Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of SmartService


  • This topic is locked This topic is locked
17 replies to this topic

#1 UpturnedBull

UpturnedBull

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 24 June 2017 - 07:23 PM

So one day I saw some adware on my PC so I went to my Anti-Virus Software, but when I went to open it it said (the Requested Resource is in use) and i already watched the tutorial involving RKill and even when the name was changed to iExplore it said the same message as before. If you know any fix please let me know.

 

Thanks

 

UpturnedBull



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 25 June 2017 - 10:42 AM

Hi UpturnedBull :)
 
My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 UpturnedBull

UpturnedBull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 25 June 2017 - 04:46 PM

The log is attached to this file.

 

Thanks for all the help!

Attached Files



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 25 June 2017 - 07:55 PM

Good. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 UpturnedBull

UpturnedBull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 26 June 2017 - 04:38 PM

Here are the results.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/26/2017
Scan Time: 1:40 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.06.26.04
Rootkit Database: v2017.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Derek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349896
Time Elapsed: 2 hr, 39 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 26 June 2017 - 05:37 PM

No detection, which is really surprising after a SmartService infection. Alright, let's see if AdwCleaner and JRT can find anything.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 UpturnedBull

UpturnedBull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 29 June 2017 - 08:34 PM

# AdwCleaner v6.047 - Logfile created 29/06/2017 at 16:27:24
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Derek - UPTURNEDBULL-PC
# Running from : C:\Users\Derek\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Derek\AppData\Local\Mail.Ru
[-] Folder deleted: C:\Users\Derek\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Derek\AppData\Local\AnonymizerLauncher
[-] Folder deleted: C:\Users\Derek\AppData\Local\AdvinstAnalytics
[-] Folder deleted: C:\Users\Derek\AppData\Local\llssoft
[-] Folder deleted: C:\Users\Derek\AppData\Roaming\imminent
[-] Folder deleted: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: C:\Program Files\ByteFence
[-] Folder deleted: C:\ProgramData\ByteFence
[-] Folder deleted: C:\ProgramData\Mail.Ru
[-] Folder deleted: C:\ProgramData\NetRadio
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Mail.Ru
[#] Folder deleted on reboot: C:\ProgramData\Application Data\NetRadio
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetRadio
[-] Folder deleted: C:\Program Files (x86)\Mail.Ru
[-] Folder deleted: C:\Program Files (x86)\NetRadio
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru
[-] Folder deleted: C:\Users\Derek\AppData\Roaming\AGData
[-] Folder deleted: C:\WINDOWS\SysWOW64\SSL
[-] Folder deleted: C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Derek\AppData\Local\uninstallro.exe
[-] File deleted: C:\Users\Derek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[#] File deleted: C:\Users\Derek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MAIL.RU.LNK
[-] File deleted: C:\Users\Derek\Favorites\Mail.Ru.url
[-] File deleted: C:\Users\Derek\Favorites\Mail.Ru Агент - используй для общения!.url
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[#] File deleted: C:\Users\Derek\AppData\Local\uninstallro.exe
[-] File deleted: C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[!] Shortcut not deleted: C:\Users\Derek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: {2AFBEB88-C14B-E8F0-E2AC-47E085C6252A}
[-] Task deleted: Bing Search Engine nasas
[-] Task deleted: Yahoo! Powered nasas
[-] Task deleted: Driver Detective-RTMRules
[-] Task deleted: Driver Detective-RTMScan
[-] Task deleted: Driver Detective-RTMUpdater
[-] Task deleted: ByteFence
[-] Task deleted: ByteFence Scan
[-] Task deleted: NetRadioUpdater
[-] Task deleted: netradioupdater
[-] Task deleted: Updater_Online_Application
[-] Task deleted: Online Application V2G2
[-] Task deleted: Online Application V2G3
[-] Task deleted: Online Application V2G1
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-726010894-4081916308-2378408433-1001\Software\PC
[-] Key deleted: HKU\S-1-5-21-726010894-4081916308-2378408433-1001\Software\Xpom
[#] Key deleted on reboot: HKCU\Software\PC
[#] Key deleted on reboot: HKCU\Software\Xpom
[-] Key deleted: HKLM\SOFTWARE\PC
[-] Key deleted: HKLM\SOFTWARE\xs
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\betterads
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s5m
[#] Key deleted on reboot: [x64] HKCU\Software\PC
[#] Key deleted on reboot: [x64] HKCU\Software\Xpom
[-] Key deleted: [x64] HKLM\SOFTWARE\ByteFence
[-] Key deleted: HKU\S-1-5-21-726010894-4081916308-2378408433-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1b31c9d2-7135-442b-bb93-7c002172adc6}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1b31c9d2-7135-442b-bb93-7c002172adc6}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1b31c9d2-7135-442b-bb93-7c002172adc6}
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mail.ru/cnt/10445?gp=811036
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bhjhnafpiilpffhglajcaepjbnbjemci
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: hcadgijmedbfgciegjomfpjcdchlhnif
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://mail.ru/cnt/10445?gp=811036
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [5726 Bytes] - [29/06/2017 16:27:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [5896 Bytes] - [29/06/2017 14:39:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5872 Bytes] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Derek (Administrator) on Thu 06/29/2017 at 17:42:29.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\6274dec9dabdf258a33073c7b193d702 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Detective (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2D1378F1-0B89-4B8E-B4CB-F9CD27EDCDFA} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/29/2017 at 17:54:27.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 29 June 2017 - 09:10 PM

AdwCleaner sure did detect a lot of stuff. Now, let's run a scan with FRST to see if there are any remnants left.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 03 July 2017 - 01:50 PM

Hi UpturnedBull,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 UpturnedBull

UpturnedBull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 04 July 2017 - 12:14 PM

Yes sorry for the wait I was on vacation and I forgot to tell you I am so very sorry

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 04 July 2017 - 12:24 PM

All good. Simply follow the instructions in my previous post :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 UpturnedBull

UpturnedBull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 04 July 2017 - 12:56 PM

 
Here is the addition log.
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Derek (04-07-2017 13:44:01)
Running from C:\Users\Derek\Downloads
Windows 10 Home Version 1607 (X64) (2017-05-31 04:32:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-726010894-4081916308-2378408433-500 - Administrator - Disabled)
Alpha Console (S-1-5-21-726010894-4081916308-2378408433-1004 - Limited - Enabled) => C:\Users\Alpha Console
DefaultAccount (S-1-5-21-726010894-4081916308-2378408433-503 - Limited - Disabled)
Derek (S-1-5-21-726010894-4081916308-2378408433-1001 - Administrator - Enabled) => C:\Users\Derek
Guest (S-1-5-21-726010894-4081916308-2378408433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-726010894-4081916308-2378408433-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Alienware)
Alienware Command Center (HKLM\...\{E771DCAC-D0B9-483C-9449-5DA5B7435155}) (Version: 4.0.48.0 - Dell Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{E771DCAC-D0B9-483C-9449-5DA5B7435155}) (Version: 4.0.48.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bing Search Engine (HKLM-x32\...\{3C4FD48F-6CCF-050F-DD4F-758F0DCFA60F}) (Version:  - )
Blackwake (HKLM\...\Steam App 420290) (Version:  - Mastfire Studios Pty Ltd)
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.5 - Grey Box)
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.2.41 - PC Drivers HeadQuarters LP) <==== ATTENTION
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Heroes & Generals (HKLM\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.1.0.0 - Reto-Moto)
HiveMind Interface 3.0.7.57 (HKLM\...\AlphaUI) (Version: 3.0.7.57 - Alienware)
HiveMind Interface Core Components 3.0.7.63 (HKLM\...\HiveMind) (Version: 3.0.7.63 - Alienware)
Homeworld Remastered Collection (HKLM\...\Steam App 244160) (Version:  - Gearbox Software)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a427cd1c-b97d-4142-87c1-15b3ea68a34c}) (Version: 17.0.6 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\{E59194A0-A215-4C44-8B92-40780387EBE0}) (Version: 2.2.0.578 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.578 - LogMeIn, Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MegaTrainer Ultimate version 1.4.8.1 (HKLM-x32\...\{68A5CFDB-E05C-46BC-B2EB-988D1E2C2444}_is1) (Version: 1.4.8.1 - MegaDev)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mine-imator version 1.0.6 (HKLM-x32\...\{EF61A1AA-5F85-4E94-ACC6-D5650A312AE6}}_is1) (Version: 1.0.6 - David Norgren)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
No Man's Sky (HKLM\...\Steam App 275850) (Version:  - Hello Games)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.0 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.9.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1013 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Republic at War 1.1.5 (HKLM-x32\...\{1F3630F5-C636-49FF-9BF0-F9E2A221E60B}) (Version: 1.1.5 - Republic at War Modding Team)
ROBLOX Player for Derek (HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Derek (HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Voice Changer Pro (HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\c86bb6eb01f91e34) (Version: 1.0.5.0 - Mark Heath)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Space Engineers (HKLM\...\Steam App 244850) (Version:  - Keen Software House)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
STAR WARS™ Battlefront™ II (HKLM\...\Steam App 6060) (Version:  - Pandemic Studios)
STAR WARS™ Empire at War: Gold Pack (HKLM\...\Steam App 32470) (Version:  - Petroglyph)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Subnautica (HKLM\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Trezaa (HKLM-x32\...\{429B6B35-320D-41F2-AA7E-6B10D36055A1}) (Version: 1.0.0 - Trezaa)
UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)
Unity Web Player (HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Unturned Server Organiser (HKLM\...\Unturned Server Organiser) (Version: 1.6.3 - Pascal Devant)
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
Verdun (HKLM\...\Steam App 242860) (Version:  - M2H)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Who's Your Daddy (HKLM\...\Steam App 427730) (Version:  - Evil Tortilla Games)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-14] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-05-01] (WinZip Computing, S.L.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-05-01] (WinZip Computing, S.L.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-04-12] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-14] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-05-01] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B5ADFE3-55AA-4527-AAA7-EEB301BD21FF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {0E4F06BF-72AD-4B79-88CF-22636A3FCCC3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A72E8E1-EA51-47A5-9B1E-DCE0FEE49B20} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3239DB8C-7048-4141-9B74-A98E53790C4D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {34E8C09C-DAC3-483B-B77A-7F364F084EBC} - System32\Tasks\Trezaa Scheduler => C:\Program Files (x86)\Trezaa\\Trezaa.Scheduler.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35855C9B-8F8E-44D4-8DC2-29377928E8FD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {406BA040-6E20-458D-A536-7C3E1EB5E1A3} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {4F770324-90D6-400F-AF7A-53121782F17F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-09-12] (Microsoft Corporation)
Task: {5411456F-5C20-4E94-AF62-E8B25D3391A5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {54396C85-81EE-43B7-A3B5-7A888B30CB42} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {5467A22F-A988-4D6B-90B4-232C2EF05CEC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {5618F5AD-54E5-413E-8F68-F19D79F46EED} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {65B3DF21-69B9-45C4-BDB4-938F4CB75E13} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6682B95E-1408-42D7-9E73-267DBBC0E22C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6CEB7619-5DB6-445F-9418-9A3A39789D16} - System32\Tasks\{05FBBFFB-5AFC-4E0B-A149-F4558D9D643E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\EAInstaller\STAR WARS Battlefront\Cleanup.exe" -c uninstall_game -autologging
Task: {744B5E17-B35B-4C15-A437-7664A4A01466} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {787B72B7-B921-4FE1-9B3E-BA43F43F3B92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {810B74A2-0DC3-432F-B6DF-88626917A3B0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {97EA1A6A-4312-4ED9-8DE1-92CBFB51BCA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {98973DDB-D356-4398-87AC-04D06DDDB424} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {9C4485DF-93A2-40DE-998C-FBE9DD532DE8} - System32\Tasks\{4D85F89B-795C-94FB-4563-289CE12910F4} => C:\Users\Derek\AppData\Roaming\4D85F8~1\PRODUC~1.EXE <==== ATTENTION
Task: {A5CAD6AB-38F9-4D36-AED1-3C4CFDB8BCF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AE454834-9F4D-4FD8-8E47-9F96F009615D} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {B1E1C782-206D-4AAE-99FB-69A243F9854C} - System32\Tasks\{19772496-8DCA-5F7D-9047-4D1F47BB88FA} => C:\Users\Derek\AppData\Local\19772496-8DCA-5F7D-9047-4D1F47BB88FA\UpdTask.exe [2013-04-18] () <==== ATTENTION
Task: {B2BEB959-A559-47E2-9F6F-1402CC2907D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BD29A889-7C2C-435E-A377-96471BC9155F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BFC56E75-D808-464C-84A9-41B4CDB6FFB7} - System32\Tasks\{FE2DAEB9-8878-44E6-9F58-B2C12165BB2C} => C:\Users\Derek\AppData\Roaming\{10C52~1\SyncTask.exe [2017-06-26] () <==== ATTENTION
Task: {C223DEDE-D67A-4034-8321-4FAD9A88E73B} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {CC686005-A3E8-4303-B184-9C8D4A69D49F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CCE7863A-EA0C-47DE-87A3-26779FB1DC3A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CDB08FE4-6060-4B8C-B93A-E8FB18B85CF8} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\Derek\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App
Task: {CE90B1C4-B1F6-447E-8C82-A5B76A527EB2} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-05-01] (WinZip Computing, S.L.)
Task: {D3C831BE-1A47-4464-BD6D-89A8AE9F5290} - System32\Tasks\topnews17infoooim => Chrome.exe topnews17.info/ooim <==== ATTENTION
Task: {D83AFDEE-0C21-4B21-B677-C1CF3A65EC7E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {DA00D844-4957-4B12-9129-7D78B0AA0B2B} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {E4E86C66-43D6-46EC-AF10-578B5B6ACC02} - \WPD\SqmUpload_S-1-5-21-726010894-4081916308-2378408433-1001 -> No File <==== ATTENTION
Task: {E6139F9A-920B-4267-B3D7-0F3D3E064CB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {E9031627-8A96-440B-8AB4-73386FBFC206} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\{19772496-8DCA-5F7D-9047-4D1F47BB88FA}.job => C:\Users\Derek\AppData\Local\197724~1\UpdTask.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{4D85F89B-795C-94FB-4563-289CE12910F4}.job => 
Task: C:\WINDOWS\Tasks\{FE2DAEB9-8878-44E6-9F58-B2C12165BB2C}.job => 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-28 18:02 - 2017-06-21 03:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-31 00:00 - 2017-05-31 00:00 - 00012080 _____ () C:\WINDOWS\TEMP\BullseyeCoverage-x64-3.dll
2017-06-29 15:59 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-22 16:00 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-24 15:19 - 2015-11-24 15:19 - 00314272 _____ () C:\Program Files (x86)\HiveMind\HiveMindMonitor.exe
2016-11-20 14:11 - 2016-11-20 14:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-06-22 15:56 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-06-22 16:00 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-06-22 16:00 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-22 16:00 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-22 16:00 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-22 16:00 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-22 16:00 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-29 14:09 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-29 14:09 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2014-11-02 14:10 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-02-28 18:02 - 2017-06-21 03:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-31 06:59 - 2017-07-04 13:17 - 00619840 _____ () C:\Users\Derek\AppData\Local\Temp\0Kraken0502DevProps.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-02-28 18:02 - 2017-06-21 03:06 - 66837112 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-29 00:54 - 2016-10-29 00:54 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-05-31 06:59 - 2017-05-31 06:59 - 00010520 _____ () C:\Users\Derek\AppData\Local\Temp\BullseyeCoverage-x86-3.dll
2016-01-05 13:19 - 2015-12-18 19:52 - 01607920 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\STRestoreAPI.dll
2014-11-02 14:28 - 2012-11-26 03:19 - 01153384 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\libxml2.dll
2015-02-26 13:05 - 2014-02-18 18:12 - 00117568 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Syst239C587E:$WIMMOUNTDATA [418]
AlternateDataStreams: C:\Users\Derek:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-726010894-4081916308-2378408433-1001\...\driversupport.com -> hxxps://apps.driversupport.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2017-06-26 10:44 - 00010438 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-726010894-4081916308-2378408433-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Derek\AppData\Local\Microsoft\Windows\Themes\^3747642DDDE184D44CF8BFC1F6802948611F42880FE1583210^pimgpsh_thumbnail_win_distr.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FE86BF39-FBB9-4EE2-BBF4-0E609C0F225A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{52D34339-7899-4045-9533-3581853133DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{57393023-2D26-43D1-8EF3-B75BE0E2E314}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{7E98B90A-FFFF-4B92-B536-C36AE778E37D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{BC22DD72-C344-4EE9-BBA7-96E637468878}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blackwake\Blackwake.exe
FirewallRules: [{DB946ABD-50F0-47E9-B271-F6F41E8F1F93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blackwake\Blackwake.exe
FirewallRules: [{A53F7A99-B9B9-4564-8317-315858091670}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{30F70F0C-FDDF-4E67-A3ED-9138E1072979}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{2E8291FA-234B-4522-BBC0-0757CAD7BC56}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{01606C54-2113-46A5-B198-727D953917BF}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{D70532E8-AA83-4C8D-B6A2-C3844FFCE5F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9DD0833E-B3C5-4452-9BAD-29FD222BABD5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F55DADB9-68A1-4CE6-9499-E543C5A3BA7D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{927343B3-B25B-4E05-A130-6E7D8D052434}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0B9FAAC3-E709-4CC1-8E81-D5A793B00350}] => (Block) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{9A3A42B0-8C04-44AC-B754-9EC32B213119}] => (Block) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [UDP Query User{32BAE351-D8AE-4885-8B88-BBA3DA137BED}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [TCP Query User{EF54FCBF-E747-4E26-A238-FD7D5BBD9C62}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [UDP Query User{86EDAD22-6A5D-4168-AD4E-1A3C55288625}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9D6A9781-CB8B-40FF-ABB4-B726AA82F2A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{56C0F242-2D8F-4922-A452-63394AACB091}] => (Block) C:\program files (x86)\steam\steamapps\common\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [{3C71D216-F320-4040-BDF3-90F06A560E09}] => (Block) C:\program files (x86)\steam\steamapps\common\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [UDP Query User{8EBB2778-8D16-4AC4-A826-4DE21C408ED2}C:\program files (x86)\steam\steamapps\common\star wars empire at war\gamedata\sweaw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [TCP Query User{C0B4D6C0-17F4-4650-BEA0-06116BF09C71}C:\program files (x86)\steam\steamapps\common\star wars empire at war\gamedata\sweaw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [{62492C26-7D1D-4788-A7E9-EAD37697A112}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{B916EFDD-4EE2-4A1D-91F2-223F0C30E211}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [UDP Query User{68EC5DD7-9720-4BFC-9CE2-AEEC75A8059A}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe
FirewallRules: [TCP Query User{FE244526-9461-44D4-8D32-0EF2C9F1B3B0}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe
FirewallRules: [{C9D814F0-2730-4DE6-B812-F076F8306927}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{C3FFA95C-59B6-4881-82F2-2C6913205AC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{0BCFB872-C2F8-4C68-B851-E6E3E0042A3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{912AF466-F712-4836-A285-5B3412DD411D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{EF41C943-5F39-40FC-94AB-CCD089DF38F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{520FF4E7-BAF1-48C2-A276-FF95D1763692}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{C72D0BFF-0B8A-40F3-97F2-805E1924EEA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{F1629EBB-EB3C-46F4-9597-0B4DB06DFBA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{6D066BF1-DE4A-4495-9009-B9DCAC6B8A35}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{CAA15A87-63D9-4608-9ACB-C14EE88669AC}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{84CB2655-D434-443C-AC6B-EC2A4E9137D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{864D45EC-FABF-4C92-B75C-97CC405A0E7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{C8856ECB-F687-4FCF-819B-DEB6C4D736AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{241A2310-D059-42DF-8B07-348E60895DFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AC70F48C-090C-4E9F-915C-0DABA7E31BA9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E7AC0A5B-03DC-4FD0-8BB5-24B98439B1A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9B11964D-B9FC-4061-BDEF-FABA5B562CE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5A11BC3D-763D-4910-A6F6-77E75E8DB5EC}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{5F6EFDF2-F5F0-4BFF-A3E0-DC72B4A09654}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{9CC48DF1-A195-4376-9447-2DA3EB7041FF}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{9540E707-A83E-40DF-8BB0-59299C57659D}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{7E0ACA7A-E2F4-47BA-9E86-3D5CC14DCB60}] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{D7D160A2-29B3-4342-B03E-2A4F1F1979A2}] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{36A3C4A5-694E-44CE-B884-69EF5C7D5FC0}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{6912A721-89D8-41DE-B2BC-264CDC4A8B8E}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{EEFFBF39-235D-4DD1-866E-7ED4EE4DB8C5}C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe
FirewallRules: [TCP Query User{6FD08B44-3476-4335-A3D8-2684B0C21833}C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe
FirewallRules: [{C3B2AF0C-67F3-48CF-AE09-81FAE6482D52}] => (Block) C:\games\world_of_warships\worldofwarships.exe
FirewallRules: [{7001C96A-1014-4349-ACB1-354691EE388B}] => (Block) C:\games\world_of_warships\worldofwarships.exe
FirewallRules: [UDP Query User{F05F0481-E0DD-4299-A47E-37E339F90693}C:\games\world_of_warships\worldofwarships.exe] => (Allow) C:\games\world_of_warships\worldofwarships.exe
FirewallRules: [TCP Query User{E8E4F77B-0738-4E48-9F52-9CCED065F325}C:\games\world_of_warships\worldofwarships.exe] => (Allow) C:\games\world_of_warships\worldofwarships.exe
FirewallRules: [UDP Query User{F69CF407-E13F-454C-9ECE-C3650C9793E8}C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [TCP Query User{012C43E2-C456-4886-962F-AB9D131FD5F6}C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [{1A488427-53AF-45D8-9F8B-42356CC8C8DA}] => (Block) C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [{4A933FE9-6A44-4BDA-9DD4-3372AA63029E}] => (Block) C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{ED5AFC18-2014-4F41-AEA9-03DBB6836E73}C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{F1FBF93B-A1D1-4E5C-8A74-8762AE133B4F}C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [{DDBC22EC-52F2-4DEF-82CD-528220E6BCFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{C27CDB1C-29DD-4D63-9BC3-C7CD2F795556}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{1ED09CAD-3BEF-434E-A59D-9726347466FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{DBE99C8C-1C06-41A5-B3EA-05810D95A380}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{9491437F-7389-4DA9-9CD2-88E48C00E155}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{AF2EFF79-E610-452D-90DC-CA627B19F0B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{073182B6-A87E-49C2-9088-93C84191DDD5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F21B0108-C3B6-4B41-90F7-8C4717D2BA6B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{94E01AC9-E118-4328-9573-37CEB653886E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{3C5F3C75-3A14-4BF4-902A-D89F3913B339}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{C1D31248-2D16-4350-9923-53C8C587DC61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{37C2CC0B-FDAE-4723-A3A7-15E4D75F93A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{50774B6B-A3F9-46F4-A23C-6FC2CF555A23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{36F7D04C-38D0-4E22-9044-44E81C4C2A31}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{42910C74-3611-4C2F-816B-7B428AF3BEB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{D34CBDF2-A385-478D-BEAF-FE6AF19451FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{DD3D3FF1-68DA-4C52-B1DA-85843DFA88B2}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{98C137ED-F5FC-48D6-A179-BEA7C8D000EF}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D9D9830A-E4FF-44B1-8E07-F2C097814018}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{71D17CE2-ED2D-4CE4-BC0E-AC9B0DA057D2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{2CDAD6D7-DE4D-4BD7-B81E-BC415B17E04C}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [{958BF565-81EB-4BEC-83A6-7D0126F44000}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [{D2C67C77-9EC1-41F6-92D0-3455C03971C8}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [{DD9D79D8-8618-4961-BDEC-2EF77C8B524D}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [UDP Query User{E5F82F6D-B917-4CB0-8AAE-6CD00FC38A41}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [TCP Query User{35BD0226-BCF2-4760-A434-ADC36743935F}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{DF6F9516-E1D5-494D-B01A-72874222FDEA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CF3E0861-2CBA-40D8-A3B7-371FA93E459B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4A044A23-0918-4656-AE02-2A77AC788ECD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{2ED52845-27E1-4FDD-AE92-B983CB6EAA06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{934749A0-0A0D-4D1F-8A20-B967F6F60835}] => (Allow) LPort=27018
FirewallRules: [{2BA931F4-419E-42A7-A15B-6F41B91F99BC}] => (Allow) LPort=27018
FirewallRules: [{438D1F2C-D004-4B1D-93A3-E7C2D3EBE6F9}] => (Allow) C:\Program Files (x86)\Trezaa\Trezaa.Service.exe
FirewallRules: [{EB999EBB-3BC6-4382-9CCE-B67D3B937F5C}] => (Allow) LPort=27018
FirewallRules: [{E7C335BF-8A95-4C4D-837E-D55AA704E14B}] => (Allow) LPort=27018
FirewallRules: [{CC102240-6B69-45E0-9009-EB86C19182A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{4245AB2E-065A-4843-A2C0-F9C9FD230BC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{A61BD6F5-7700-4C8D-A84F-950523B1A6A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{53E9EA42-CE50-486F-AF80-B18C937111C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{AAC3EA29-2CB7-4A58-B9E0-6E39C85D4AD3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0D7667BE-7C15-4E17-B22F-3359B4F2A795}] => (Allow) LPort=1900
FirewallRules: [{F3736CB8-CE54-460F-AA50-0C7F76BB15A9}] => (Allow) LPort=2869
FirewallRules: [{12D6F7AC-50A5-4B07-B026-2AFEBC418BC5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{81DEC01E-36B8-4773-9084-CF84A2252CC3}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14.exe
FirewallRules: [{B548A091-0F4F-416B-BDE9-DB9BF7C65A1C}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14.exe
FirewallRules: [{A016AFAE-C9C3-4572-AC79-EC1213CAD588}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14_x86.exe
FirewallRules: [{4083F9C7-03CE-49FB-BB40-6951A25B1BAD}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14_x86.exe
FirewallRules: [{25C35558-522B-41E5-9B18-A1B42A985083}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{9904AC64-CF5A-4B13-8C61-224D36C75BE8}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{7F21BD2D-12E5-4FEB-A381-D4A72CCE5B3A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EDDFDAA0-F274-4D28-85C2-37AB76AC454E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC81B5D6-AE8A-4818-B023-3BE1C13DA318}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{78F24A36-A3BE-436F-8E6F-403EF1256D52}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E65CBB6E-6854-4C35-8177-05D03FD24124}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{66888FD3-AE5C-44FA-9E2F-5C5283032EF8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{086E5BFE-D63F-4D36-85AF-5ABE16EFB067}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5688F2CD-89DB-4460-B06D-FCFF4B79A48A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{DB6F7847-5895-4042-9869-94093872478F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C70C9703-4CE9-418E-86CB-6647D9346852}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{3D414CCD-2142-47B4-9530-D4DC6B14E12C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{C513730B-B50A-4BCC-BDF7-AA4C2681F4B8}] => (Allow) C:\Program Files (x86)\Kodi\Kodi.exe
FirewallRules: [{109743C3-B489-44F0-9CC4-E0FE20E36B85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{92729313-7FEB-4AC3-9A6E-B0C97E7011E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{64E04700-AA9E-425A-A011-EF4345A8F58F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{348D60DF-1C69-44D4-AFE9-7F86589378D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{AEE5DF9A-8386-4D89-8E19-6D89E1432E6D}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{987EF434-D9C4-481F-BF9B-050854A3876C}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{FEA7ACA1-11A1-4131-A4DC-A01DA5A6D7B7}] => (Allow) C:\Users\Derek\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{E36F08E2-326E-46CC-8506-96F8882B32EA}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{BDD27B3E-3DDA-4AE8-B077-EF6C93167BD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-06-2017 18:04:56 Windows Update
29-06-2017 17:42:42 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/04/2017 01:25:56 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected
 
Error: (07/04/2017 01:25:56 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (07/04/2017 01:25:56 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (07/04/2017 01:25:56 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected
 
Error: (07/04/2017 01:09:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellHelper.exe, version: 1.1.1.0, time stamp: 0x587641a4
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327ae2
Exception code: 0xe0434352
Fault offset: 0x000da9f2
Faulting process id: 0x1f38
Faulting application start time: 0x01d2f4e82fd9d81e
Faulting application path: C:\Program Files\Alienware\Dell Foundation Services\ShellHelper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9a3eaf97-fee1-4620-8add-a0ec5bdce84b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/04/2017 01:09:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ShellHelper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
   at System.Diagnostics.Process.Start()
   at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
   at #Gs.#Fs.#Ds(System.String[])
 
Error: (07/03/2017 02:15:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ubisoft\ubisoft game launcher\cache\patch\5318\upc.exe".
Dependent Assembly XAudio2_7.X,processorArchitecture="X86",type="Win32",version="9.29.1962.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/03/2017 02:10:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ubisoft\ubisoft game launcher\cache\patch\5318\upc.exe".
Dependent Assembly XAudio2_7.X,processorArchitecture="X86",type="Win32",version="9.29.1962.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/03/2017 01:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x8400000f
Fault offset: 0x0000000000000000
Faulting process id: 0xf04
Faulting application start time: 0x01d2f42403d09aa9
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: unknown
Report Id: 3e5898b8-de06-461f-9bb5-85e2b250abeb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/29/2017 08:21:50 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
 
System errors:
=============
Error: (07/04/2017 01:44:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.121.
The computer with the IP address 192.168.254.145 did not allow the name to be claimed by
this computer.
 
Error: (07/04/2017 01:39:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.121.
The computer with the IP address 192.168.254.145 did not allow the name to be claimed by
this computer.
 
Error: (07/04/2017 01:34:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.121.
The computer with the IP address 192.168.254.145 did not allow the name to be claimed by
this computer.
 
Error: (07/04/2017 01:29:03 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.121.
The computer with the IP address 192.168.254.145 did not allow the name to be claimed by
this computer.
 
Error: (07/04/2017 01:29:03 PM) (Source: BROWSER) (EventID: 8020) (User: )
Description: The browser was unable to promote itself to master browser.  The computer that currently
believes it is the master browser is unknown.
 
Error: (07/04/2017 01:23:52 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.121.
The computer with the IP address 192.168.254.145 did not allow the name to be claimed by
this computer.
 
Error: (07/04/2017 01:18:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.121.
The computer with the IP address 192.168.254.145 did not allow the name to be claimed by
this computer.
 
Error: (07/04/2017 01:15:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/04/2017 01:15:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/04/2017 01:15:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-04 13:36:51.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-04 13:36:51.492
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-03 13:43:26.211
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-29 17:41:29.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-29 17:41:11.311
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-29 16:29:46.204
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-29 16:27:14.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-29 16:27:14.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-29 16:27:14.172
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-29 16:27:14.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130T CPU @ 2.90GHz
Percentage of memory in use: 68%
Total physical RAM: 4041.07 MB
Available physical RAM: 1278.07 MB
Total Virtual: 8393.07 MB
Available Virtual: 4934.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:457.17 GB) (Free:64.37 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3FD74103)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#13 UpturnedBull

UpturnedBull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 04 July 2017 - 12:58 PM

When i try to post the FRST log it says its too long.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 04 July 2017 - 02:26 PM

You can attach the FRST.txt file here if needed.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 UpturnedBull

UpturnedBull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 05 July 2017 - 08:31 PM

Here is the file.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users