:\Users\Public\Desktop\HiSuite.lnk
2017-01-23 21:58 - 2017-01-23 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2017-01-23 21:57 - 2017-01-23 21:58 - 00000000 ____D C:\Program Files (x86)\HiSuite
2017-01-23 21:18 - 2017-01-23 21:18 - 00000000 ____D C:\Users\User\Documents\OFX Presets
2017-01-23 19:23 - 2017-01-23 20:12 - 00305568 _____ C:\Users\User\Desktop\Thousand_Foot_Krutch_War_of_Change_Official_Music_Video[www.MP3Fiber.com].mp3.sfk
2017-01-23 19:17 - 2017-01-23 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-01-23 18:49 - 2017-01-23 18:49 - 00000000 ____D C:\Program Files (x86)\Sony
2017-01-23 17:41 - 2017-01-23 17:41 - 00016656 _____ C:\Users\User\Downloads\Sony Vegas Pro 13.0 Build 428 x64-DI (1).torrent
2017-01-23 17:39 - 2017-01-23 17:39 - 00016656 _____ C:\Users\User\Downloads\Sony Vegas Pro 13.0 Build 428 x64-DI.torrent
2017-01-23 17:15 - 2017-01-23 17:38 - 00007400 _____ C:\Windows\system32\--traceoff
2017-01-23 17:15 - 2017-01-23 17:15 - 00000000 _____ C:\Windows\system32\--debugoff
2017-01-23 17:12 - 2017-01-23 17:12 - 00023172 _____ C:\Users\User\Downloads\Sony Vegas Pro v13 0 310 x64 & Plugins - MADCATS.torrent
2017-01-23 17:07 - 2017-01-23 17:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony Creative Software Inc
2017-01-22 19:08 - 2017-01-22 19:08 - 00000000 ____D C:\Users\User\Documents\BnS
2017-01-22 17:02 - 2017-01-22 17:02 - 00001396 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2017-01-22 17:02 - 2017-01-22 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-01-22 17:01 - 2017-01-22 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-01-22 17:01 - 2017-01-22 17:01 - 00000000 ____D C:\Program Files (x86)\NCWest
2017-01-21 21:18 - 2017-01-22 16:49 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-01-21 21:18 - 2017-01-21 21:18 - 00000803 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-01-21 21:18 - 2017-01-21 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-01-19 14:32 - 2017-01-19 14:32 - 00244906 _____ C:\Users\User\Downloads\watch (1).htm
2017-01-19 14:32 - 2017-01-19 14:32 - 00244426 _____ C:\Users\User\Downloads\watch.htm
2017-01-18 21:18 - 2017-01-18 21:18 - 00000000 ____D C:\Users\User\AppData\LocalLow\Pixel Federation
2017-01-17 15:48 - 2017-01-17 15:48 - 00335872 _____ C:\Users\User\Downloads\constructii_grafice_3.ppt
2017-01-12 20:01 - 2017-01-12 20:01 - 00000000 ____D C:\Users\User\AppData\Roaming\PortForward.com
2017-01-09 18:21 - 2017-01-11 16:54 - 00000070 _____ C:\Users\User\Desktop\andreea.txt
2017-01-03 20:43 - 2017-01-03 20:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Wargaming.net
2017-01-03 20:04 - 2017-01-03 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-01-02 21:17 - 2017-01-04 21:26 - 00000000 ____D C:\Program Files (x86)\Removewat 2.2.7

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-01 10:16 - 2015-11-11 20:35 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-02-01 09:55 - 2016-01-17 23:00 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-01 09:50 - 2009-07-14 07:13 - 00786666 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-01 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-02-01 09:47 - 2016-02-18 19:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-01 09:46 - 2016-08-17 15:44 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-02-01 09:46 - 2016-03-01 22:38 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2017-02-01 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2017-02-01 09:44 - 2016-09-19 19:59 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-01 09:44 - 2015-11-13 14:51 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-02-01 09:44 - 2015-11-11 11:50 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-01 09:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-31 23:55 - 2016-12-18 17:12 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-31 23:48 - 2015-11-11 19:14 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-01-29 23:41 - 2015-11-11 18:55 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2017-01-29 10:50 - 2016-12-27 20:40 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2017-01-28 22:16 - 2016-04-08 20:47 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-28 22:16 - 2015-11-19 15:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-28 20:31 - 2017-01-01 16:32 - 00000000 ____D C:\Users\User\AppData\Roaming\SpaceEngineers
2017-01-28 19:16 - 2015-12-22 14:26 - 00000000 ____D C:\Users\User\AppData\Local\ftblauncher
2017-01-28 16:57 - 2015-12-22 13:26 - 00000000 ____D C:\Program Files\Java
2017-01-28 16:18 - 2015-11-12 22:23 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-01-23 22:03 - 2016-11-20 21:17 - 00000000 ____D C:\Users\User\AppData\Local\Hisuite
2017-01-23 19:17 - 2016-02-08 18:14 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony
2017-01-23 18:49 - 2016-02-08 18:14 - 00000000 ____D C:\Users\User\AppData\Local\Sony
2017-01-23 17:18 - 2016-04-25 16:32 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-01-22 22:30 - 2015-12-19 16:28 - 00000000 ____D C:\Users\User\AppData\Local\Ubisoft Game Launcher
2017-01-22 17:02 - 2015-11-13 18:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-22 10:09 - 2015-11-30 21:06 - 00000000 ____D C:\Users\User\AppData\Local\Warframe
2017-01-21 21:23 - 2016-09-21 15:50 - 00000577 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-01-21 20:46 - 2015-11-17 19:40 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-01-21 19:14 - 2016-11-05 19:13 - 00002154 _____ C:\Users\User\Desktop\Discord.lnk
2017-01-21 19:14 - 2016-11-05 19:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-21 19:14 - 2016-11-05 19:13 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2017-01-21 19:14 - 2016-11-05 19:13 - 00000000 ____D C:\Users\User\AppData\Local\Discord
2017-01-21 18:57 - 2015-11-12 15:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 21:37 - 2015-11-14 12:29 - 00000000 ____D C:\Users\User\AppData\Roaming\CodeBlocks
2017-01-18 19:45 - 2015-11-12 15:34 - 00000000 ____D C:\ProgramData\Oracle
2017-01-18 16:28 - 2015-11-11 11:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-12 20:01 - 2016-12-03 22:44 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2017-01-12 14:31 - 2016-05-16 16:04 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 15:47 - 2016-04-08 20:47 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-10 15:47 - 2016-02-18 19:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 15:47 - 2016-01-16 11:29 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 15:47 - 2016-01-16 11:29 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 15:47 - 2015-11-19 15:20 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-06 22:37 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\ShellNew
2017-01-03 15:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-01-02 21:21 - 2016-08-23 20:19 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2017-01-02 00:07 - 2009-07-14 06:45 - 00020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-02 00:07 - 2009-07-14 06:45 - 00020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

==================== Files in the root of some directories =======

2016-12-07 21:13 - 2016-12-07 21:13 - 0000000 ____H () C:\Users\User\AppData\Local\BIT189F.tmp
2016-05-08 19:36 - 2016-05-08 19:36 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-07 21:12 - 2016-12-07 21:13 - 0000000 _____ () C:\Users\User\AppData\Local\{77406E5D-D961-459A-B0FA-05AB3B589194}
2016-08-16 20:07 - 2016-08-16 20:07 - 0000000 _____ () C:\Users\User\AppData\Local\{CF487CA3-4B15-448A-BCF1-7AC086EF6AF9}
2016-07-01 13:13 - 2016-07-01 13:13 - 0000000 _____ () C:\Users\User\AppData\Local\{D62AD0BA-745E-4EE4-90F9-301D6810296C}
2016-06-28 23:19 - 2016-06-28 23:20 - 0000000 _____ () C:\Users\User\AppData\Local\{DED47690-A1A1-42D7-946F-7C1F3E200BA4}
2015-11-12 19:51 - 2015-11-12 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-12 22:13 - 2015-11-12 22:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-02 16:06 - 2015-10-03 16:06 - 0000032 ____R () C:\ProgramData\hash.dat
2016-12-18 17:12 - 2017-02-01 09:44 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-18 17:12 - 2017-01-31 23:55 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
2017-01-28 19:43 - 2017-01-28 19:43 - 0019968 ____N (Red Hat®, Inc.) C:\Users\User\AppData\Local\Temp\jansi-64-1908985746910365343.dll
2017-01-28 19:49 - 2017-01-28 19:49 - 0019968 _____ (Red Hat®, Inc.) C:\Users\User\AppData\Local\Temp\jansi-64-1942674391563032742.dll
2017-01-18 19:41 - 2017-01-18 19:41 - 0739904 _____ (Oracle Corporation) C:\Users\User\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-10-27 20:33 - 2016-10-22 07:22 - 0747648 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
2016-12-18 16:38 - 2016-10-22 07:22 - 0351680 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\nvStInst.exe
2016-12-18 16:40 - 2016-12-12 04:37 - 1135552 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\NvTelemetry.dll
2016-12-18 16:40 - 2016-12-12 04:37 - 0217024 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-12-18 16:40 - 2016-12-12 04:37 - 0268736 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-12-30 17:38 - 2016-12-30 17:39 - 43878872 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2016-07-02 12:00] - [2016-07-02 12:00] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-28 16:11

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by User (01-02-2017 10:16:35)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-11 09:29:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-182026927-3631979950-4123045738-500 - Administrator - Disabled)
Guest (S-1-5-21-182026927-3631979950-4123045738-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-182026927-3631979950-4123045738-1002 - Limited - Enabled)
User (S-1-5-21-182026927-3631979950-4123045738-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
AirMech (HKLM\...\Steam App 206500) (Version: - Carbon Games)
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.7.2 - ASUSTek COMPUTER INC.)
ASUS GPU TweakII (x32 Version: 1.1.7.2 - ASUSTek COMPUTER INC.) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast License by ZeNiX [2014-03-14] (HKLM-x32\...\Avast_2050_ZeNiX [2014-03-14]_is1) (Version: - )
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
CodeBlocks (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0193 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.41 - NCH Software)
EasyAntiCheat eSports (HKLM\...\Steam App 282660) (Version: - EasyAntiCheat Ltd)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
G2 Mouse Driver (HKLM-x32\...\{249B1212-3779-404F-80FC-F3B80FE265ED}) (Version: - )
Galactic Junk League (HKLM\...\Steam App 562590) (Version: - Pixel Federation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.93 - NCH Software)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Opera Stable 35.0.2066.92 (HKLM-x32\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
Opera Stable 41.0.2353.69 (HKLM-x32\...\Opera 41.0.2353.69) (Version: 41.0.2353.69 - Opera Software)
osu! (HKLM-x32\...\{bbb286f5-1e9a-471a-88ff-7861588c9dec}) (Version: latest - ppy Pty Ltd)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.93 - NCH Software)
PlanetSide 2 (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.18 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.7.36 - Red Giant, LLC)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
ROTR ECA Beta 1.8 (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\ROTR ECA Beta 1.8) (Version: - )
Savage Resurrection (HKLM\...\Steam App 366440) (Version: - S2 Games, LLC)
ShellShock Live (HKLM\...\Steam App 326460) (Version: - kChamp Games)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Spiral Knights (HKLM\...\Steam App 99900) (Version: - Grey Havens)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound - Glad Giraffe (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\Starbound - Glad Giraffe) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.88 - NCH Software)
System Requirements Lab Detection (HKLM-x32\...\{222EA595-601E-423A-8445-596ED741C4FE}) (Version: 6.1.6.0 - Husdawg, LLC)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal)
Trapcode Suite v13.0.1 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.1 - Red Giant, LLC)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games)
Uplay (HKLM-x32\...\Uplay) (Version: 26.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.90 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-182026927-3631979950-4123045738-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15F9A912-2DC2-49C5-95DC-6D46B7906A88} - \User -> No File <==== ATTENTION
Task: {1605F004-7918-42AE-8C44-C6EEE8F676F8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {19952C95-57F6-4986-B6F8-5CEAE49429E3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {1F82756B-7103-467B-A431-32CD625DE253} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {22BA9CBC-36D2-40C2-A1ED-69DD6B50EA2E} - System32\Tasks\Opera scheduled Autoupdate 1453064437 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
Task: {47FF4200-C8CD-42C6-91F3-746FC2863C9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {61DDFA45-E753-4233-A4DC-902AD2707CDB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-12-19] (Avast Software s.r.o.)
Task: {688ABCB3-02E5-4446-9245-7A99F13FA0FA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {6C2CE183-5FB3-42D0-B661-90F8A1F74D3A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)
Task: {789EB488-5490-4537-BE97-137993961F93} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {7BC1B5E6-5E9C-4708-A3C2-FD407ABE7A2A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)
Task: {A8596722-702D-4B1B-9F1E-B4B716021026} - System32\Tasks\DX => hxxp://kb-ribaki.org
Task: {AECFEEBE-2EEA-44E0-919F-B28F8ECABDB7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {CAC5B380-28B5-4651-B774-3267867621F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {CB7FF529-EEA8-4D29-9E09-69B89E199D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {CEEA8C7F-8D00-427D-B652-23F031BF1D1A} - System32\Tasks\{DD673674-3074-43F8-9F02-F2B752AAC2D6} => pcalua.exe -a "D:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=all
Task: {EB55B6B7-2769-4448-B884-FA5677F96A06} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {F0F0DB3B-A29D-4F49-B305-6C2390AC41CB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-13] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Desinstalar todo.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\Desinstalar.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Trucar rango general\Off.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\RankOff.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Trucar rango general\On.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\RankOn.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Energy.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\ModEnergy.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Holland.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\ModHolland.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Reborn.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\ModReborn.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Reloaded.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\ModReloaded.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Quitar todos.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\ModOff.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mejorar zoom\Off.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\MejorZoomOff.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mejorar zoom\On.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\MejorZoomOn.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 1.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\Jugador1.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 2.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\Jugador2.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 3.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\Jugador3.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 4.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\Jugador4.bat (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 5.lnk -> F:\C&C\C&C Generals and Zero Hour\CnC Generals and Zero Hour\Jugador5.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-18 21:31 - 2015-08-18 21:31 - 00048640 _____ () C:\Windows\SysWOW64\ASGT.exe
2016-11-25 08:16 - 2016-11-25 08:16 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-12-18 16:40 - 2016-12-13 01:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-18 16:40 - 2016-12-13 01:36 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-01-15 22:24 - 2016-08-08 08:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-11-05 02:11 - 2015-11-05 02:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-01-11 20:06 - 2016-01-19 16:51 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-05-15 10:40 - 2013-10-07 17:15 - 00495616 _____ () C:\Program Files (x86)\Gaming Mouse\G2 Mouse\G2Monitor.exe
2016-08-17 15:44 - 2016-08-17 15:44 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2016-08-17 15:44 - 2016-08-17 15:44 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2017-01-10 15:47 - 2017-01-10 15:47 - 31167576 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer64_24_0_0_194.dll
2016-08-17 15:46 - 2014-03-14 07:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2017-01-31 16:53 - 2017-01-31 16:53 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17013102\algo.dll
2016-08-17 15:44 - 2016-08-17 15:44 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2017-02-01 09:46 - 2017-02-01 09:46 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17020100\algo.dll
2015-12-02 14:30 - 2015-12-02 14:30 - 00065536 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Exeio.dll
2015-11-30 09:12 - 2015-11-30 09:12 - 01946624 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
2016-12-18 16:40 - 2016-12-13 01:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-18 16:40 - 2016-12-13 01:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-18 16:40 - 2016-12-13 01:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2015-10-01 08:28 - 2015-10-01 08:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-02-08 17:42 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-02-08 17:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-05-15 10:40 - 2012-06-09 06:38 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\G2 Mouse\lan.dll
2016-05-15 10:40 - 2013-02-20 13:17 - 00061440 _____ () C:\Program Files (x86)\Gaming Mouse\G2 Mouse\hiddriver.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-17 15:44 - 2016-08-17 15:44 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-18 16:40 - 2016-12-13 01:33 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-18 16:40 - 2016-12-12 16:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-18 16:40 - 2016-12-12 16:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-18 16:40 - 2016-12-12 16:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-18 16:40 - 2016-12-12 16:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-18 16:40 - 2016-12-12 16:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-18 16:40 - 2016-12-12 16:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-18 16:40 - 2016-12-12 16:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-18 17:12 - 2016-12-12 16:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-03 14:51 - 2016-12-23 20:28 - 00657184 _____ () F:\STEAM\SDL2.dll
2016-12-03 14:51 - 2016-09-01 03:02 - 04969248 _____ () F:\STEAM\v8.dll
2016-12-03 14:51 - 2016-09-01 03:02 - 01563936 _____ () F:\STEAM\icui18n.dll
2016-12-03 14:51 - 2016-09-01 03:02 - 01195296 _____ () F:\STEAM\icuuc.dll
2016-12-03 14:51 - 2017-01-19 03:30 - 02327840 _____ () F:\STEAM\video.dll
2016-12-03 14:51 - 2016-01-27 09:49 - 02549760 _____ () F:\STEAM\libavcodec-56.dll
2016-12-03 14:51 - 2016-01-27 09:49 - 00442880 _____ () F:\STEAM\libavutil-54.dll
2016-12-03 14:51 - 2016-01-27 09:49 - 00491008 _____ () F:\STEAM\libavformat-56.dll
2016-12-03 14:51 - 2016-01-27 09:49 - 00332800 _____ () F:\STEAM\libavresample-2.dll
2016-12-03 14:51 - 2016-01-27 09:49 - 00485888 _____ () F:\STEAM\libswscale-3.dll
2016-12-03 14:51 - 2017-01-19 03:30 - 00838432 _____ () F:\STEAM\bin\chromehtml.DLL
2016-12-03 14:51 - 2016-07-05 00:17 - 00266560 _____ () F:\STEAM\openvr_api.dll
2016-12-13 19:51 - 2017-01-05 05:12 - 68813088 _____ () F:\STEAM\bin\cef\cef.win7\libcef.dll
2016-12-03 14:51 - 2017-01-19 03:30 - 00383776 _____ () F:\STEAM\steam.dll
2016-12-03 14:51 - 2015-09-25 01:52 - 00119208 _____ () F:\STEAM\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Microsoft:mG7O6fTzX2v0M9L7nNkb8O [2180]
AlternateDataStreams: C:\ProgramData\Microsoft:OdNDGPBDSPjvpAYWstFDk [2412]
AlternateDataStreams: C:\ProgramData\Microsoft:r0pFLcta3vjrlG0LhDjHP2WwboLzOf [2144]
AlternateDataStreams: C:\Users\User\Cookies:UM7NUiznsGUh8GVzDa6Kth3P [2234]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-01-04 21:26 - 00001188 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-182026927-3631979950-4123045738-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B0463B3B-99ED-4BDE-AF2E-7FD61BA75A65}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC7E9809-3ECE-47BE-A654-B44561E54F0C}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2AF1580D-A71A-46E4-9BCA-37CAF2B8B3D0}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B51A458-80DA-454D-B113-3A5908956552}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54A4CB66-C1E8-4051-A8F1-6F7A1914A955}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E67A6873-27DD-4295-82EA-884211540EA6}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B0D490A-E0C2-4D18-B7D1-EF9F216F9980}] => D:\Steam\Steam.exe
FirewallRules: [{4ADD076B-35C9-4465-B570-5C3AF2BC686F}] => D:\Steam\Steam.exe
FirewallRules: [{524D5FD8-9E5D-4650-BE88-36F6CFAF7DAC}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{61167E9C-3D24-4BD5-9D2B-251B8DAF6E85}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{28FD7EC6-B642-47DE-AECF-5F594CB7F85D}] => F:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{90B0C2AF-E970-4A3C-B834-C8CF6D77B37C}] => F:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EDACFB2D-3057-4711-9C2E-A8681B0B0197}] => C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{3367B449-4313-4CE5-83AA-523EBDF0ECEA}F:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => F:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{1DE74365-28CB-4A9F-B9FF-1E5EF2ECC33F}F:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => F:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{08BED9A0-CDBE-474E-AB4B-1FCFF334C230}] => D:\AA\Tunngle\TnglCtrl.exe
FirewallRules: [{B3AE2688-074D-45F5-A65B-40EBDB217EC2}] => D:\AA\Tunngle\TnglCtrl.exe
FirewallRules: [{F499331A-9550-421D-A355-B67F6383E48F}] => D:\AA\Tunngle\Tunngle.exe
FirewallRules: [{4F82FA36-8FDA-4988-96FF-DF71D5EBCE46}] => D:\AA\Tunngle\Tunngle.exe
FirewallRules: [{9BF01448-DC6F-4067-A7F8-2D7FF0DCF5CB}] => D:\AA\Tunngle\Tunngle\TnglCtrl.exe
FirewallRules: [{7DD30739-CD29-407B-BE22-4E827D30895C}] => D:\AA\Tunngle\Tunngle\TnglCtrl.exe
FirewallRules: [{1251CFD3-5117-446B-AA7D-59688CA63DB9}] => D:\AA\Tunngle\Tunngle\Tunngle.exe
FirewallRules: [{A7A0D572-FA08-4B1D-AD1A-1C19D22AA1F6}] => D:\AA\Tunngle\Tunngle\Tunngle.exe
FirewallRules: [{3532C5ED-5E8B-489B-883B-B978E99A6913}] => D:\AA\Tunngle\Tunngle\TnglCtrl.exe
FirewallRules: [{9CF52886-F9AC-43D9-83DB-DE51912BF4B9}] => D:\AA\Tunngle\Tunngle\TnglCtrl.exe
FirewallRules: [{EC6F05AE-D29D-41D7-AB5B-B9798ED6AE10}] => D:\AA\Tunngle\Tunngle\Tunngle.exe
FirewallRules: [{4DD6C2FB-8CB8-44BC-986F-FC8274FCD29E}] => D:\AA\Tunngle\Tunngle\Tunngle.exe
FirewallRules: [{75C78763-AF22-4CEF-ADB9-3B9ED76B9D4A}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{523F3141-A5DD-4C29-9723-CCD2AB0515A2}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{D3594E36-4051-434E-8922-C7F6FA609373}] => F:\SteamLibrary\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{27B33AC3-8EA2-4117-BB75-109A240EA1EE}] => F:\SteamLibrary\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{0A8017B1-F265-443D-812B-BAEE00116A88}] => F:\SteamLibrary\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{61DDEE3B-5B67-4CC5-AF81-F3A14B82871A}] => F:\SteamLibrary\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{528BA524-2B8F-48B8-B259-4F22217153B1}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CEA97FA3-44CA-4568-B659-6F0F907BCFA3}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8BA17418-A832-4D57-8335-87D7A0C1D5C3}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4F7C1C66-6C30-4210-941D-475E301A41DB}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1174F515-D60A-4A52-BFB1-6C6B969029B8}] => F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{289F8E8E-41F6-409E-9B22-0A3E289F0E0C}] => F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0106FB34-6173-4C27-82CE-937E7162DA4D}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{32786312-F928-4FC5-9A04-DC48DF24485E}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5C22FCC-B80A-4458-B59D-002501FADEAE}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F3BC512C-A5C8-4259-BE0C-7649E2AB8257}] => F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{CB196F77-7DF8-4150-9BEC-93A959D44D29}] => F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{8DCFCF34-AE8B-4193-8391-A0C63AF72200}] => F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{3B075BE0-C8B1-4384-BD6E-37B4D216A062}] => F:\AA\Audition\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{3A295A66-2B27-4AEC-BA13-D378F2C69EA1}] => F:\AA\Audition\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{0C129F43-2BDC-4F5D-8D17-0D7FF918CA6C}] => F:\AA\Audition\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{9192F463-955F-4DB6-9B84-65DDCB7F58D7}] => F:\AA\Audition\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{DF23E1CF-3D63-4F99-B37D-D3AD6248A09C}] => F:\AA\Audition\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{BADFAE9D-E9ED-43C9-A56B-BEED75825764}] => F:\AA\Audition\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [TCP Query User{699E81B0-E6BA-4488-9F1B-D4E1F04956DD}F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{535B5961-CB51-48BF-B1D0-3729CE9183AD}F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => F:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{5E233E1A-DFA1-4018-B173-C7635ADB595F}] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{6D8E3CE4-A05B-468A-8528-D5F566336E8B}] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{6FC397C3-BE86-44A8-9849-334E86A0A997}] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{9F9696F7-46BE-406F-AFC5-33D5514FF02B}] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [TCP Query User{53FD0396-92FE-4160-892D-276DFD9C1F96}F:\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => F:\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{229BA7BA-AC5C-4703-8C31-43FB3B7F5729}F:\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => F:\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B49EF046-A777-4470-8C69-D6876596C0E5}] => LPort=25565
FirewallRules: [{F69BBEF6-D19D-4329-A959-87C8C45AACD1}] => LPort=25565
FirewallRules: [{F66D1A34-9513-4C90-ABF0-474715D8F7EE}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CE03962A-7ACA-4825-86A9-E199B66E3CBA}] => LPort=2869
FirewallRules: [{81E6A833-A71F-4EFF-A564-BE448F9ED249}] => LPort=1900
FirewallRules: [TCP Query User{0FB85109-0AE9-4152-A267-92971D7D66F0}F:\aa\after\terraria.v1.3.0.8\terrariaserver.exe] => F:\aa\after\terraria.v1.3.0.8\terrariaserver.exe
FirewallRules: [UDP Query User{2CE8703E-22B9-450C-A1A6-F03FEB01A03F}F:\aa\after\terraria.v1.3.0.8\terrariaserver.exe] => F:\aa\after\terraria.v1.3.0.8\terrariaserver.exe
FirewallRules: [{7C4665B1-95C8-4F54-863E-2E0AD234F4E8}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9535A351-56DE-4403-AEEB-9F9E3A7F8A90}] => F:\SteamLibrary\SteamApps\common\EasyAntiCheat\EasyAntiCheat.exe
FirewallRules: [{B211670C-0F60-4DB7-A9B4-560F475F6C62}] => F:\SteamLibrary\SteamApps\common\EasyAntiCheat\EasyAntiCheat.exe
FirewallRules: [TCP Query User{CA67469F-0E5F-46E3-99DB-5F72A310B3D0}F:\ds2\enter.the.gungeon-gog\monaco what's yours is mine 1.01 {px-flash}\monaco what's yours is mine\monaco.exe] => F:\ds2\enter.the.gungeon-gog\monaco what's yours is mine 1.01 {px-flash}\monaco what's yours is mine\monaco.exe
FirewallRules: [UDP Query User{F5A58D1F-2A4D-455F-BF4B-5779728DCDD7}F:\ds2\enter.the.gungeon-gog\monaco what's yours is mine 1.01 {px-flash}\monaco what's yours is mine\monaco.exe] => F:\ds2\enter.the.gungeon-gog\monaco what's yours is mine 1.01 {px-flash}\monaco what's yours is mine\monaco.exe
FirewallRules: [{4E27D971-E9FE-4823-8AC9-6D7A7F9C24C9}] => F:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{864753A6-E39E-46BB-81A4-0DFF93021853}] => F:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{3A3D5320-A196-4E95-AA0E-7067CAC3AE84}] => F:\SteamLibrary\SteamApps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{5A520A37-DF8A-49FD-A22A-6BEB5F2AE2BF}] => F:\SteamLibrary\SteamApps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{2574F7EF-CE10-450F-9492-D6BAABA266EC}] => F:\SteamLibrary\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{B57AB7A6-61C9-4C8C-B04E-68438866A2A6}] => F:\SteamLibrary\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{76BCFAF7-B9A3-4A93-A47D-0B123919789C}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B9AE6E4F-2AF6-4B1A-905F-D6A72C11C9A6}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{252E087C-9D1D-4E97-8474-9FDD640490F2}] => D:\AA\Tunngle\Tunngle\TnglCtrl.exe
FirewallRules: [{7BD75D94-08B1-47D4-AAFA-DC130DE59554}] => D:\AA\Tunngle\Tunngle\TnglCtrl.exe
FirewallRules: [{BF89EA09-8EE6-44BE-9E2F-5E1FAC180A00}] => D:\AA\Tunngle\Tunngle\Tunngle.exe
FirewallRules: [{68ADC65E-24BB-4899-8742-F22655E63267}] => D:\AA\Tunngle\Tunngle\Tunngle.exe
FirewallRules: [{E188A61B-CC51-49CB-8850-7EFF169AB6E6}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6B6AE767-3900-40AC-8C2E-C3819AA97EEC}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A3B7B824-BE94-432D-9D6A-BEDBA459D972}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A3A3217A-7D66-4BA2-B986-46CA01D1F2B8}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6EF3EEFA-B5E1-49C8-83A1-091569DE4E61}] => F:\SteamLibrary\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{8D248041-C2BB-4715-B1D3-562842F1904B}] => F:\SteamLibrary\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{4A5ED5B6-E765-49D0-9E39-EC3EE2B7A693}] => C:\Users\User\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{8A72D267-FDBA-480D-AEC2-726FC8A9D6BA}] => C:\Users\User\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{202DED21-5C31-4FD6-BD2B-40F94F5F2CFB}F:\fo\armored warfare mycom\bin64\armoredwarfare.exe] => F:\fo\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{6EB40686-A8D9-41A4-A171-979C10E4A24B}F:\fo\armored warfare mycom\bin64\armoredwarfare.exe] => F:\fo\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [TCP Query User{7FF0B1CA-3C00-4141-9BE0-5CEDD619D2EF}F:\fo\igg-the.forest.public.alpha.v0.43c\theforest.exe] => F:\fo\igg-the.forest.public.alpha.v0.43c\theforest.exe
FirewallRules: [UDP Query User{9AFAA7A1-3273-4677-8BC0-1D630FC4C302}F:\fo\igg-the.forest.public.alpha.v0.43c\theforest.exe] => F:\fo\igg-the.forest.public.alpha.v0.43c\theforest.exe
FirewallRules: [TCP Query User{148B7BC2-EC51-4334-A040-5AE46327A0C2}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{DA0DCDC0-BD10-4DC2-B575-7B1D5089E1BF}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{0A2CF322-DC53-436A-B161-CF7187707C96}] => F:\fo\Don't Starve Together Beta\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{1E2EB379-A3D1-4DAF-BCD5-E35D9B8A54A8}] => F:\fo\Don't Starve Together Beta\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{8879777C-9C78-464A-A543-D23C73406B8E}C:\users\user\appdata\local\mycomgames\mycomgames.exe] => C:\users\user\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{D735B2A8-E721-4085-AAB5-20D8498B0A78}C:\users\user\appdata\local\mycomgames\mycomgames.exe] => C:\users\user\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{4B416DAF-2002-4B1B-A85E-1226665D6CC7}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A9EAC42A-9B1A-4042-8815-D852A4D75EB7}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{BB97E9D0-44C5-48BE-97FF-3AE185BA5BF4}F:\fo\don't starve together beta\grow up\growup.exe] => F:\fo\don't starve together beta\grow up\growup.exe
FirewallRules: [UDP Query User{2B3492C4-4022-4D18-B984-530B7F4BB1D3}F:\fo\don't starve together beta\grow up\growup.exe] => F:\fo\don't starve together beta\grow up\growup.exe
FirewallRules: [{5B7C491D-2583-4FAF-A4B3-E550D5555B7A}] => F:\AA\Encode\Adobe Media Encoder CC 2015\Adobe Media Encoder.exe
FirewallRules: [{3C0AAC99-7835-484E-B0F5-9D1ACA8FAF1E}] => F:\AA\Encode\Adobe Media Encoder CC 2015\Adobe Media Encoder.exe
FirewallRules: [{C0E22A9A-3067-41B1-AF6C-1DA07BFB6B3A}] => F:\AA\Encode\Adobe Media Encoder CC 2015\Adobe Media Encoder.exe
FirewallRules: [{8080A712-C9EE-43C3-B368-82C1D26ADA54}] => F:\AA\Encode\Adobe Media Encoder CC 2015\Adobe Media Encoder.exe
FirewallRules: [TCP Query User{EB740F98-0005-4016-9F22-1020C3507ED4}C:\program files\java\jre1.8.0_101\bin\java.exe] => C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{E77C6E34-572F-432B-8837-4025C80F6CC6}C:\program files\java\jre1.8.0_101\bin\java.exe] => C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{58C76273-94CF-4977-96CE-94BA5B6ABC7E}F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{89593A3D-CE8A-4D0B-A9BC-299FC537C69C}F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E296530A-95C8-4891-BB20-EDF1E1DF612C}F:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => F:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{2AAA8040-4F9D-4740-805B-AE4FC8F1E8F1}F:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => F:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{491A0188-F1B6-46CE-82AE-829A1D5B58E1}F:\c&c\cnc generals\zerohour\game.dat] => F:\c&c\cnc generals\zerohour\game.dat
FirewallRules: [UDP Query User{3175178D-B8F1-4DC4-B035-F7551F87B3D0}F:\c&c\cnc generals\zerohour\game.dat] => F:\c&c\cnc generals\zerohour\game.dat
FirewallRules: [{53C07035-533E-4E5D-ADBF-319F58924327}] => F:\SteamLibrary\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{DA0BD78C-F303-4D2F-BA91-5DA956C43B69}] => F:\SteamLibrary\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [TCP Query User{ADC62F30-872E-4B84-B4CC-F603A19D6203}F:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => F:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{E43F6908-9164-46CC-AB7A-6A5700EB6DFE}F:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => F:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [TCP Query User{EE5356F3-DCDF-446F-9A53-244C0F8ABC33}F:\tt\openttd.exe] => F:\tt\openttd.exe
FirewallRules: [UDP Query User{40511494-389C-4218-BE01-8A7518F6415E}F:\tt\openttd.exe] => F:\tt\openttd.exe
FirewallRules: [{125E1676-A382-4695-8C9E-CE74082B8A0B}] => LPort=3979
FirewallRules: [TCP Query User{915A6740-8995-4FA6-BB16-5287043569CA}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{938DAA95-8C51-4E52-8CD6-ACB6C015EE48}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{8CBA054F-A788-4C3C-B659-1690686D8C27}] => F:\ArcTemp\WarThunder\run.exe
FirewallRules: [{97397889-CE19-4957-8D45-FE7257E90ACF}] => F:\ArcTemp\WarThunder\run.exe
FirewallRules: [TCP Query User{6E66D120-BA54-4756-B8DB-83B2553A24AC}F:\arctemp\warthunder\win64\aces.exe] => F:\arctemp\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{9C36942A-7153-4A91-946B-BD4CAEEDF436}F:\arctemp\warthunder\win64\aces.exe] => F:\arctemp\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{655DDFAE-23B0-4258-8469-E6BCA5B2DD0B}F:\wow\battle.net\battle.net.8098\battle.net.exe] => F:\wow\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{6848FF7E-0B6E-49BA-8ED4-0736E59B1EA1}F:\wow\battle.net\battle.net.8098\battle.net.exe] => F:\wow\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{498D1B03-26D9-4524-8A73-127176B56713}] => F:\SteamLibrary\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{AF794CF9-A0F1-45B8-ABB1-617D02264819}] => F:\SteamLibrary\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [TCP Query User{19E1507A-DDB8-4BFD-810E-D98444380460}F:\wow\overwatch\overwatch.exe] => F:\wow\overwatch\overwatch.exe
FirewallRules: [UDP Query User{9E646F6B-04DF-4C4D-BFA4-D54E1021D353}F:\wow\overwatch\overwatch.exe] => F:\wow\overwatch\overwatch.exe
FirewallRules: [{64FA909B-CA2C-41B4-ACE5-E536704567A4}] => F:\SteamLibrary\SteamApps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{36358149-3394-4CDB-95F0-9F1541ABDD92}] => F:\SteamLibrary\SteamApps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{0A740D31-B38F-475B-B184-2A48D42BB9DE}] => F:\STEAM\Steam.exe
FirewallRules: [{52B7C09C-A5E3-43E4-8A46-B478DE2ED90C}] => F:\STEAM\Steam.exe
FirewallRules: [{35C085BF-9CC0-4DAB-8F63-42BEE2219FCC}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{76452D82-1418-4221-8513-42BF49C94E2B}] => F:\STEAM\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5DA45AC0-EB04-45B4-A163-BD0C82B90A05}] => F:\STEAM\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{71D874A7-4182-42CE-839F-7B8B8FCAE1A0}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A599D862-7DA2-4D9A-B488-0311D3FE761F}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D333EF41-E059-44A2-9607-8ABB599B7B0C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2453D9BA-AF62-4121-A88B-C4FF4416EBE4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BA5A73ED-E3D3-487B-93DB-37C0A8427AF6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3AF7A632-9044-4BA1-AF89-05F3620BE6B6}] => F:\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A8D803FA-9A2C-46B3-B023-A9AF2D911C58}] => F:\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{E18687C1-3DF8-4594-A950-FAD7B91E8DA7}] => F:\SteamLibrary\SteamApps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{D134CF1D-6E1A-4E6B-BB34-70C874E35EF2}] => F:\SteamLibrary\SteamApps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{9DEEB2A8-2B76-4C83-8F39-769951678BB4}] => F:\SteamLibrary\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{B225A760-1393-4AE4-976C-8955A9649760}] => F:\SteamLibrary\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [TCP Query User{F3D0B6D6-0A5D-4EAA-9A61-A53B8B01B5B3}F:\wticher\astroneer.pre-alpha.v0.2.111.0\astro\binaries\win64\astro-win64-shipping.exe] => F:\wticher\astroneer.pre-alpha.v0.2.111.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{44F72DC4-5AB1-4D1C-8142-53A04105CF50}F:\wticher\astroneer.pre-alpha.v0.2.111.0\astro\binaries\win64\astro-win64-shipping.exe] => F:\wticher\astroneer.pre-alpha.v0.2.111.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [TCP Query User{14CAF19A-779E-454E-B59F-FF9F0A978667}F:\wticher\space.engineers.v01.165.006\bin64\spaceengineers.exe] => F:\wticher\space.engineers.v01.165.006\bin64\spaceengineers.exe
FirewallRules: [UDP Query User{41A20F0D-45D7-471F-823B-EBA393C3AF49}F:\wticher\space.engineers.v01.165.006\bin64\spaceengineers.exe] => F:\wticher\space.engineers.v01.165.006\bin64\spaceengineers.exe
FirewallRules: [TCP Query User{05D5DC3A-BF24-4C6A-A5EB-88EC0DAEE068}F:\wticher\space.engineers.v01.165.006\dedicatedserver64\spaceengineersdedicated.exe] => F:\wticher\space.engineers.v01.165.006\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [UDP Query User{03918E55-2D29-42F4-856D-B05AF006E4DE}F:\wticher\space.engineers.v01.165.006\dedicatedserver64\spaceengineersdedicated.exe] => F:\wticher\space.engineers.v01.165.006\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [{89A2291A-EC05-4695-B2B0-0B46FFF64BE5}] => F:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{96193323-32EC-43C2-818E-0F2719DF1FD5}] => F:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{FD753EDC-D3B4-47D2-8BC7-FE763F82999D}] => F:\World_of_Tanks\worldoftanks.exe
FirewallRules: [{89782948-23B0-4AB6-8F9F-263A36B8879A}] => F:\World_of_Tanks\worldoftanks.exe
FirewallRules: [{B902E014-0346-4C3E-ABD6-745576E8A129}] => F:\SteamLibrary\SteamApps\common\Galactic Junk League\GJL.exe
FirewallRules: [{D6D7B148-5F90-485D-A7BB-22821AF5D76C}] => F:\SteamLibrary\SteamApps\common\Galactic Junk League\GJL.exe
FirewallRules: [{6A0F8491-6D8D-4258-ABE0-628D53E08A77}] => F:\SteamLibrary\steamapps\common\Galactic Junk League\GJL.exe
FirewallRules: [{929ECDBE-722A-4D2C-8599-7CAA8001EEBB}] => F:\AA\Vegas\vegas130.exe
FirewallRules: [{DD588083-BCA2-439B-AD28-88F9B87C4A70}] => F:\AA\Vegas\vegas130.exe
FirewallRules: [{09DFD610-A9C4-4DA0-8B72-E5A994A7615C}] => F:\AA\Vegas\vegas130.exe
FirewallRules: [{E2AB5745-A853-49F9-9422-2C9F63239006}] => F:\AA\Vegas\vegas130.exe
FirewallRules: [{56DD8591-C0FC-4C4B-AD33-3DD58B20491E}] => F:\AA\Vegas\vegas130.exe
FirewallRules: [{C7554C3B-BC38-4BA4-8EA5-7E16C27841FA}] => F:\AA\Vegas\vegas130.exe
FirewallRules: [TCP Query User{C5C520C9-5C55-4EE2-8801-CB27EB6E97AE}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{53CC8370-14FE-4DC2-90F0-3332B687B9FC}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{228E9CF0-12E7-4350-9FBF-81A9A18D73D5}F:\se\space.engineers.v01.168.004\bin64\spaceengineers.exe] => F:\se\space.engineers.v01.168.004\bin64\spaceengineers.exe
FirewallRules: [UDP Query User{7182FA05-23D1-428D-840D-FBAB8048D420}F:\se\space.engineers.v01.168.004\bin64\spaceengineers.exe] => F:\se\space.engineers.v01.168.004\bin64\spaceengineers.exe
FirewallRules: [{93B25B7D-9EC1-438A-962C-48E58E83B1B5}] => F:\SteamLibrary\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D956099A-EA78-4CD4-AA97-677099BC8DD5}] => F:\SteamLibrary\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

23-01-2017 17:38:28 Removed Vegas Pro 13.0 (64-bit)
23-01-2017 18:47:21 Removed Vegas Pro 13.0 (64-bit)
23-01-2017 19:16:19 Removed Vegas Pro 13.0 (64-bit)
28-01-2017 16:54:49 Removed Java 8 Update 121

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2017 09:44:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/01/2017 09:44:28 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (02/01/2017 09:44:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (01/31/2017 04:51:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/31/2017 04:51:33 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (01/31/2017 04:51:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (01/30/2017 09:03:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/30/2017 09:03:27 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (01/30/2017 09:03:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (01/30/2017 04:11:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/31/2017 11:55:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 11:31:21 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 10:55:21 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 10:19:24 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 09:43:27 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 09:19:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 08:43:30 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 08:07:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 07:43:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOSHIBA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7FA126F-4247-4ABF-895B-9E83A9F56CD1}.
The master browser is stopping or an election is being forced.

Error: (01/31/2017 07:39:27 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DENISACKE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D3DA9DBD-C36C-4623-AD68-E6B8A5326FFB}.
The master browser is stopping or an election is being forced.


CodeIntegrity:
===================================
Date: 2017-02-01 09:44:27.983
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-31 16:51:32.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 21:03:26.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 16:11:24.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-29 10:18:15.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 19:26:23.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 15:21:33.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-27 15:51:17.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-26 14:26:23.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-25 18:46:25.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 41%
Total physical RAM: 8148.74 MB
Available physical RAM: 4767.72 MB
Total Virtual: 16295.66 MB
Available Virtual: 12701.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:40.47 GB) NTFS
Drive d: () (Fixed) (Total:72.14 GB) (Free:63.02 GB) NTFS
Drive e: (Oly) (Fixed) (Total:292.97 GB) (Free:269.46 GB) NTFS
Drive f: (Alex) (Fixed) (Total:566.4 GB) (Free:199.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F55F8080)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D8C5546F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 04 February 2017 - 08:51 PM.

BC AdBot (Login to Remove)

 

#2 Bazyks

Bazyks
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
    •  

Posted 02 February 2017 - 05:46 AM

Any help?


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,436 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:10:56 AM

Posted 04 February 2017 - 08:52 PM

Greetings Bazyks and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,436 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:10:56 AM

Posted 04 February 2017 - 09:18 PM

Thank you for your patience.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall any products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,436 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:10:56 AM

Posted 10 February 2017 - 09:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·