Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.DNSChanger.ACMB2 & Firefox spams tabs


  • This topic is locked This topic is locked
14 replies to this topic

#1 Jeankana

Jeankana

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 11 March 2017 - 04:05 PM

MalwareBytes has detected Trojan.DNSChanger.ACMB2, at random moments(possibly when Battle.Net is opened?? Not sure if connected), Firefox rapidly opens hundreds of tabs saying "Problem Loading Page". Previously removed but reinstalled, assumed rootkit.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Nate (administrator) on JAMES (10-03-2017 22:56:53)
Running from C:\Users\Nate\Downloads
Loaded Profiles: Nate (Available Profiles: Nate)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerFeedbackService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Valve Corporation) C:\Users\Nate\Downloads\Steam\Steam.exe
(Spotify Ltd) C:\Users\Nate\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(© 2015 Microsoft Corporation) C:\Users\Nate\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Spotify Ltd) C:\Users\Nate\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Nate\AppData\Roaming\Spotify\SpotifyCrashService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Hammer & Chisel, Inc.) C:\Users\Nate\AppData\Local\Discord\app-0.0.297\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Spotify Ltd) C:\Users\Nate\AppData\Roaming\Spotify\Spotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Hammer & Chisel, Inc.) C:\Users\Nate\AppData\Local\Discord\app-0.0.297\Discord.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Valve Corporation) C:\Users\Nate\Downloads\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Hammer & Chisel, Inc.) C:\Users\Nate\AppData\Local\Discord\app-0.0.297\Discord.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\CCSDK\CCSDKUpdateAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Users\Nate\Downloads\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Lenovo) C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5166872 2016-06-24] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2015-07-11] ()
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791368 2015-07-11] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-07-11] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3961528 2016-11-04] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [Steam] => C:\Users\Nate\Downloads\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [Spotify] => C:\Users\Nate\AppData\Roaming\Spotify\Spotify.exe [7163504 2017-01-29] (Spotify Ltd)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-03-05] ()
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [BingSvc] => C:\Users\Nate\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [Spotify Web Helper] => C:\Users\Nate\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-01-29] (Spotify Ltd)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Run: [Discord] => C:\Users\Nate\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{0f05546a-1dc1-4c67-82df-88665f42bafb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2370e7d3-5280-4439-b5a1-bb67f9b105a3}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2370e7d3-5280-4439-b5a1-bb67f9b105a3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2bdc0ec6-8278-11e6-9e1a-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6e585c02-f118-4085-8c59-6c2e4e6e3fd8}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}: [DhcpNameServer] 82.163.143.176

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
URLSearchHook: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 - (No Name) - {20ce2dba-1a33-4174-8175-b2be50e44b69} - C:\Program Files (x86)\EasyDocMerge_ex\bar\1.bin\exSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_aae917bb_1201_1401_20160531_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {90E8864F-BD32-4B0C-B21C-6FC64328C007} URL =
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_aae917bb_1201_1401_20160531_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {F99089F7-94BF-4F91-BFFC-E522A8B222CA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\xr8ubj2p.default-1488583098843 [2017-03-10]
FF Homepage: Mozilla\Firefox\Profiles\xr8ubj2p.default-1488583098843 -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_aae917bb_1201_1401_20160531_US_ff_sp_
FF Session Restore: Mozilla\Firefox\Profiles\xr8ubj2p.default-1488583098843 -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\xr8ubj2p.default-1488583098843 -> no_proxies_on", "https://localhost, localhost, 127.0.0.1"
FF Extension: (Adblock Plus) - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\xr8ubj2p.default-1488583098843\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-03]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\xr8ubj2p.default-1488583098843\features\{2d0e718e-b381-4a94-9f38-add23fadcc76}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-11-16]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-11-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_130.dll [2017-03-07] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 -> C:\windows\system32\npdeployJava1.dll [2015-09-22] (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_130.dll [2017-03-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-1249988424-2549518902-734225814-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeFlashPlayerFeedbackSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerFeedbackService.exe [175192 2017-03-07] (Adobe Systems Incorporated)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-22] (BitRaider, LLC)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2014-04-08] (Nuance Communications, Inc.)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [245544 2015-10-29] (EasyAntiCheat Ltd)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo) [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1122744 2015-06-01] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-08-03] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61768 2017-02-15] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-10-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-18] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016040 2015-04-10] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-07-11] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\WINDOWS\System32\LenovoUpdate.exe [26608 2017-03-10] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-25] (Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-17] (Lenovo(beijing) Limited)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-05] (Overwolf LTD)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-07-11] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-07-11] (Lenovo)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2458112 2016-11-30] (Trend Micro Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266424 2016-11-04] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2015-07-11] (Lenovo)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-12-22] (BitRaider)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows ® Win 7 DDK provider)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows ® Win 7 DDK provider) [File not signed]
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [111336 2014-04-17] (GenesysLogic)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R3 KMDFVirtualKbd; C:\WINDOWS\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\WINDOWS\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-10] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
S3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3127576 2016-06-24] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [140504 2016-08-10] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [332512 2016-08-10] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
S3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [106720 2016-08-10] (Trend Micro Inc.)
S3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [101088 2016-08-09] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [124752 2015-12-09] (Trend Micro Inc.)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [32024 2014-02-12] (Intel Corporation)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [43472 2016-07-11] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-05-23] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 22:56 - 2017-03-10 22:57 - 00032352 _____ C:\Users\Nate\Downloads\FRST.txt
2017-03-10 22:56 - 2017-03-10 22:56 - 00000000 ____D C:\FRST
2017-03-10 22:55 - 2017-03-10 22:56 - 02423808 _____ (Farbar) C:\Users\Nate\Downloads\FRST64.exe
2017-03-08 15:25 - 2017-03-08 15:25 - 00003970 _____ C:\WINDOWS\System32\Tasks\{6DF14F81-DA5A-F82A-8FBB-3A62CC48E5C2}
2017-03-05 23:14 - 2017-03-11 00:48 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-28 21:37 - 2017-02-28 21:37 - 00000000 ____D C:\ProgramData\{188FBEBF-AF24-0914-449F-6F586ECEBFC0}
2017-02-28 17:41 - 2017-02-28 17:41 - 00000694 _____ C:\Users\Nate\Downloads\Darkest Dungeon reentry and Level Restriction Removed-311-1.rar
2017-02-28 15:23 - 2017-02-28 15:23 - 00017270 _____ C:\Users\Nate\Downloads\CJB Automation 1.4-211-1-4.zip
2017-02-28 13:23 - 2017-02-28 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-28 13:22 - 2017-02-28 14:45 - 00000000 ____D C:\Users\Nate\Desktop\mbar
2017-02-28 13:22 - 2017-02-28 13:22 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Nate\Downloads\mbar-1.09.3.1001.exe
2017-02-27 13:38 - 2017-02-27 13:42 - 00000000 ____D C:\Users\TEMP
2017-02-27 13:38 - 2017-02-27 13:41 - 00000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2017-02-22 19:21 - 2017-02-22 19:21 - 00165868 _____ C:\Users\Nate\Downloads\1.11-MakeshiftMultiplyer-0.2.10.zip-501-0-2-10.zip
2017-02-22 17:05 - 2017-02-22 17:05 - 01431171 _____ C:\Users\Nate\Downloads\SMAPI-1.8.zip
2017-02-22 17:05 - 2017-02-04 16:53 - 00000000 ____D C:\Users\Nate\Downloads\SMAPI-1.8
2017-02-20 20:33 - 2017-03-05 21:03 - 00000000 ____D C:\Users\Nate\AppData\Roaming\StardewValley
2017-02-19 22:09 - 2017-02-19 22:09 - 00000223 _____ C:\Users\Nate\Desktop\Stardew Valley.url
2017-02-19 00:17 - 2017-02-19 00:17 - 00283136 _____ (Jiiks) C:\Users\Nate\Downloads\BetterDiscordWI.exe
2017-02-19 00:17 - 2016-08-12 13:16 - 00009728 _____ () C:\Users\Nate\Downloads\asardotnet.dll
2017-02-19 00:17 - 2016-05-06 14:00 - 00000063 _____ C:\Users\Nate\Downloads\splice
2017-02-19 00:17 - 2016-05-06 13:41 - 00520192 _____ (Newtonsoft) C:\Users\Nate\Downloads\Newtonsoft.Json.dll
2017-02-19 00:17 - 2015-12-18 10:32 - 00004194 _____ C:\Users\Nate\Downloads\README.md
2017-02-19 00:16 - 2017-02-19 00:16 - 00282071 _____ C:\Users\Nate\Downloads\BD0.2.82Windows.zip
2017-02-18 23:53 - 2017-02-18 23:53 - 00005046 _____ C:\Users\Nate\Downloads\Dat Discord.theme.css
2017-02-18 23:46 - 2017-02-19 00:46 - 00000000 ____D C:\Users\Nate\AppData\Roaming\BetterDiscord
2017-02-15 20:26 - 2017-02-15 20:26 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-02-10 20:19 - 2017-02-10 20:19 - 01264891 _____ C:\Users\Nate\Downloads\Nightmare(1).htm
2017-02-08 21:48 - 2017-02-08 21:48 - 01162873 _____ C:\Users\Nate\Downloads\Robert.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 22:57 - 2015-09-22 15:15 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Skype
2017-03-10 22:19 - 2015-07-11 07:02 - 00000000 ____D C:\ProgramData\Lenovo App Services
2017-03-10 21:58 - 2016-09-24 11:05 - 00000000 ____D C:\Users\Nate
2017-03-10 21:58 - 2015-10-05 22:28 - 00000000 ____D C:\Users\Nate\Downloads\Steam
2017-03-10 21:55 - 2016-11-19 14:38 - 00031476 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-03-10 21:52 - 2016-11-15 18:53 - 00000000 ____D C:\Users\Nate\AppData\LocalLow\Mozilla
2017-03-10 21:52 - 2015-11-11 19:18 - 00000000 ____D C:\Users\Nate\AppData\Local\Overwolf
2017-03-10 21:52 - 2015-11-08 03:40 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Spotify
2017-03-10 21:51 - 2015-11-08 03:40 - 00000000 ____D C:\Users\Nate\AppData\Local\Spotify
2017-03-10 21:50 - 2016-09-24 11:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-10 21:50 - 2016-08-23 01:09 - 00000000 ____D C:\Users\Nate\AppData\Local\DP_Tower_3.7
2017-03-10 21:50 - 2015-09-22 14:54 - 00000000 __SHD C:\Users\Nate\IntelGraphicsProfiles
2017-03-10 21:49 - 2017-01-29 18:33 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-10 21:49 - 2016-09-24 11:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-10 21:49 - 2016-09-24 10:59 - 00153336 _____ C:\WINDOWS\system32\wpbbin.exe
2017-03-10 21:49 - 2016-09-24 10:59 - 00111088 _____ (Lenovo (Beijing) Limited) C:\WINDOWS\system32\LenovoCheck.exe
2017-03-10 21:49 - 2016-09-24 10:59 - 00026608 _____ (Lenovo) C:\WINDOWS\system32\LenovoUpdate.exe
2017-03-10 21:40 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-10 21:35 - 2016-06-14 02:32 - 00000000 ____D C:\Users\Nate\AppData\Local\Battle.net
2017-03-10 18:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-10 15:13 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-10 13:58 - 2015-12-22 18:49 - 01703294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-10 13:56 - 2016-06-14 20:05 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-03-10 13:42 - 2016-07-13 04:00 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2017-03-10 12:35 - 2016-06-14 02:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-10 12:30 - 2017-01-20 21:37 - 00000000 ____D C:\ProgramData\6631cdae
2017-03-10 12:29 - 2016-09-24 10:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 10:20 - 2015-11-11 19:18 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-09 09:41 - 2016-11-15 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-09 09:41 - 2016-11-11 23:15 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-09 09:41 - 2016-11-11 23:06 - 00000000 ____D C:\Program Files\TrueKey
2017-03-09 09:41 - 2015-10-29 22:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-08 15:25 - 2017-01-20 21:37 - 00003880 _____ C:\WINDOWS\System32\Tasks\{FF66CD67-95B0-BB12-4FF4-C0B3B9B59D72}
2017-03-07 20:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-07 20:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-05 20:53 - 2015-09-23 05:43 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-03 18:18 - 2016-10-07 20:41 - 00000000 ____D C:\Users\Nate\Desktop\Old Firefox Data
2017-03-02 17:02 - 2017-01-29 18:33 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-28 13:23 - 2016-03-10 00:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-28 13:22 - 2017-01-29 18:34 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-28 13:21 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-28 11:01 - 2015-09-25 19:30 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-28 11:00 - 2017-01-02 00:28 - 00000000 ____D C:\Users\Nate\AppData\Roaming\discord
2017-02-27 14:05 - 2016-11-11 23:17 - 00000000 ____D C:\Users\Nate\AppData\Local\tkdata
2017-02-25 14:11 - 2016-12-24 13:11 - 00000000 ____D C:\Users\Nate\Documents\Darkest
2017-02-25 02:05 - 2017-01-07 05:49 - 00000408 _____ C:\Users\Nate\Documents\Lyon's Martial bleep.txt
2017-02-24 16:19 - 2016-01-27 00:29 - 00000000 ____D C:\Users\Nate\AppData\Local\ElevatedDiagnostics
2017-02-23 18:35 - 2015-10-05 01:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 18:30 - 2015-10-05 01:52 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 20:31 - 2016-09-24 11:21 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-22 16:39 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 20:51 - 2015-09-22 14:55 - 00000000 ____D C:\Users\Nate\AppData\Local\Packages
2017-02-19 00:20 - 2015-10-03 17:18 - 00000000 ____D C:\Users\Nate\AppData\Local\DP_Tower
2017-02-18 17:13 - 2016-07-29 18:11 - 00000000 ____D C:\Users\Nate\Documents\From The Depths
2017-02-17 17:30 - 2016-12-05 21:30 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-17 17:30 - 2015-12-22 19:14 - 00002407 _____ C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-17 17:30 - 2015-09-22 14:58 - 00000000 ___RD C:\Users\Nate\OneDrive
2017-02-08 01:54 - 2017-01-29 18:33 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

==================== Files in the root of some directories =======

2016-02-24 17:17 - 2016-12-28 21:06 - 0003363 _____ () C:\Users\Nate\AppData\Roaming\SpeedRunnersLog.txt
2016-07-11 19:27 - 2016-07-11 19:27 - 0001167 _____ () C:\Users\Nate\AppData\Roaming\trace_FilterInstaller.txt
2016-07-11 19:27 - 2016-07-11 19:27 - 0000000 _____ () C:\Users\Nate\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-10-03 17:15 - 2015-10-03 17:15 - 0000036 _____ () C:\Users\Nate\AppData\Local\housecall.guid.cache
2016-07-28 22:58 - 2016-07-28 22:58 - 0001467 _____ () C:\Users\Nate\AppData\Local\recently-used.xbel
2016-02-29 11:20 - 2016-02-29 11:20 - 0000017 _____ () C:\Users\Nate\AppData\Local\resmon.resmoncfg
2015-10-04 14:45 - 2016-11-16 19:22 - 0000010 _____ () C:\Users\Nate\AppData\Local\sponge.last.runtime.cache
2016-09-24 11:02 - 2016-09-24 11:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-22 18:51 - 2015-12-22 17:05 - 0000021 _____ () C:\ProgramData\settings.cfg

Some files in TEMP:
====================
2017-02-27 12:54 - 2017-02-27 12:54 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\124766475.t.exe
2017-03-09 21:34 - 2017-03-10 21:34 - 4421634 _____ () C:\Users\Nate\AppData\Local\Temp\300F6062E824BC9CD02EC765BC2D8914.exe
2017-02-28 21:37 - 2017-02-28 21:37 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\3952832.t.exe
2017-03-09 21:37 - 2017-03-09 21:38 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\56076503.t.exe
2017-02-27 21:41 - 2017-02-27 21:41 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\78602300.t.exe
2017-01-24 21:19 - 2017-01-24 21:19 - 0739904 _____ (Oracle Corporation) C:\Users\Nate\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-10-03 14:49 - 2017-03-05 20:35 - 8030208 _____ () C:\Users\Nate\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-10 16:10

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Nate (10-03-2017 22:58:41)
Running from C:\Users\Nate\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-24 16:30:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1249988424-2549518902-734225814-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1249988424-2549518902-734225814-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1249988424-2549518902-734225814-503 - Limited - Disabled)
Guest (S-1-5-21-1249988424-2549518902-734225814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1249988424-2549518902-734225814-1003 - Limited - Enabled)
Nate (S-1-5-21-1249988424-2549518902-734225814-1001 - Administrator - Enabled) => C:\Users\Nate

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µå·¡°ïº¼ ¿Â¶óÀÎ (HKLM-x32\...\{E8DB24C1-5905-4270-B334-A19C2A34193E}) (Version: 0.90.2 - Netmarble)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.130 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{FA378CD1-F32D-4610-9884-3902DF8AF826}) (Version: 2.3.8 - Amazon) <==== ATTENTION
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Boring Man - Online Tactical Stickman Combat (HKLM-x32\...\Steam App 346120) (Version: - Spasman Games)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.1.8.0 - Byte Technologies LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.2.0.7 - Lenovo)
Choice Chamber (HKLM\...\Steam App 359960) (Version: - Studio Bean)
Choice of Robots (HKLM-x32\...\Steam App 339350) (Version: - Choice of Games)
Corporate Lifestyle Simulator (HKLM\...\Steam App 261880) (Version: - bignic - Dolphin Barn)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Darkest Dungeon (HKLM\...\Steam App 262060) (Version: - Red Hook Studios)
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Divekick (HKLM-x32\...\Steam App 244730) (Version: - Iron Galaxy Studios)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.1.30 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.1.30 - Nuance Communications, Inc.)
From The Depths (HKLM\...\Steam App 268650) (Version: - Brilliant Skies Ltd.)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version: - Subset Games)
GeekBuddy (HKLM\...\{4CDCBF2D-8EF8-41C1-9438-B53E4007BF9C}) (Version: 4.27.174 - Comodo Security Solutions Inc)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.0 - Genesys Logic)
Grapple (HKLM-x32\...\Steam App 268320) (Version: - Tuesday Society)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Horizon (HKLM-x32\...\{6c4303a5-5115-4cfd-bf48-8af0541cd082}) (Version: 2.8.26 - Daring Development Inc.)
Horizon (x32 Version: 2.8.26 - Daring Development Inc.) Hidden
INK (HKLM-x32\...\Steam App 385710) (Version: - ZackBellGames)
Insanity Clicker (HKLM\...\Steam App 393530) (Version: - PlayFlock)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.15 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1434.2) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10269 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab)
Lenovo Motion Control (x32 Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 2.0.0.19 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.24.256 - Lenovo Corporation)
Lenovo Settings (HKLM\...\{D14CCBF5-1A3A-4C08-955B-BE6D519835C4}_is1) (Version: 2.0.0.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.21 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo Settings WiFi (HKLM\...\{86045A6C-C156-4349-A3E2-47A88A42F5C2}_is1) (Version: 2.0.0.4 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.070.04 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.1.14.1221 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 2.0.0.3 - Lenovo) Hidden
Lethal League (HKLM\...\Steam App 261180) (Version: - Team Reptile)
Magic: The Gathering - Duels of the Planeswalkers 2013 (HKLM\...\Steam App 97330) (Version: - Stainless Games)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
Nidhogg (HKLM\...\Steam App 94400) (Version: - Messhof)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
OneKey Optimizer (x32 Version: 1.1.20.16 - Lenovo) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.32.0 - Overwolf Ltd.)
PCGen60401 (HKLM-x32\...\PCGen60401) (Version: - )
PCGen60600 (HKLM-x32\...\PCGen60600) (Version: - )
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 3.08 - NCH Software)
PlayFLV (HKLM-x32\...\PlayFLV) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPTools MapTool (HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\RPTools MapTool) (Version: - hxxp://download.rptools.net/)
Savage Lands (HKLM\...\Steam App 307880) (Version: - Signal Studios)
Shadowverse (HKLM\...\Steam App 453480) (Version: - Cygames, Inc.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Simply Chess (HKLM-x32\...\Steam App 312280) (Version: - BlueLine Games)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SmartPixel (HKLM-x32\...\SmartPixel) (Version: 3.2.0.0 - Beyond Magic Limited)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
Spotify (HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 11.0.0.3 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Supreme Commander: Forged Alliance (HKLM\...\Steam App 9420) (Version: - Gas Powered Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls Online: Tamriel Unlimited (HKLM\...\Steam App 306130) (Version: - Zenimax Online Studios)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1125 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Unity Web Player (HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.32 - NCH Software)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Who's Your Daddy Alpha version 0.1.1 (HKLM-x32\...\{1BE05F6C-F9EB-491B-AE8A-A4B77F60DF4D}_is1) (Version: 0.1.1 - Joe Williams)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Your download is ready Packages (HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\Your download is ready Packages) (Version: - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1249988424-2549518902-734225814-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe (Lenovo Group Limited)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11219FD6-6CF6-4F4A-9C0E-927029BE8CE0} - System32\Tasks\Lenovo App Services => C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe [2016-10-06] (Lenovo)
Task: {112D1D95-D175-416D-A1D5-567A18275D38} - System32\Tasks\DolbySelectorTask => %ProgramFiles%\Dolby Digital Plus\ddp.exe
Task: {2A7E887E-DD84-4C8C-B9B3-D744463F6CB2} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2014-02-25] ()
Task: {2B4BD981-10E6-4CA1-84C3-3F63029D86D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2FF16616-F98B-4E13-BFD5-98CB7E1B00A8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {3680A8F3-487B-46AA-A9AA-D374A406D47F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {3B04C915-5641-4AA2-91CD-DD0DAF91F627} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3BF19EFA-E7BA-4E7E-9613-E3300FD45D7D} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)
Task: {43C3D065-A996-4E38-9746-FD60A9AAB00E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {44860052-3A2E-4CE8-A906-ECAE7CEEC8F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4695180D-077C-4751-9B82-93DBA4087045} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4771E965-E69A-43C5-B271-9DACAA096C45} - \WPD\SqmUpload_S-1-5-21-1249988424-2549518902-734225814-1001 -> No File <==== ATTENTION
Task: {4882B61F-F11D-4E93-9206-86D0251A9A65} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {4DF9D998-FD24-4DAD-8F3C-AF0D33BA4D48} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-03-05] (Overwolf LTD)
Task: {52DD50B7-CED8-4E39-94D5-316E6FB5E686} - System32\Tasks\{FF66CD67-95B0-BB12-4FF4-C0B3B9B59D72} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\6631cdae\3f7b8c52.dll" <==== ATTENTION
Task: {70FB438E-BF33-47DB-AA99-7A2B9E63691D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {72DFBA70-2426-460E-9646-427DA1BAE645} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7381CAAF-F9A1-4EFD-98B2-175ACF9075C8} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {7BFCA6E9-AA8C-4746-A842-9BAD99B900AD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8746CB82-FA41-402B-954C-EA5652083173} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Nate\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {8793A92F-0931-4F9D-9CFD-9EF5A00DF961} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {91674F8E-7D72-422F-8E82-BE47B0EA558E} - System32\Tasks\{6DF14F81-DA5A-F82A-8FBB-3A62CC48E5C2} => C:\ProgramData\{4D94FB0F-FA3F-4CA4-6022-90C371A632C5}\AC978EFE-1B3C-3955-C88F-DFC5145531FD.exe <==== ATTENTION
Task: {974838C2-F590-4364-B0AC-686A392B5152} - System32\Tasks\{3BCBC4CD-B53A-4619-B54C-46BA1B197FEF} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.17.85.105/en/abandoninstall?page=tsProgressBar
Task: {9A786E19-02EF-47D8-9B48-520EC8763EE8} - System32\Tasks\{218ED5D3-7F23-4D41-B038-2DC34372C31F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {9E850F83-98AB-412B-A322-F7DD6FBD0ECA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A6241C12-D93B-43F0-8ABD-95904128F86B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-07] (Adobe Systems Incorporated)
Task: {A91BB9E8-ABFB-49C8-9A2C-79337BD7412C} - System32\Tasks\{51C20F73-27DE-43B1-B033-21AB4782B8BB} => Firefox.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {AE8B4A02-8783-49C2-95D6-F166CD6CE34D} - System32\Tasks\{3D418664-2F2E-4629-A61B-6ED9FEC6C026} => Firefox.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {B374548D-EB99-462F-A4C1-12D4DE082BD2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f5d06cac-7071-40b3-9e58-8366b469f8fa => powershell.exe -nologo -noninteractive "&amp; {New-Item -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\f5d06cac-7071-40b3-9e58-8366b469f8fa -type directory -force;$conter=Get-Date;$conter=$conter.ToUniversalTime();Set-ItemProperty -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\f (the data entry has 73 more characters).
Task: {B3D112E8-3A19-482B-BEA8-C7DA2B4701AD} - System32\Tasks\{71258382-8872-44C9-A74D-0C793A734805} => Firefox.exe hxxps://ui.skype.com/ui/0/7.30.64.105/en/abandoninstall?page=tsProgressBar
Task: {C064C685-7322-45DC-A6F7-C615ED480FF7} - System32\Tasks\{C4282738-CC83-478C-82E9-92448FC93DCA} => pcalua.exe -a C:\Users\Nate\AppData\Local\Microsoft\Windows\INetCache\IE\1TXRCMQL\SWTOR_setup.exe -d C:\Users\Nate\Desktop
Task: {CDC03712-F33E-48D3-9B8F-14681E192E58} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {D55DEB4C-3FA9-4744-A02C-3F5226EA863F} - \{0E0F7A47-097F-790D-0A11-7E790C041105} -> No File <==== ATTENTION
Task: {E0581036-98D5-4E0C-B142-F1A4F2B03FC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E11C5CE0-A68D-4349-8B56-C203989C4356} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {EC840987-489F-451D-8677-2E5FB832272E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ECDA4C59-AF92-4489-B94A-DB86E2CDD248} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {F79C26A1-97E0-43E2-8372-0BC80CC604C4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F92CBF4B-1897-41BA-8129-AA03151066B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nate\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 16:10 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 17:18 - 2015-03-31 06:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll
2015-10-03 17:18 - 2015-03-31 06:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll
2015-10-03 17:18 - 2015-03-31 06:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2015-10-03 17:18 - 2015-03-31 06:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll
2015-10-03 17:18 - 2015-03-31 06:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll
2015-10-03 17:18 - 2015-03-31 06:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2015-09-23 20:00 - 2015-07-16 13:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2015-07-11 07:14 - 2014-11-20 12:43 - 00016920 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbServicePS.dll
2017-01-29 18:33 - 2017-03-02 17:02 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2015-10-03 17:18 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
2015-10-03 17:19 - 2015-07-16 13:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2015-10-03 17:19 - 2015-07-16 13:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2015-10-03 17:19 - 2015-07-16 13:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2015-10-03 17:19 - 2015-07-16 13:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2015-07-11 07:05 - 2015-07-11 07:05 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2015-07-11 07:10 - 2015-07-11 07:10 - 00133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
2015-07-11 07:13 - 2014-11-17 17:35 - 00036632 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-07-11 07:13 - 2014-11-17 17:35 - 00166680 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2016-12-14 16:10 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-10-03 17:18 - 2016-11-30 18:30 - 40970752 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2016-09-24 14:53 - 2016-09-24 14:53 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:46 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:46 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:46 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 18:46 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:46 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 18:46 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:46 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-03 00:36 - 2016-08-03 00:36 - 00401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-07-11 06:41 - 2014-02-25 22:13 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2015-07-11 07:05 - 2015-07-11 07:05 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2015-07-11 07:05 - 2015-07-11 07:05 - 00791368 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-07-11 07:05 - 2015-07-11 07:05 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-07-11 07:13 - 2014-11-17 17:35 - 00040216 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2015-07-11 07:05 - 2015-07-11 07:05 - 00109328 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2015-07-11 07:14 - 2014-11-20 12:43 - 00159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2015-07-11 07:13 - 2014-11-17 17:35 - 00036120 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2015-09-25 19:29 - 2015-06-01 12:58 - 01122744 _____ () C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
2017-02-22 16:23 - 2017-02-22 16:24 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 16:23 - 2017-02-22 16:24 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2015-07-11 07:09 - 2012-04-24 05:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-28 15:16 - 2014-05-28 15:16 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2015-07-11 07:05 - 2015-07-11 07:05 - 00105744 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2015-07-11 07:05 - 2015-07-11 07:05 - 00102160 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2015-10-05 22:30 - 2017-02-02 20:42 - 00668960 _____ () C:\Users\Nate\Downloads\Steam\SDL2.dll
2015-10-05 22:30 - 2016-08-31 20:02 - 04969248 _____ () C:\Users\Nate\Downloads\Steam\v8.dll
2015-10-05 22:30 - 2017-03-09 17:37 - 02465056 _____ () C:\Users\Nate\Downloads\Steam\video.dll
2015-10-05 22:29 - 2016-01-27 02:49 - 02549760 _____ () C:\Users\Nate\Downloads\Steam\libavcodec-56.dll
2015-10-05 22:29 - 2016-01-27 02:49 - 00491008 _____ () C:\Users\Nate\Downloads\Steam\libavformat-56.dll
2015-10-05 22:29 - 2016-01-27 02:49 - 00332800 _____ () C:\Users\Nate\Downloads\Steam\libavresample-2.dll
2015-10-05 22:29 - 2016-01-27 02:49 - 00442880 _____ () C:\Users\Nate\Downloads\Steam\libavutil-54.dll
2015-10-05 22:29 - 2016-01-27 02:49 - 00485888 _____ () C:\Users\Nate\Downloads\Steam\libswscale-3.dll
2015-10-05 22:30 - 2016-08-31 20:02 - 01563936 _____ () C:\Users\Nate\Downloads\Steam\icui18n.dll
2015-10-05 22:30 - 2016-08-31 20:02 - 01195296 _____ () C:\Users\Nate\Downloads\Steam\icuuc.dll
2015-10-05 22:30 - 2017-03-09 17:37 - 00838432 _____ () C:\Users\Nate\Downloads\Steam\bin\chromehtml.DLL
2016-03-08 22:38 - 2016-07-04 17:17 - 00266560 _____ () C:\Users\Nate\Downloads\Steam\openvr_api.dll
2015-11-08 03:40 - 2017-01-29 00:13 - 51777648 _____ () C:\Users\Nate\AppData\Roaming\Spotify\libcef.dll
2016-11-01 08:03 - 2017-01-29 00:13 - 00110192 _____ () C:\Users\Nate\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-01-30 16:57 - 2016-09-22 01:24 - 00884504 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
2017-01-30 16:56 - 2016-09-22 01:11 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2017-03-05 03:56 - 2017-03-05 03:56 - 67310648 _____ () C:\Program Files (x86)\Overwolf\0.103.32.0\libcef.DLL
2017-01-11 17:47 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Nate\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-19 19:33 - 2017-01-19 19:33 - 01082880 _____ () \\?\C:\Users\Nate\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-19 19:33 - 2017-01-19 19:33 - 03750400 _____ () \\?\C:\Users\Nate\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-19 19:33 - 2017-01-19 19:33 - 00914432 _____ () \\?\C:\Users\Nate\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-19 19:33 - 2017-01-19 19:33 - 01127424 _____ () \\?\C:\Users\Nate\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2014-05-28 15:17 - 2014-05-28 15:17 - 02402568 _____ () C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
2015-11-08 03:40 - 2017-01-29 00:13 - 01803888 _____ () C:\Users\Nate\AppData\Roaming\Spotify\libglesv2.dll
2015-11-08 03:40 - 2017-01-29 00:13 - 00086128 _____ () C:\Users\Nate\AppData\Roaming\Spotify\libegl.dll
2017-01-11 17:47 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Nate\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 17:47 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Nate\AppData\Local\Discord\app-0.0.297\libegl.dll
2016-12-12 13:42 - 2017-01-30 16:41 - 68875552 _____ () C:\Users\Nate\Downloads\Steam\bin\cef\cef.win7\libcef.dll
2015-10-05 22:30 - 2017-03-09 17:37 - 00383776 _____ () C:\Users\Nate\Downloads\Steam\steam.dll
2017-02-19 00:17 - 2017-02-19 00:17 - 00148992 _____ () \\?\C:\Users\Nate\AppData\Local\Discord\app-0.0.297\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-01-19 19:33 - 2017-01-19 19:33 - 02658304 _____ () \\?\C:\Users\Nate\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-19 19:34 - 2017-01-19 19:34 - 02130432 _____ () \\?\C:\Users\Nate\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2014-10-10 11:37 - 2014-10-10 11:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-01-23 15:21 - 2016-12-06 16:09 - 00116064 _____ () C:\Program Files (x86)\Lenovo\CCSDK\Xmlparser.dll
2015-10-05 22:29 - 2015-09-24 18:52 - 00119208 _____ () C:\Users\Nate\Downloads\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [366]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-06-19 20:40 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1249988424-2549518902-734225814-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nate\Pictures\Arcanimas!Paige.jpg
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\...\StartupApproved\Run: => "Playthru Player"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DE9F12FF-EFF1-427E-B0A3-7373F15BFAB7}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{07B22C69-E14D-4678-8497-D0868BD82129}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{4F2C28C2-967E-44EB-AB47-9C5B53476DD5}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{6C7F37A5-61EA-48CE-A95D-06AAA2BFC1D2}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{B41BBB10-D92B-4270-BB0A-355D601AB5DC}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Choice Chamber\choicechamber.exe
FirewallRules: [{68D6A7AC-FEA2-4DB3-955D-EDB658F24B3A}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Choice Chamber\choicechamber.exe
FirewallRules: [{B8184587-95D0-47FB-AB63-ACEEC1F1D27F}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\From The Depths\From_The_Depths.exe
FirewallRules: [{BFD58924-A481-4161-A631-CE53CD2CD6AA}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\From The Depths\From_The_Depths.exe
FirewallRules: [{36D4142E-A53F-4B81-B56D-475432FA9ED7}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [{A5A9970B-24DE-4758-A0ED-C5D6382E2D29}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [UDP Query User{687F5480-CDD3-462A-B656-7D654BEF761A}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [TCP Query User{BD373ACE-8A52-437F-B4E6-D38C8B86E07F}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [{2F96948B-C13F-4832-9086-2154952F2CD1}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{AAA3CA05-36D1-4B3B-90DF-48B49819B5DD}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{A2EFF8A2-A259-490C-AA5F-CC5E81FE47A6}] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{5E147AD6-EBEB-40D6-BCB3-C2189595ABD5}] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{16261A15-2174-4C51-A535-4378AE7AA888}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{C9DD5414-5B5C-4756-AFFA-5201720B7347}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{71CA3F03-BE88-43C4-A818-EFF2BBD73E92}] => (Block) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [{E79359C9-4FA5-44CF-B304-39E1B692A6D4}] => (Block) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{BD173A1A-7A41-4D7A-BEF8-4B3AA4981390}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [TCP Query User{F1A379DB-F532-4AF3-8003-E4A5F4DB1731}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [{084DE00E-4E74-416F-A797-844EEE0AF678}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Insanity Clicker\Insanity Clicker.exe
FirewallRules: [{2AD00ADC-F918-4A49-A571-E019992AC807}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Insanity Clicker\Insanity Clicker.exe
FirewallRules: [{F6A12C2E-420B-4E31-85E7-423B7266DC85}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{434D879E-353C-43CD-A8B4-898D8FA5793E}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{AF8459FE-487C-428E-A571-119675E73810}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{3258976A-648D-43EA-B8CB-162DCF04F609}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{FA295BCF-FE1D-4C87-AE92-3CD04DCF9551}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{AEDDC9BC-BA62-429A-9265-48F7981C6357}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5FFE9B20-8773-49A2-A577-D3FDFFD9ED49}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{86F93B52-D241-4E23-923F-34661D81FFEF}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{AB657B2C-52D9-4153-AECC-913B2F8B2FEA}] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [{2EE43002-D62B-45A7-9ADA-F7ABC5D83871}] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [UDP Query User{7E061498-C90E-48D6-BB32-F5BCB2A7FC6E}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [TCP Query User{C8BEBEAD-26AC-475D-936E-19BFCCA6D598}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [{820E9E5C-5313-4E78-BF01-14854DFE4323}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Corporate Lifestyle Simulator\NotZombies.exe
FirewallRules: [{33739CB9-FD21-4D21-AEFD-C83567F950AC}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Corporate Lifestyle Simulator\NotZombies.exe
FirewallRules: [{3D0AC5A6-13F2-4246-8FAA-9545B21D5A1A}] => (Block) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\tsdns\tsdnsserver.exe
FirewallRules: [{537117BA-34ED-4167-854C-6FE4A767D1C1}] => (Block) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\tsdns\tsdnsserver.exe
FirewallRules: [UDP Query User{50C3AF6F-879D-4F6B-A61C-60BB9D43D162}C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\tsdns\tsdnsserver.exe] => (Allow) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\tsdns\tsdnsserver.exe
FirewallRules: [TCP Query User{CC6BFDD0-E2C6-43C3-807B-D84F28A1DEB6}C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\tsdns\tsdnsserver.exe] => (Allow) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\tsdns\tsdnsserver.exe
FirewallRules: [{DA2DB637-8BFE-40EA-AC8C-E4C7FC4604E4}] => (Block) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\ts3server.exe
FirewallRules: [{08EC2717-5212-4F4F-9FB1-420CD9D3FBF3}] => (Block) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\ts3server.exe
FirewallRules: [UDP Query User{51BEBA2D-2EC6-47D9-B009-680DD20764E8}C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\ts3server.exe
FirewallRules: [TCP Query User{3D685880-CAE0-410E-B4B3-041E4A7554C0}C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\nate\downloads\teamspeak3-server_win64-3.0.12.3\teamspeak3-server_win64\ts3server.exe
FirewallRules: [{A6075628-B39C-4747-9C14-40045587F1B4}] => (Block) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{77865F1E-74B9-4B8E-A4DB-75BB50C77291}] => (Block) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{2DD90265-CE78-4096-9C56-5126BFFFA2E4}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{629BAA1A-E6FE-43CD-A71C-0A11C30645A8}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{1EAA151E-462D-45DB-8AD3-37753E3525B5}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Magic 2013\DotP_D13.exe
FirewallRules: [{612E2A21-E129-4E70-B71F-92EE234E39B5}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Magic 2013\DotP_D13.exe
FirewallRules: [{5124F8C8-14FF-4829-978A-2F186D92D732}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Grapple\Grapple.exe
FirewallRules: [{00A57F73-2C0A-4B43-884C-1065C4D18AF6}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Grapple\Grapple.exe
FirewallRules: [{DBD3B45E-B6D2-4585-B3D8-7B77C53655BE}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{60A1D922-3BC8-4681-B58E-5BB2C5042456}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C8F8725E-7ED3-41C1-8304-958E15BD04CC}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Divekick\DivekickD3D11.exe
FirewallRules: [{BE8312B0-D946-4279-B23D-E679CD35ADF8}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Divekick\DivekickD3D11.exe
FirewallRules: [{27940AF4-530E-497C-8E2C-E85FF11E1975}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{27367EC7-910E-4132-96DE-D8C85DF9C7B2}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{39F1601F-8677-45AE-9547-3B8D8B21B25E}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\INK\INK.exe
FirewallRules: [{1FB42E92-BABD-433A-A2C6-860CA5762362}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\INK\INK.exe
FirewallRules: [{F565962E-91B3-4E41-AC3B-C944F347F5DC}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{16CF50E0-1E71-4EFD-A348-0A452D6DEAB9}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{BBED216F-F057-4C47-A185-A0062260E6A5}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{3578FFFE-D1DE-4F00-ADD5-2945831B2BE7}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{F52503A1-5AD6-40FD-9CF4-2B2C96398008}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{8B6CDB36-28DA-4052-8CD0-C6CFA7154C67}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{F7392956-327F-4723-9BD5-A5F12E342BA1}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{5C04EB60-F561-43D5-9405-56DDED835A0D}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{A0C93F7F-9B47-4773-9946-46403DFEE01E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1588558D-0E5A-4ACC-8AB5-9252A53CFC80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{897EF022-F04D-4883-A541-964C210A03AC}C:\users\nate\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nate\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A60C9C40-C1A8-42A2-9FE9-BC80CB952064}C:\users\nate\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nate\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0251D24E-BE70-4EBF-8BB5-F31E4283B55C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{32D2C499-8914-4160-B7E8-595350FEB868}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{704DD881-DAA6-4C57-B1D2-C567F94F1A51}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{895EB690-F957-4DE1-9BAD-8556585B9D1F}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{8CF8D829-55C4-4CA1-AB7E-F9875D23FA8B}] => (Allow) LPort=55100
FirewallRules: [{EC9A1EBA-FBC3-4D2A-85FB-4F9AC55FBBD3}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [TCP Query User{F36F2DC9-983D-4494-BDE8-C2298B395E90}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09C87A7C-3114-4EAD-8D3E-D9E27F640286}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{588C1A26-128A-401F-BF16-372982FCA5B7}] => (Allow) C:\Users\Nate\Downloads\Steam\Steam.exe
FirewallRules: [{528EA2C4-9A1A-4EE1-AADF-C5B54E78E60F}] => (Allow) C:\Users\Nate\Downloads\Steam\Steam.exe
FirewallRules: [{E0278B5D-5771-4DFB-AC9A-DD2EA5C94ED6}] => (Allow) C:\Users\Nate\Downloads\Steam\bin\steamwebhelper.exe
FirewallRules: [{021D8542-C626-4210-806C-8D24B27C0F37}] => (Allow) C:\Users\Nate\Downloads\Steam\bin\steamwebhelper.exe
FirewallRules: [{173AA4AD-CDC1-4A7A-9A41-B273F0499EFF}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7C15A860-038C-4D3D-9646-A6CE5D0F5E91}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{2CF91EEA-FBBE-4918-B6FA-54EE73555491}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4FC55415-F90A-4C6A-830A-696007114E3C}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4094A46F-FE82-4CBF-B1E2-393D99818F77}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6CED7522-6C65-4742-B668-720845590B09}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{7607F48E-E2C9-40BD-ADA5-349CFBBD1075}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7AF5D9A2-C1EE-42BD-92D0-D41E472578F1}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BDC9ACBF-7996-4CAF-BF03-3A0591B7DD09}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{12FAC71D-5331-416F-BABE-3B1F7865A03C}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B401E68E-213E-42D4-9469-CB8885A9A1F2}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{941870E5-B17B-4091-8436-A043C8FEBAC4}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{9B832F7F-4752-47D7-9D72-135FA6C0C576}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Chess\Chess.exe
FirewallRules: [{75CA51D2-D98A-4401-A382-25BFCD648BE5}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Chess\Chess.exe
FirewallRules: [TCP Query User{445B1DA7-B00D-4C21-B216-31215A3CD6D9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B56BD8B7-536D-4722-87F2-8B36AF1D790C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{997CA662-3722-4CD3-8064-A6F2AE9FA5E7}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{ED34FB56-DB90-4F28-9768-4436EDCD2976}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [TCP Query User{B2777A23-9EE6-426B-A574-79D4BD38B108}C:\users\nate\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{3C86A073-0071-430D-A89D-DED708EBAA6D}C:\users\nate\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{E874591D-75A9-4F47-A0C5-827C68916B79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D3D6E7C-630C-4FF5-AC53-E3FDD50F0B74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA3562D6-3EB5-4657-8EF7-8B6FB51B2C7E}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{7C6A876F-8529-4B69-AFB2-2F866C89404A}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{29B9D517-2EA2-454C-B95A-47115CC68CE7}C:\users\nate\downloads\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{487BC5A3-4941-4AE8-930D-DD4965F9071F}C:\users\nate\downloads\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{736F5F74-8E77-4CB9-8ED0-9FB01B30B55E}C:\users\nate\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nate\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C8808848-798F-4B46-92BB-7C829AF9E61B}C:\users\nate\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nate\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BF565FD1-6A63-48B1-BB94-0C79015D00AF}C:\users\nate\downloads\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{8B598276-50B5-48CD-B876-39507664A3D8}C:\users\nate\downloads\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{5C381D2D-6623-40D9-9FB3-5AED3E2C84CC}C:\users\nate\downloads\steam\steamapps\common\dungeons and dragons online\dndclient.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [UDP Query User{3012549E-6E92-4713-95E6-733A6EF894A2}C:\users\nate\downloads\steam\steamapps\common\dungeons and dragons online\dndclient.exe] => (Allow) C:\users\nate\downloads\steam\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [TCP Query User{7BAA71FA-AC07-4BA3-A5F2-85A89133C3C6}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{FF3E209E-E65A-47E4-827F-8F5A61CB8FC1}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{AC6438C7-26E2-4EF5-9A55-2EE00CB33FB9}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{8C149C39-BF44-4472-9C01-2054D429AC10}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{197EDCAD-30D5-45A8-8D22-A21CB0A49346}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\ChoiceOfRobots\ChoiceOfRobots.exe
FirewallRules: [{715E7825-8B7D-4BBA-9E3E-C7B862AEE4FE}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\ChoiceOfRobots\ChoiceOfRobots.exe
FirewallRules: [{F484FBA4-2697-473B-B607-3F3EE409AB34}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{AA2A6691-EDCD-48C6-B879-97C73FD9D01F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{99993F07-EE4E-47A7-A071-ED819700B20E}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A66A3C72-DD4E-4E0E-BA50-51C571D3BDED}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{4B1B563D-3991-47C8-A0DB-38A5DA92B46D}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{5CACBFD9-1290-480D-8EDB-DFFDB199316A}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{54DC55F3-074B-4105-B181-FF78A6C43208}] => (Block) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{F45D0172-0DF3-4F8E-A301-BD098ACF9AD7}] => (Block) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{9F5AE05D-3AC1-444C-80F5-310C124C360E}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{5CF1B0DC-CF83-4E0A-91C0-1F504622E35C}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{8760F996-C68A-4E7D-8B95-2D02A0711840}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{A8FD3F66-0B7F-41E3-A210-3E39822879AD}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [TCP Query User{B1148BE6-5161-49F3-85A3-E3571A7EF18B}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{00CBA070-6CDE-46C0-87B8-BC349D64A212}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe
FirewallRules: [{C3F371AC-CCA9-4130-A497-6E17CB552128}] => (Block) C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe
FirewallRules: [{AD0ECA7D-2D5B-41F7-9DFC-82413DF4C7FA}] => (Block) C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe
FirewallRules: [{03960A56-B7DF-4619-8E57-3406ADA69377}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{E364E80C-BE02-4B7E-A06C-D81DADA2B3C8}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{61899FB6-D4DB-41FE-B7A4-95C111C9A294}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{40DAD3C3-9ECF-4753-87D9-02B6F4DF3B4B}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{3755D54D-5862-4889-9FA6-95624BB06285}] => (Allow) C:\Users\Nate\Downloads\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6AD2EDC1-0B8D-433C-88C4-E00278C48A0A}] => (Allow) C:\Users\Nate\Downloads\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7FDB193C-35F8-49EF-9183-345038204279}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F08C6300-3968-4B36-AAC0-63272F6E5879}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{C856F638-7808-4E85-8BDC-3BB1A7FD6105}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{D4875E95-B350-42A6-9FCD-C398FDCB1AB2}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{B835E445-E1DA-4D0C-8F51-B8DEA332A761}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{FE194E29-EB6B-4328-8A82-4ECD291F879A}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{39419799-339D-452D-89A9-D60A787CC512}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{BF23A400-29AC-4AAF-897D-A9F707895AB1}] => (Allow) C:\Users\Nate\Downloads\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe

==================== Restore Points =========================

22-02-2017 16:37:07 Windows Update
07-03-2017 20:10:29 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2017 10:11:43 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/10/2017 10:11:41 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/10/2017 10:08:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.14393.0, time stamp: 0x57899bb2
Faulting module name: Cortana.Signals.dll, version: 0.0.0.0, time stamp: 0x585a25e0
Exception code: 0x80000003
Fault offset: 0x00000000000264a4
Faulting process id: 0x32b4
Faulting application start time: 0x01d29a13f6ca7a0e
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
Report Id: 6e10c0d1-3cb0-48eb-b649-d6d5df82a6c6
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (03/10/2017 09:58:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JAMES)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/10/2017 09:52:21 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/10/2017 07:50:54 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/10/2017 07:50:54 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/10/2017 04:32:08 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/10/2017 04:32:07 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/10/2017 12:48:39 PM) (Source: lupdate) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (03/10/2017 10:06:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (03/10/2017 10:03:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (03/10/2017 10:00:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (03/10/2017 09:58:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.

Error: (03/10/2017 09:55:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (03/10/2017 09:50:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 09:49:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 09:49:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 09:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/10/2017 09:37:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-02-28 18:57:17.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.217.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-28 18:57:17.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.217.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-28 18:56:58.426
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.217.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-28 18:56:57.592
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.217.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-22 17:38:38.374
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.213.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-22 17:38:38.360
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.213.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-22 17:37:28.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.213.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-22 17:37:27.916
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.213.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-07 16:53:52.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.24.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

Date: 2017-02-07 16:53:15.533
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.102.24.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 67%
Total physical RAM: 6049.92 MB
Available physical RAM: 1953.27 MB
Total Virtual: 10657.92 MB
Available Virtual: 4504.24 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:891.44 GB) (Free:659.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5F2A645A)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 March 2017 - 04:35 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 11 March 2017 - 04:49 PM

Greetings Jeankana and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Do you recognize this?

Netmarble

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Amazon 1Button App
ByteFence Anti-Malware

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
GroupPolicy: Restriction <======= ATTENTION
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2370e7d3-5280-4439-b5a1-bb67f9b105a3}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{6e585c02-f118-4085-8c59-6c2e4e6e3fd8}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}: [DhcpNameServer] 82.163.143.176
URLSearchHook: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 - (No Name) - {20ce2dba-1a33-4174-8175-b2be50e44b69} - C:\Program Files (x86)\EasyDocMerge_ex\bar\1.bin\exSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {90E8864F-BD32-4B0C-B21C-6FC64328C007} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
2017-02-27 12:54 - 2017-02-27 12:54 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\124766475.t.exe
2017-03-09 21:34 - 2017-03-10 21:34 - 4421634 _____ () C:\Users\Nate\AppData\Local\Temp\300F6062E824BC9CD02EC765BC2D8914.exe
2017-02-28 21:37 - 2017-02-28 21:37 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\3952832.t.exe
2017-03-09 21:37 - 2017-03-09 21:38 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\56076503.t.exe
2017-02-27 21:41 - 2017-02-27 21:41 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\78602300.t.exe
Task: {2FF16616-F98B-4E13-BFD5-98CB7E1B00A8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {4771E965-E69A-43C5-B271-9DACAA096C45} - \WPD\SqmUpload_S-1-5-21-1249988424-2549518902-734225814-1001 -> No File <==== ATTENTION
Task: {52DD50B7-CED8-4E39-94D5-316E6FB5E686} - System32\Tasks\{FF66CD67-95B0-BB12-4FF4-C0B3B9B59D72} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\6631cdae\3f7b8c52.dll" <==== ATTENTION
C:\PROGRA~3\6631cdae
Task: {7381CAAF-F9A1-4EFD-98B2-175ACF9075C8} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {91674F8E-7D72-422F-8E82-BE47B0EA558E} - System32\Tasks\{6DF14F81-DA5A-F82A-8FBB-3A62CC48E5C2} => C:\ProgramData\{4D94FB0F-FA3F-4CA4-6022-90C371A632C5}\AC978EFE-1B3C-3955-C88F-DFC5145531FD.exe <==== ATTENTION
C:\ProgramData\{4D94FB0F-FA3F-4CA4-6022-90C371A632C5}
Task: {D55DEB4C-3FA9-4744-A02C-3F5226EA863F} - \{0E0F7A47-097F-790D-0A11-7E790C041105} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [366]
2017-02-28 21:37 - 2017-02-28 21:37 - 00000000 ____D C:\ProgramData\{188FBEBF-AF24-0914-449F-6F586ECEBFC0}
cmd: ipconfig /flushdns
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize program?
  • Did the programs uninstall?
  • Fixlog
  • RogueKiller log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Jeankana

Jeankana
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 11 March 2017 - 06:58 PM

Hello, and thank you so much for replying so quickly! My name is Nate! Just finished the last task you gave me, so far, here's what I've got:

"Do you recognize the program?"
No, Netmarble is not familiar to me

 

"Did the programs uninstall?"
No. Amazon 1Button App did not even give the option of uninstalling. It said there was an error in uninstalling Bytefence and claimed it may have already been uninstalled, then removed it from the directory

 

"Fixlog"
Finished

 

"Update on computer behavior"
Everything is normal, so far. Until things are resolved or I'm sure it's not connected, I'm not opening Battle.net, unless you instruct me to. So far, Firefox has remained normal and not opened any random tabs.

 

"RogueKiller log"

 

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Nate [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/11/2017 17:22:25 (Duration : 01:06:23)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.ByteFence|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\ByteFence -> Found
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ByteFence -> Found
[PUP.ByteFence|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\ByteFence -> Found
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\ByteFence -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{B1148BE6-5161-49F3-85A3-E3571A7EF18B}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{00CBA070-6CDE-46C0-87B8-BC349D64A212}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 10 ¤¤¤
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> Found
[Tr.Gen0][File] C:\Users\Nate\AppData\Local\Temp\a.txt -> Found
[PUP.Gen1][Folder] C:\Users\Nate\AppData\Local\YSearchUtil -> Found
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware -> Found
[Adw.Cloudguard][File] C:\Program Files (x86)\Overwolf\0.102.217.0\Microsoft.Win32.TaskScheduler.dll -> Found
[Adw.Cloudguard][File] C:\Program Files (x86)\Overwolf\0.103.32.0\Microsoft.Win32.TaskScheduler.dll -> Found
[Adw.Cloudguard][File] C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -> Found
[PUP.Filefinder][Folder] C:\Program Files (x86)\Pluto TV -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A7E630 +++++
--- User ---
[MBR] 5d278195d8aeeeacb85b580798623a3e
[BSP] 15e09fd4f4ee57a06ade5caebebc999d : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 912831 MB
5 - Basic data partition | Offset (sectors): 1874370560 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1926799360 | Size: 13049 MB
User = LL1 ... OK
User = LL2 ... OK

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 11 March 2017 - 07:08 PM

You are quite welcome.

When you ran the Fixlist there should have been a Fixlog.txt file created in the Downloads folder if that is where FRST.exe program file is. Can you copy and paste the contents in your reply for me?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Jeankana

Jeankana
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 11 March 2017 - 07:18 PM

Oh, I'm sorry! I thought I did that, here it is:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by Nate (11-03-2017 17:09:10) Run:1
Running from C:\Users\Nate\Downloads
Loaded Profiles: Nate (Available Profiles: Nate)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
GroupPolicy: Restriction <======= ATTENTION
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2370e7d3-5280-4439-b5a1-bb67f9b105a3}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{6e585c02-f118-4085-8c59-6c2e4e6e3fd8}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}: [DhcpNameServer] 82.163.143.176
URLSearchHook: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 - (No Name) - {20ce2dba-1a33-4174-8175-b2be50e44b69} - C:\Program Files (x86)\EasyDocMerge_ex\bar\1.bin\exSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1249988424-2549518902-734225814-1001 -> {90E8864F-BD32-4B0C-B21C-6FC64328C007} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
2017-02-27 12:54 - 2017-02-27 12:54 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\124766475.t.exe
2017-03-09 21:34 - 2017-03-10 21:34 - 4421634 _____ () C:\Users\Nate\AppData\Local\Temp\300F6062E824BC9CD02EC765BC2D8914.exe
2017-02-28 21:37 - 2017-02-28 21:37 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\3952832.t.exe
2017-03-09 21:37 - 2017-03-09 21:38 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\56076503.t.exe
2017-02-27 21:41 - 2017-02-27 21:41 - 1192960 _____ () C:\Users\Nate\AppData\Local\Temp\78602300.t.exe
Task: {2FF16616-F98B-4E13-BFD5-98CB7E1B00A8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {4771E965-E69A-43C5-B271-9DACAA096C45} - \WPD\SqmUpload_S-1-5-21-1249988424-2549518902-734225814-1001 -> No File <==== ATTENTION
Task: {52DD50B7-CED8-4E39-94D5-316E6FB5E686} - System32\Tasks\{FF66CD67-95B0-BB12-4FF4-C0B3B9B59D72} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\6631cdae\3f7b8c52.dll" <==== ATTENTION
C:\PROGRA~3\6631cdae
Task: {7381CAAF-F9A1-4EFD-98B2-175ACF9075C8} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {91674F8E-7D72-422F-8E82-BE47B0EA558E} - System32\Tasks\{6DF14F81-DA5A-F82A-8FBB-3A62CC48E5C2} => C:\ProgramData\{4D94FB0F-FA3F-4CA4-6022-90C371A632C5}\AC978EFE-1B3C-3955-C88F-DFC5145531FD.exe <==== ATTENTION
C:\ProgramData\{4D94FB0F-FA3F-4CA4-6022-90C371A632C5}
Task: {D55DEB4C-3FA9-4744-A02C-3F5226EA863F} - \{0E0F7A47-097F-790D-0A11-7E790C041105} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [366]
2017-02-28 21:37 - 2017-02-28 21:37 - 00000000 ____D C:\ProgramData\{188FBEBF-AF24-0914-449F-6F586ECEBFC0}
cmd: ipconfig /flushdns
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Max Cached Icons => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2370e7d3-5280-4439-b5a1-bb67f9b105a3}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e585c02-f118-4085-8c59-6c2e4e6e3fd8}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a3d99be7-a2a6-472a-a8af-84fb060734c4}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{adb0d07c-db50-4898-99b8-d0202f4126eb}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b22de17d-3ce4-421b-b1a9-9f1f10eff481}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{20ce2dba-1a33-4174-8175-b2be50e44b69} => value removed successfully
HKCR\Wow6432Node\CLSID\{20ce2dba-1a33-4174-8175-b2be50e44b69} => key not found.
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
HKU\S-1-5-21-1249988424-2549518902-734225814-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{90E8864F-BD32-4B0C-B21C-6FC64328C007} => key removed successfully
HKCR\CLSID\{90E8864F-BD32-4B0C-B21C-6FC64328C007} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
C:\Users\Nate\AppData\Local\Temp\124766475.t.exe => moved successfully
C:\Users\Nate\AppData\Local\Temp\300F6062E824BC9CD02EC765BC2D8914.exe => moved successfully
C:\Users\Nate\AppData\Local\Temp\3952832.t.exe => moved successfully
C:\Users\Nate\AppData\Local\Temp\56076503.t.exe => moved successfully
C:\Users\Nate\AppData\Local\Temp\78602300.t.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FF16616-F98B-4E13-BFD5-98CB7E1B00A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FF16616-F98B-4E13-BFD5-98CB7E1B00A8} => key removed successfully
C:\WINDOWS\System32\Tasks\ByteFence Scan => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4771E965-E69A-43C5-B271-9DACAA096C45} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4771E965-E69A-43C5-B271-9DACAA096C45} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1249988424-2549518902-734225814-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52DD50B7-CED8-4E39-94D5-316E6FB5E686} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52DD50B7-CED8-4E39-94D5-316E6FB5E686} => key removed successfully
C:\WINDOWS\System32\Tasks\{FF66CD67-95B0-BB12-4FF4-C0B3B9B59D72} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF66CD67-95B0-BB12-4FF4-C0B3B9B59D72} => key removed successfully
C:\PROGRA~3\6631cdae => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7381CAAF-F9A1-4EFD-98B2-175ACF9075C8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7381CAAF-F9A1-4EFD-98B2-175ACF9075C8} => key removed successfully
C:\WINDOWS\System32\Tasks\ByteFence => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91674F8E-7D72-422F-8E82-BE47B0EA558E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91674F8E-7D72-422F-8E82-BE47B0EA558E} => key removed successfully
C:\WINDOWS\System32\Tasks\{6DF14F81-DA5A-F82A-8FBB-3A62CC48E5C2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DF14F81-DA5A-F82A-8FBB-3A62CC48E5C2} => key removed successfully
"C:\ProgramData\{4D94FB0F-FA3F-4CA4-6022-90C371A632C5}" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D55DEB4C-3FA9-4744-A02C-3F5226EA863F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D55DEB4C-3FA9-4744-A02C-3F5226EA863F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E0F7A47-097F-790D-0A11-7E790C041105} => key removed successfully
C:\ProgramData\TEMP => ":B3503B59" ADS removed successfully.
C:\ProgramData\{188FBEBF-AF24-0914-449F-6F586ECEBFC0} => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 17:10:09 ====



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 11 March 2017 - 08:00 PM

No problem at all Nate, thanks for the information.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click Scan
  • When the Status box shows Scan Finished place a check mark in the following and select Delete

[PUP.ByteFence|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\ByteFence -> Found
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ByteFence -> Found
[PUP.ByteFence|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\ByteFence -> Found
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\ByteFence -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{B1148BE6-5161-49F3-85A3-E3571A7EF18B}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{00CBA070-6CDE-46C0-87B8-BC349D64A212}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> Found
[Tr.Gen0][File] C:\Users\Nate\AppData\Local\Temp\a.txt -> Found
[PUP.Gen1][Folder] C:\Users\Nate\AppData\Local\YSearchUtil -> Found
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
*µå·¡°ïº¼ ¿Â¶óÀÎ*
*Netmarble*
*ByteFence*
:folderfind
*µå·¡°ïº¼ ¿Â¶óÀÎ*
*Netmarble*
*ByteFence*
:regfind
*µå·¡°ïº¼ ¿Â¶óÀÎ*
*Netmarble*
*ByteFence*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Jeankana

Jeankana
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 12 March 2017 - 12:45 PM

Fixlog:
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by Nate (11-03-2017 20:11:13) Run:2
Running from C:\Users\Nate\Downloads
Loaded Profiles: Nate (Available Profiles: Nate)
Boot Mode: Normal
==============================================

fixlist content:
*****************
emptytemp:
*****************


=========== EmptyTemp: ==========

BITS transfer queue => 338060 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59368037 B
Java, Flash, Steam htmlcache => 42789 B
Windows/system/drivers => 101165576 B
Edge => 252416 B
Chrome => 0 B
Firefox => 381487430 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 23738 B
LocalService => 752328 B
NetworkService => 540 B
Nate => 1803144446 B

RecycleBin => 14814563611 B
EmptyTemp: => 16 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:16:15 ====

 

 

 

RogueKiller:

 

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Nate [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/12/2017 06:50:28 (Duration : 05:27:26)

¤¤¤ Processes : 1 ¤¤¤
[Adw.Cloudguard] Lenovo.Modern.ImController.exe(2692) -- C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe[7] -> Found

¤¤¤ Registry : 11 ¤¤¤
[PUP.ByteFence|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\ByteFence -> Deleted
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ByteFence -> Deleted
[PUP.ByteFence|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\ByteFence -> Deleted
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\ByteFence -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0188511489305584mcinstcleanup (C:\WINDOWS\TEMP\018851~1.EXE -cleanup -nolog) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1249988424-2549518902-734225814-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{B1148BE6-5161-49F3-85A3-E3571A7EF18B}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{00CBA070-6CDE-46C0-87B8-BC349D64A212}C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\nate\appdata\local\temp\i1479398328\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 10 ¤¤¤
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> Deleted
[PUP.ByteFence|PUP.Gen1][File] C:\ProgramData\ByteFence\RTOP\hosts_backup -> Deleted
[PUP.ByteFence|PUP.Gen1][File] C:\ProgramData\ByteFence\RTOP\uclogfile.bin -> Deleted
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence\RTOP -> Deleted
[Tr.Gen0][File] C:\Users\Nate\AppData\Local\Temp\a.txt -> Deleted
[PUP.Gen1][Folder] C:\Users\Nate\AppData\Local\YSearchUtil -> Deleted
[PUP.Gen1][Folder] C:\Users\Nate\AppData\Local\YSearchUtil\CrashLogs -> Deleted
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware -> Deleted
[Adw.Cloudguard][File] C:\Program Files (x86)\Overwolf\0.102.217.0\Microsoft.Win32.TaskScheduler.dll -> Not selected
[Adw.Cloudguard][File] C:\Program Files (x86)\Overwolf\0.103.32.0\Microsoft.Win32.TaskScheduler.dll -> Not selected
[Adw.Cloudguard][File] C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -> Not selected
[PUP.Filefinder][Folder] C:\Program Files (x86)\Pluto TV -> Not selected
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset -> Not selected

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A7E630 +++++
--- User ---
[MBR] 5d278195d8aeeeacb85b580798623a3e
[BSP] 15e09fd4f4ee57a06ade5caebebc999d : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 912831 MB
5 - Basic data partition | Offset (sectors): 1874370560 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1926799360 | Size: 13049 MB
User = LL1 ... OK
User = LL2 ... OK

 

 

 

SystemLook:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:25 on 12/03/2017 by Nate
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*µå·¡°ïº¼ ¿Â¶óÀÎ*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ\µå·¡°ïº¼ ¿Â¶óÀÎ »èÁ¦.lnk    --a---- 2094 bytes    [08:21 21/06/2016]    [08:21 21/06/2016] 49753B606D6175EA868D4A30319CBBA1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ\µå·¡°ïº¼ ¿Â¶óÀÎ.url    --a---- 172 bytes    [08:21 21/06/2016]    [08:21 21/06/2016] D7EE43E9B2F50627EF486852C87BBF03
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ\µå·¡°ïº¼ ¿Â¶óÀÎ »èÁ¦.lnk    --a---- 2094 bytes    [08:21 21/06/2016]    [08:21 21/06/2016] 49753B606D6175EA868D4A30319CBBA1
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ\µå·¡°ïº¼ ¿Â¶óÀÎ.url    --a---- 172 bytes    [08:21 21/06/2016]    [08:21 21/06/2016] D7EE43E9B2F50627EF486852C87BBF03
C:\Users\Public\Desktop\µå·¡°ïº¼ ¿Â¶óÀÎ.url    --a---- 172 bytes    [08:21 21/06/2016]    [08:21 21/06/2016] D7EE43E9B2F50627EF486852C87BBF03

Searching for "*Netmarble*"
No files found.

Searching for "*ByteFence*"
C:\FRST\Quarantine\C\WINDOWS\system32\Tasks\ByteFence Scan.xBAD    --a---- 2678 bytes    [16:21 24/09/2016]    [16:21 24/09/2016] 12D6BB9C87F9AFF31DE6EBF763D36E83
C:\FRST\Quarantine\C\WINDOWS\system32\Tasks\ByteFence.xBAD    --a---- 2548 bytes    [16:21 24/09/2016]    [16:21 24/09/2016] CF5EB8288927C4CFB62379DD1C934B41

========== folderfind ==========

Searching for "*µå·¡°ïº¼ ¿Â¶óÀÎ*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀΠ   d------    [08:21 21/06/2016]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀΠ   d------    [08:21 21/06/2016]

Searching for "*Netmarble*"
No folders found.

Searching for "*ByteFence*"
C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence    d------    [01:41 20/06/2016]

========== regfind ==========

Searching for "*µå·¡°ïº¼ ¿Â¶óÀÎ*"
No data found.

Searching for "*Netmarble*"
No data found.

Searching for "*ByteFence*"
No data found.

-= EOF =-



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 12 March 2017 - 04:21 PM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\Users\Public\Desktop\µå·¡°ïº¼ ¿Â¶óÀÎ.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ
C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Jeankana

Jeankana
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 12 March 2017 - 07:46 PM

"How is your computer running?"
Everything seems to be running great!

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Nate (12-03-2017 17:32:01) Run:3
Running from C:\Users\Nate\Downloads
Loaded Profiles: Nate (Available Profiles: Nate)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Public\Desktop\µå·¡°ïº¼ ¿Â¶óÀÎ.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ
C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
*****************

C:\Users\Public\Desktop\µå·¡°ïº¼ ¿Â¶óÀÎ.url => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ => moved successfully
"C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\µå·¡°ïº¼ ¿Â¶óÀÎ" => not found.
C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence => moved successfully

==== End of Fixlog 17:32:01 ====

 

 

 

ESET log:

 

C:\FRST\Quarantine\C\Users\Nate\AppData\Local\Temp\124766475.t.exe.xBAD    a variant of Win32/Adware.Adposhel.Y application    cleaned by deleting
C:\FRST\Quarantine\C\Users\Nate\AppData\Local\Temp\3952832.t.exe.xBAD    a variant of Win32/Adware.Adposhel.Y application    cleaned by deleting
C:\FRST\Quarantine\C\Users\Nate\AppData\Local\Temp\56076503.t.exe.xBAD    a variant of Win32/Adware.Adposhel.Y application    cleaned by deleting
C:\FRST\Quarantine\C\Users\Nate\AppData\Local\Temp\78602300.t.exe.xBAD    a variant of Win32/Adware.Adposhel.Y application    cleaned by deleting
C:\Users\Nate\Downloads\ccsetup515.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Nate\Downloads\MGQ\MGQ Parts 1-3 100% Translated\mod\Spirits\Messenger Plus! Live 5.00.702.zip    a variant of Win32/MessengerPlus.A potentially unwanted application    deleted
C:\Users\Nate\Downloads\MGQ\MGQ Parts 1-3 100% Translated\mod\Spirits\Setup-MsgPlus-511.exe    a variant of Win32/MessengerPlus.A potentially unwanted application    deleted
C:\Users\Nate\Videos\PlayFLV.exe    Win32/TrojanDownloader.Adload.NIQ trojan    cleaned by deleting
 

 

 

 

Security Check log:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Trend Micro Internet Security   
Windows Defender                
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 91  
 Java version 32-bit out of Date!
 Adobe Flash Player     25.0.0.130  
 Mozilla Firefox (52.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
 Windows Defender MpCmdRun.exe   
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro Titanium plugin Pt\PtSvcHost.exe
 Trend Micro TMIDS PwmSvc.exe  
 Trend Micro Titanium plugin Pt\PtWatchDog.exe
 Trend Micro TMIDS tower PwmTower.exe
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
 Trend Micro Titanium plugin Pt\PtSessionAgent.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 12 March 2017 - 08:00 PM

Very good. We have one program to update.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to Verify Java version
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Install
  • Uncheck all optional offers
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java update properly?
  • Everything still running well?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Jeankana

Jeankana
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 12 March 2017 - 08:17 PM

Java has properly updated and everything is still in working order!



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 12 March 2017 - 08:19 PM

Greetings Nate.

I think we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Jeankana

Jeankana
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 12 March 2017 - 08:29 PM

Thank you so much for taking the time to help me! I appreciate it, very much, and I'll recommend BleepingComputer to anyone I find that needs the help, in the future!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 12 March 2017 - 08:46 PM

It is our pleasure to help. By all means, let others know of our site.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:23 AM

Posted 14 March 2017 - 10:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users