Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Cleanup


  • This topic is locked This topic is locked
5 replies to this topic

#1 Moomintroll

Moomintroll

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 09 July 2017 - 07:45 AM

Hello there, I scanned my PC yesterday after noticing 007guard in the Network Resource Monitor (I later read that Spybot puts entries in your Hosts file, rather than localhost).

 

- Malwarebytes found Adware.MoboGenie (quarantined)

 

- Spybot found Ad.CouponCompanion, Win32Downloader.gen, Ad.PayPerInstallBox, AllMyWeb.Toolbar & Bubbledock (quarantined)

 

- Microsoft Security Essentials found Trojan:Win32/Skeeyah.A!bit (removed)

 

I normally use AVG, although it appears that regular quickscans did not detect the above.

 

Afterwards, I dug a little deeper, scanning with HijackThis and ADWCleaner, the latter providing a number of 'threats'. I am posting here as I am unsure as to whether any malware persists and would like help in removing them if so. Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Matt (administrator) on NIGHTMARE-Y (09-07-2017 12:52:38)
Running from G:\Downloads
Loaded Profiles: Matt & User (Available Profiles: Matt & User & Megatron)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Nero AG) G:\Programs\HSMServiceEntry.exe
() C:\Program Files (x86)\MSI\ControlCenter\Sleep\MSISleepService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
() G:\Programs\HTC Sync\adb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Flux Software LLC) C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M90 Mouse\CorsTra.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(SpiderOak) C:\Program Files\SpiderOakONE\SpiderOakONE.exe
(SpiderOak) C:\Program Files\SpiderOakONE\SpiderOakONE.exe
() C:\Program Files\SpiderOakONE\windows_dir_watcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-04] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Corsair Garros] => C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe [1769472 2013-06-05] (Corsair Components  Inc)
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2184776 2017-06-14] ()
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15367120 2017-05-31] (Micro-Star INT'L CO., LTD.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [DelLiveinst] => cmd.exe /c del /f /s /q /a "C:\MSI\LiveUpdate\DL_FILE\Liveinst.exe"
HKLM-x32\...\RunOnce: [SpybotDeletingA3731] => command.com /c del "C:\END"
HKLM-x32\...\RunOnce: [SpybotDeletingC102] => cmd.exe /c del "C:\END"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\Run: [Innkeeper] => C:\Users\User\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-07-05] ()
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5774800 2017-05-23] (SecureMix LLC)
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingB1598] => command.com /c del "C:\END"
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingD4497] => cmd.exe /c del "C:\END"
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\MountPoints2: {360a1cff-58f6-11e4-915d-afc72d43b88b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\GlassWire.exe [5774800 2017-05-23] (SecureMix LLC)
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: {144b82ae-74ac-11e3-9ff1-b0fe8568b39d} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: {144b82bd-74ac-11e3-9ff1-b0fe8568b39d} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: {360a1cff-58f6-11e4-915d-afc72d43b88b} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: {419c2ccb-6049-11e3-9d5b-806e6f6e6963} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: {690d1bec-6e14-11e2-a609-a37622f04a99} - I:\setup.exe
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\MountPoints2: {b45f60fd-cd87-11e4-9487-db620de09288} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk [2015-06-08]
ShortcutTarget: ControlCenter.lnk -> C:\Program Files (x86)\MSI\ControlCenter\StartControlCenter.exe (MSI CO.,LTD.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-02-24]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2154846950-3185026240-1571722450-1002] => uk31.nordvpn.com:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{33717CBF-1FB8-4DAD-8B11-130A793DE1F6}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{42490945-48B8-419C-BE21-23FD842FF2A0}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{A27FD9BF-8054-457C-A12A-5C1FAF4A3987}: [NameServer] 208.67.222.222,208.67.222.220

Internet Explorer:
==================
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-24] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-14] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-24] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default [2017-07-08]
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\user.js [2014-01-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gz8psi5w.default -> DuckDuckGo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gz8psi5w.default -> DuckDuckGo
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-11-21] [not signed]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-09-15] [not signed]
FF Extension: (Ghostery) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\firefox@ghostery.com.xpi [2014-09-15] [not signed]
FF Extension: (Personas Plus) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\personas@christopher.beard.xpi [2014-01-03] [not signed]
FF Extension: (Restartless Restart) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\restartless.restart@erikvold.com.xpi [2013-02-02] [not signed]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\tineye@ideeinc.com.xpi [2013-02-02] [not signed]
FF Extension: (Stylish) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-11-21] [not signed]
FF Extension: (Fire.fm) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2014-01-03] [not signed]
FF Extension: (NoScript) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-21] [not signed]
FF Extension: (IE Tab) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2014-01-03] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-15] [not signed]
FF Extension: (BetterPrivacy) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-02-02] [not signed]
FF Extension: (Greasemonkey) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-11-21] [not signed]
FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\searchplugins\aol-search.xml [2013-02-02]
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Comodo\IceDragon\Profiles\alaj1vnj.default [2014-07-10]
FF Homepage: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.yahoo.com?fr=fp-comodo
FF Keyword.URL: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
FF Extension: (No Name) - C:\Program Files (x86)\Comodo\IceDragon\browser\extensions\DnD@comodo.com [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2154846950-3185026240-1571722450-1000: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 -> C:\Users\Matt\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll [2014-12-27] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-2154846950-3185026240-1571722450-1000: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 -> C:\Users\Matt\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll [2014-12-27] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-2154846950-3185026240-1571722450-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp","hxxps://www.google.co.uk/","hxxps://uk.search.yahoo.com/?type=242154&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-04] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-05-28] (Apple Inc.)
U2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2016-12-01] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC)
R2 HTCMonitorService; G:\Programs\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 MSISleep; C:\Program Files (x86)\MSI\ControlCenter\Sleep\MSISleepService.exe [282624 2013-04-29] () [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2285008 2017-06-01] (Micro-Star INT'L CO., LTD.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [416432 2017-06-02] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-05] (Overwolf LTD)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-14] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-06-14] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94208 2013-09-24] (Advanced Micro Devices) [File not signed]
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-04] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-04] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-04] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-04] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-04] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-04] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-04] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-04] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-04] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-04] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-04] (AVG Technologies CZ, s.r.o.)
R3 CorsairGamingAudioService; C:\Windows\System32\DRIVERS\CorsairGamingAudioamd64.sys [123384 2016-03-03] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-11-05] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-11-05] (Corsair)
R3 CORSGMS; C:\Windows\System32\drivers\CORSGMS.sys [25600 2012-03-27] ( )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-02] (GFI Software)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 I2cHkBurn; C:\Windows\System32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NTIOLib_1_0_2; C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [13328 2012-02-14] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-10] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 RTCore64; G:\Programs\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-09 12:51 - 2017-07-09 12:52 - 00000000 ____D C:\FRST
2017-07-09 00:16 - 2017-07-09 00:16 - 00002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-09 00:16 - 2017-07-09 00:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-07-09 00:16 - 2017-07-09 00:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-07-08 20:44 - 2017-07-08 20:44 - 00000063 _____ C:\Windows\wininit.ini
2017-07-05 21:23 - 2017-07-05 22:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Azureus
2017-07-05 21:23 - 2017-07-05 21:23 - 00000000 ____D C:\Users\Matt\.swt
2017-07-05 17:41 - 2017-07-05 17:41 - 00407040 _____ C:\Windows\Minidump\070517-14086-01.dmp
2017-07-04 08:53 - 2017-07-05 20:41 - 00000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2017-07-04 08:53 - 2017-07-04 08:54 - 00000000 ____D C:\Users\User\AppData\Local\qBittorrent
2017-07-04 08:53 - 2017-07-04 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-07-04 08:53 - 2017-07-04 08:53 - 00000000 ____D C:\Program Files\qBittorrent
2017-07-04 03:50 - 2017-07-04 03:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-04 00:49 - 2017-07-04 00:49 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-06-25 04:56 - 2017-06-25 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2017-06-25 04:56 - 2017-06-25 04:56 - 00000000 ____D C:\Program Files (x86)\GlassWire
2017-06-25 04:56 - 2015-05-29 05:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2017-06-25 04:56 - 2015-05-29 05:15 - 00033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2017-06-17 08:55 - 2017-06-17 08:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Light
2017-06-17 08:55 - 2017-06-17 08:55 - 00000000 ____D C:\Users\User\AppData\Local\Light
2017-06-17 08:55 - 2017-06-17 08:55 - 00000000 ____D C:\Program Files\Light
2017-06-17 05:47 - 2017-06-17 05:48 - 00000000 ____D C:\ProgramData\NordVpn
2017-06-17 05:47 - 2017-06-17 05:47 - 00003352 _____ C:\Windows\System32\Tasks\NordVPN
2017-06-17 05:47 - 2017-06-17 05:47 - 00000000 ____D C:\Users\Matt\AppData\Local\NordVPN
2017-06-17 05:47 - 2017-06-17 05:47 - 00000000 ____D C:\Users\Matt\AppData\Local\IsolatedStorage
2017-06-17 05:47 - 2017-06-17 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-06-17 05:47 - 2017-06-17 05:47 - 00000000 ____D C:\ProgramData\Caphyon
2017-06-17 05:47 - 2017-06-17 05:47 - 00000000 ____D C:\Program Files (x86)\NordVPN
2017-06-17 05:46 - 2017-06-17 05:47 - 00000000 ____D C:\Program Files\TAP-NordVPN
2017-06-17 05:46 - 2017-06-17 05:46 - 00000000 ____D C:\Users\Matt\AppData\Roaming\NordVPN
2017-06-13 22:48 - 2017-06-02 09:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-13 22:48 - 2017-06-02 09:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-13 22:48 - 2017-06-02 09:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 22:48 - 2017-06-02 09:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-13 22:48 - 2017-06-02 09:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 22:48 - 2017-06-02 09:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-13 22:48 - 2017-06-02 09:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 22:48 - 2017-06-02 09:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 22:48 - 2017-06-02 09:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-13 22:48 - 2017-06-02 09:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-13 22:48 - 2017-06-02 09:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-13 22:48 - 2017-06-02 09:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-13 22:48 - 2017-06-02 09:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-13 22:48 - 2017-06-02 09:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-13 22:48 - 2017-06-02 08:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 22:48 - 2017-06-02 08:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 22:48 - 2017-06-02 08:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-13 22:48 - 2017-06-02 08:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-13 22:48 - 2017-05-21 05:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-13 22:48 - 2017-05-21 05:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-13 22:48 - 2017-05-21 05:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-13 22:48 - 2017-05-21 05:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-13 22:48 - 2017-05-21 05:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-13 22:48 - 2017-05-21 04:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-13 22:48 - 2017-05-21 04:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-13 22:48 - 2017-05-21 04:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-13 22:48 - 2017-05-21 04:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 22:48 - 2017-05-21 04:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-13 22:48 - 2017-05-21 04:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-13 22:48 - 2017-05-21 04:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-13 22:48 - 2017-05-16 19:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-13 22:48 - 2017-05-16 18:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-13 22:48 - 2017-05-14 21:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-13 22:48 - 2017-05-14 21:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-13 22:48 - 2017-05-14 21:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-13 22:48 - 2017-05-14 21:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-13 22:48 - 2017-05-14 21:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-13 22:48 - 2017-05-14 21:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-13 22:48 - 2017-05-14 21:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-13 22:48 - 2017-05-14 21:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-13 22:48 - 2017-05-14 21:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 22:48 - 2017-05-14 21:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-13 22:48 - 2017-05-14 21:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-13 22:48 - 2017-05-14 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-13 22:48 - 2017-05-14 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-13 22:48 - 2017-05-14 21:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-13 22:48 - 2017-05-14 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-13 22:48 - 2017-05-14 21:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-13 22:48 - 2017-05-14 21:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-13 22:48 - 2017-05-14 20:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-13 22:48 - 2017-05-14 20:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 22:48 - 2017-05-14 20:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 22:48 - 2017-05-14 20:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-13 22:48 - 2017-05-14 20:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-13 22:48 - 2017-05-14 20:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-13 22:48 - 2017-05-14 20:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-13 22:48 - 2017-05-14 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-13 22:48 - 2017-05-14 20:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-13 22:48 - 2017-05-14 20:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-13 22:48 - 2017-05-14 20:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-13 22:48 - 2017-05-14 20:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-13 22:48 - 2017-05-14 20:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-13 22:48 - 2017-05-14 20:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-13 22:48 - 2017-05-14 20:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-13 22:48 - 2017-05-14 20:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-13 22:48 - 2017-05-14 20:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-13 22:48 - 2017-05-14 20:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-13 22:48 - 2017-05-14 20:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-13 22:48 - 2017-05-14 20:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-13 22:48 - 2017-05-14 20:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-13 22:48 - 2017-05-14 20:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-13 22:48 - 2017-05-14 20:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-13 22:48 - 2017-05-14 20:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-13 22:48 - 2017-05-14 20:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 22:48 - 2017-05-14 20:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-13 22:48 - 2017-05-14 20:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-13 22:48 - 2017-05-14 20:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 22:48 - 2017-05-14 20:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-13 22:48 - 2017-05-14 19:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-13 22:48 - 2017-05-14 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 22:48 - 2017-05-14 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-13 22:48 - 2017-05-14 19:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 22:48 - 2017-05-14 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-13 22:48 - 2017-05-14 19:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-13 22:48 - 2017-05-14 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-13 22:48 - 2017-05-14 19:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-13 22:48 - 2017-05-14 19:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-13 22:48 - 2017-05-14 19:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 22:48 - 2017-05-14 19:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-13 22:48 - 2017-05-14 19:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-13 22:48 - 2017-05-14 19:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-13 22:48 - 2017-05-14 19:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-13 22:48 - 2017-05-14 19:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-13 22:48 - 2017-05-14 19:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 22:48 - 2017-05-14 19:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-13 22:48 - 2017-05-14 19:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-13 22:48 - 2017-05-14 19:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-13 22:48 - 2017-05-14 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-13 22:48 - 2017-05-12 19:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-13 22:48 - 2017-05-12 19:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 22:48 - 2017-05-12 19:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-13 22:48 - 2017-05-12 19:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 22:48 - 2017-05-12 19:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-13 22:48 - 2017-05-12 19:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-13 22:48 - 2017-05-12 19:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 22:48 - 2017-05-12 19:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 18:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-13 22:48 - 2017-05-12 18:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-13 22:48 - 2017-05-12 18:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-13 22:48 - 2017-05-12 18:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-13 22:48 - 2017-05-12 18:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-13 22:48 - 2017-05-12 18:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-13 22:48 - 2017-05-12 18:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-13 22:48 - 2017-05-12 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 22:48 - 2017-05-12 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-13 22:48 - 2017-05-12 18:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-13 22:48 - 2017-05-12 18:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-13 22:48 - 2017-05-12 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-13 22:48 - 2017-05-12 18:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 18:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 18:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 18:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 22:48 - 2017-05-12 17:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 22:48 - 2017-05-12 16:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 22:48 - 2017-05-12 16:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 22:48 - 2017-05-10 16:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-13 22:48 - 2017-05-10 16:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 22:48 - 2017-05-10 16:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-13 22:48 - 2017-05-10 16:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-13 22:48 - 2017-05-10 16:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-13 22:48 - 2017-05-10 16:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-13 22:48 - 2017-05-10 16:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-13 22:48 - 2017-05-10 16:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-13 22:48 - 2017-05-10 16:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 22:48 - 2017-05-10 16:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-13 22:48 - 2017-05-10 16:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-13 22:48 - 2017-05-10 16:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-13 22:48 - 2017-05-10 16:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-13 22:48 - 2017-05-10 16:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-13 22:48 - 2017-05-10 16:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-13 22:48 - 2017-05-10 16:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 22:48 - 2017-05-10 16:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-13 22:48 - 2017-05-10 16:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-13 22:48 - 2017-05-10 16:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-13 22:48 - 2017-05-10 16:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-13 22:48 - 2017-05-10 16:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-13 22:48 - 2017-05-10 16:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-13 22:48 - 2017-05-10 15:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 22:48 - 2017-05-09 16:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 22:48 - 2017-05-09 16:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 22:48 - 2017-05-09 16:15 - 00071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-13 22:48 - 2017-05-09 16:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-13 22:48 - 2017-05-07 16:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-13 22:48 - 2017-05-07 16:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-13 22:48 - 2017-04-27 23:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-13 22:48 - 2017-04-12 14:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-13 22:48 - 2017-03-30 16:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-13 22:48 - 2017-03-30 15:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-09 12:32 - 2009-07-14 05:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-09 12:32 - 2009-07-14 05:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-09 12:29 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-09 12:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-07-09 12:28 - 2013-02-03 18:22 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-09 12:24 - 2016-11-20 09:59 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-07-09 12:24 - 2013-05-21 15:09 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-07-09 12:23 - 2017-02-25 22:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-09 12:23 - 2016-06-24 11:32 - 00000000 ____D C:\Users\User\AppData\Local\HTC MediaHub
2017-07-09 12:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-09 00:17 - 2016-01-02 08:39 - 00001945 _____ C:\Windows\epplauncher.mif
2017-07-08 23:12 - 2016-09-20 22:33 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-07-08 23:12 - 2015-09-17 20:44 - 00000000 ____D C:\Windows\rescache
2017-07-08 22:35 - 2013-03-13 20:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-08 22:35 - 2013-03-13 20:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-08 22:35 - 2009-07-14 05:45 - 00300328 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-08 22:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-07-08 22:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-07-08 20:52 - 2013-03-13 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-08 20:51 - 2013-08-05 16:52 - 00000000 ____D C:\Windows\system32\MRT
2017-07-08 20:46 - 2013-02-02 05:01 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-08 20:44 - 2015-06-26 03:16 - 00007679 _____ C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2017-07-08 10:48 - 2016-03-09 20:28 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-07-08 10:47 - 2014-02-07 06:41 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-07-08 10:45 - 2013-02-03 17:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-06 03:38 - 2013-02-03 23:51 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-07-06 00:29 - 2017-05-13 16:28 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-07-05 21:23 - 2013-02-02 03:19 - 00000000 ____D C:\Users\Matt
2017-07-05 20:41 - 2013-03-25 23:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Azureus
2017-07-05 18:07 - 2016-02-02 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-07-05 18:07 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-05 17:41 - 2017-05-26 13:38 - 711171924 _____ C:\Windows\MEMORY.DMP
2017-07-05 17:41 - 2015-01-15 10:38 - 00000000 ____D C:\Windows\Minidump
2017-07-05 17:41 - 2013-02-02 06:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-05 16:50 - 2016-05-27 01:46 - 00000000 ____D C:\Users\Matt\Documents\My Games
2017-07-04 23:33 - 2016-05-28 04:22 - 00003004 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-07-04 08:26 - 2013-03-25 23:17 - 00000000 ____D C:\Program Files\Vuze
2017-07-04 02:28 - 2013-02-02 11:43 - 00000000 ____D C:\Program Files\7-Zip
2017-07-04 02:27 - 2013-07-24 02:54 - 00000000 ____D C:\Users\User\Documents\CCleaner
2017-07-04 02:24 - 2014-10-22 23:19 - 00000000 ____D C:\Users\Matt\AppData\Local\Adobe
2017-07-04 00:55 - 2015-06-03 16:03 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2017-07-04 00:55 - 2009-07-14 03:34 - 00445265 ____R C:\Windows\system32\Drivers\etc\hosts.20170708-200459.backup
2017-07-04 00:49 - 2017-04-02 00:54 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00353232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys.149912577102204
2017-07-04 00:49 - 2017-04-02 00:54 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-07-04 00:49 - 2017-04-02 00:54 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-07-03 19:24 - 2016-11-18 07:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-29 04:39 - 2013-02-02 06:47 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-29 01:33 - 2016-06-01 23:23 - 00000000 ____D C:\Users\User\Documents\Darkest
2017-06-27 16:59 - 2017-04-03 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-06-26 08:18 - 2017-05-04 03:48 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2017-06-26 01:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-22 14:14 - 2015-06-08 04:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2017-06-22 14:14 - 2015-06-08 04:10 - 00000000 ____D C:\Program Files (x86)\MSI
2017-06-22 14:14 - 2013-02-02 03:35 - 00000000 ____D C:\MSI
2017-06-18 06:25 - 2016-05-11 12:16 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2017-06-17 05:36 - 2016-08-11 21:25 - 00004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 05:36 - 2013-02-02 04:05 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 05:36 - 2013-02-02 04:05 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 05:36 - 2013-02-02 04:05 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 05:36 - 2013-02-02 04:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-17 05:36 - 2013-02-02 04:05 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-14 03:39 - 2016-03-14 21:00 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-06-14 03:39 - 2016-03-14 21:00 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-06-10 03:57 - 2017-05-24 17:30 - 00000000 ____D C:\Users\User\Documents\Overwatch

==================== Files in the root of some directories =======

2013-07-24 02:24 - 2010-02-27 12:44 - 0900096 _____ (Advanced PC Media LLC) C:\Program Files (x86)\TweaksLogon.exe
2015-12-22 03:58 - 2015-12-22 04:01 - 0000532 _____ () C:\Users\Matt\AppData\Roaming\droid4xinstaller.log
2013-06-30 18:25 - 2013-06-30 19:08 - 0099384 _____ () C:\Users\Matt\AppData\Roaming\inst.exe
2013-06-30 18:25 - 2013-06-30 19:08 - 0007859 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.cat
2013-06-30 18:25 - 2013-06-30 19:08 - 0001167 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.inf
2013-06-30 18:25 - 2013-06-30 19:08 - 0000055 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.log
2013-06-30 18:25 - 2013-06-30 19:08 - 0082816 _____ (VSO Software) C:\Users\Matt\AppData\Roaming\pcouffin.sys
2015-06-26 03:16 - 2017-07-08 20:44 - 0007679 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2015-06-08 05:07 - 2015-06-08 05:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-28 11:32 - 2013-06-10 23:21 - 0000032 _____ () C:\ProgramData\droidcam-settings
2013-02-14 22:00 - 2013-02-20 01:00 - 0002035 _____ () C:\ProgramData\Network_Meter_Data.csv
2014-06-22 16:37 - 2014-06-22 16:37 - 0000040 _____ () C:\ProgramData\ra3.ini

Some files in TEMP:
====================
2016-02-01 20:33 - 2016-06-03 14:20 - 0035680 _____ () C:\Users\Megatron\AppData\Local\Temp\i4jdel0.exe
2017-07-04 07:34 - 2017-07-05 21:35 - 0079904 _____ () C:\Users\User\AppData\Local\Temp\i4jdel0.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-02 15:04

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Matt (09-07-2017 12:53:21)
Running from G:\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-02-02 02:19:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2154846950-3185026240-1571722450-500 - Administrator - Disabled)
Guest (S-1-5-21-2154846950-3185026240-1571722450-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2154846950-3185026240-1571722450-1005 - Limited - Enabled)
Matt (S-1-5-21-2154846950-3185026240-1571722450-1000 - Administrator - Enabled) => C:\Users\Matt
Megatron (S-1-5-21-2154846950-3185026240-1571722450-1007 - Limited - Enabled) => C:\Users\Megatron
User (S-1-5-21-2154846950-3185026240-1571722450-1002 - Limited - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Demo (HKLM\...\Steam App 231350) (Version:  - Futuremark)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Age of Empires II HD (HKLM-x32\...\Age of Empires II HD_is1) (Version: 2.8 - compiled by testncrash)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Another Perspective (HKLM-x32\...\Steam App 305920) (Version:  - ShaunJS)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Audiosurf 2 (HKLM\...\Steam App 235800) (Version:  - Dylan Fitterer)
Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0 - shockingsoft.com)
AVG (HKLM\...\{49AB2080-7813-477F-835E-946DFD2CE4AA}) (Version: 1.201.1 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3021 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
AxCrypt 1.7.2687.0 (HKLM\...\{F2D34ABB-6834-4372-8199-870FCF59EFAB}) (Version: 1.7.2687.0 - Axantum Software AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefleet Gothic Armada (HKLM-x32\...\Battlefleet Gothic Armada_is1) (Version:  - )
Beholder (HKLM\...\Steam App 475550) (Version:  - Warm Lamp Games)
Blood Bowl 2 (HKLM\...\Steam App 236690) (Version:  - Cyanide Studios)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
Corsair M90 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9F5E2400-A6E8-4B88-B997-06787EC38186}_is1) (Version: 1.00.00.37 - )
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crusader Kings II 1091 RePack by SxSxL (HKLM-x32\...\Crusader Kings II 1.091._is1) (Version: 1.091. - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Deadlight (HKLM-x32\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
DEFCON (HKLM\...\Steam App 1520) (Version:  - Introversion Software)
Depression Quest (HKLM\...\Steam App 270170) (Version:  - The Quinnspiracy)
Deus Ex: Human Revolution - Director's Cut (HKLM\...\Steam App 238010) (Version:  - Eidos Montreal)
Dex (HKLM\...\Steam App 269650) (Version:  - Dreadlocks Ltd.)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Duelyst (HKLM\...\Steam App 291410) (Version:  - Counterplay Games Inc.)
Duskers (HKLM\...\Steam App 254320) (Version:  - Misfits Attic)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.0.0.2 - GOG.com)
Epic Privacy Browser (HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\Epic) (Version: 39.0.2171.71 - Epic)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
f.lux (HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\Flux) (Version:  - )
Faeria (HKLM\...\Steam App 397060) (Version:  - Abrakam SA)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
get_iplayer (HKLM-x32\...\get_iplayer) (Version: 2.97.0 - )
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.102 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hacknet (HKLM-x32\...\Steam App 365450) (Version:  - Team Fractal Alligator)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Hand of Fate (HKLM\...\Steam App 266510) (Version:  - Defiant Development)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotline Miami 2: Wrong Number (HKLM\...\Steam App 274170) (Version:  - Dennaton Games)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
iFetch (HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\276c14eedc9c32c5) (Version: 2.0.0.170 - Texas Imperial Software)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version:  - NetherRealm Studios)
Innkeeper (HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kingdom: Classic (HKLM\...\Steam App 368230) (Version:  - Noio)
Kingdom: New Lands (HKLM\...\Steam App 496300) (Version:  - Noio)
Lethis - Path of Progress (HKLM\...\Steam App 359230) (Version:  - Triskell Interactive)
Light 47.0 (x64 en-US) (HKLM\...\Light 47.0 (x64 en-US)) (Version: 47.0 - Light)
LUFTRAUSERS (HKLM\...\Steam App 233150) (Version:  - Vlambeer)
Magic Duels (HKLM\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (HKLM\...\{965DF723-5688-359E-84D2-417CAFE644B5}) (Version: 9.0.21228 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM-x32\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.21228 - Microsoft Corporation)
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (HKLM\...\SDKSetup_6.0.6001.18000) (Version: 6.0.6001.18000 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
Mortal Kombat X 1.0.230.0 (HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\Mortal Kombat X_is1) (Version: 1.0.230.0 - Warner Bros. Interactive Entertainment)
Mozilla Firefox 54.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-GB)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.1.0.13 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.12 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{BC48DAB9-F225-4FB3-8450-2F346E3CF153}) (Version: 6.2.4 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.2.4) (Version: 6.2.4 - NordVPN)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Oh...Sir! The Insult Simulator (HKLM\...\Steam App 512250) (Version:  - Vile Monarch)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Opera 12.18 (HKLM-x32\...\Opera 12.18.1872) (Version: 12.18.1872 - Opera Software ASA)
Opera developer 40.0.2267.0 (HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\Opera 40.0.2267.0) (Version: 40.0.2267.0 - Opera Software)
Opera Stable 37.0.2178.54 (HKLM-x32\...\Opera 37.0.2178.54) (Version: 37.0.2178.54 - Opera Software)
Orwell (HKLM\...\Steam App 491950) (Version:  - Osmotic Studios)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.105.219.0 - Overwolf Ltd.)
PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
Papers, Please (HKLM\...\Steam App 239030) (Version:  - 3909)
PDFlite 0.11.2.0 (HKLM-x32\...\PDFlite) (Version: 0.11.2.0 - Amnis Technology Ltd)
Please, Don’t Touch Anything (HKLM\...\Steam App 354240) (Version:  - Four Quarters)
Political Animals (HKLM\...\Steam App 458630) (Version:  - Squeaky Wheel)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version:  - Flippfly LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
Renowned Explorers: International Society (HKLM\...\Steam App 296970) (Version:  - Abbey Games)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Satellite Reign (HKLM-x32\...\Steam App 268870) (Version:  - 5 Lives Studios)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Sonic CD (HKLM\...\Steam App 200940) (Version:  - Blit Software)
Space Hulk (HKLM-x32\...\Steam App 242570) (Version:  - Full Control Studios)
Space Run (HKLM-x32\...\Space Run_is1) (Version:  - Focus Home Interactive)
SpiderOakONE x64 (HKLM\...\{7611B512-D818-47A4-8418-490EF9D12031}) (Version: 6.1.4.10155 - SpiderOak)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Crusade CCG (HKLM\...\Steam App 415270) (Version:  - ZiMAD, Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardock SkinStudio (HKLM-x32\...\SkinStudio) (Version: 8.10 - Stardock Software, Inc.)
Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.12 - Stardock Software, Inc.)
Stealth Bastard Deluxe (HKLM\...\Steam App 209190) (Version:  - Curve Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteamWorld Dig (HKLM-x32\...\Steam App 252410) (Version:  - Image&amp;Form)
SteamWorld Heist (HKLM\...\Steam App 322190) (Version:  - Image &amp; Form)
Stellaris Utopia (HKLM-x32\...\Stellaris Utopia_is1) (Version:  - )
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version:  - Failbetter Games)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TeamSpeak 3 Client (HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Teslagrad (HKLM-x32\...\Steam App 249590) (Version:  - Rain Games)
The Desolate Hope (HKLM\...\Steam App 298180) (Version:  - Scott Cawthon)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Swindle (HKLM\...\Steam App 369110) (Version:  - Size Five Games)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version:  - Modern Dream)
The Whispered World Special Edition (HKLM-x32\...\Steam App 268540) (Version:  - Daedalic Entertainment)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
TL-WN881ND Driver (HKLM-x32\...\{B512F025-E992-44D0-B1F4-D6E1D3339C80}) (Version: 1.0.0 - TP-LINK)
Tobias and the Dark Sceptres (HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\Tobias and the Dark Sceptres) (Version:  - )
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
VirtualDJ 8 (HKLM-x32\...\{AC964E48-8E21-4622-9073-AD42BC6A57B1}) (Version: 8.2.3343.0 - Atomix Productions)
VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-3) (Version: 1.0.39.1 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\WinDirStat) (Version:  - )
Windward (HKLM\...\Steam App 326410) (Version:  - Tasharen Entertainment Inc.)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [SpiderOakONEOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ShellIconOverlayIdentifiers: [SpiderOakOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers01: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\AxCryptShellExt.dll [2011-09-23] (Axantum Software AB)
ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers01: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2012-05-22] (The Eraser Project)
ContextMenuHandlers01: [SpiderOak] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers01: [SpiderOakONE] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers02: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2012-05-22] (The Eraser Project)
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers04: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2012-05-22] (The Eraser Project)
ContextMenuHandlers04: [SpiderOak] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers04: [SpiderOakONE] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-09] (NVIDIA Corporation)
ContextMenuHandlers05: [SpiderOak] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers05: [SpiderOakONE] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers06: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers06: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\AxCryptShellExt.dll [2011-09-23] (Axantum Software AB)
ContextMenuHandlers06: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2012-05-22] (The Eraser Project)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [SpiderOak] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)
ContextMenuHandlers06: [SpiderOakONE] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBF} => C:\Program Files\SpiderOakONE\shell_extension.dll [2016-04-11] (SpiderOakONE)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F8BC10-41C4-4CE4-A09E-096463019079} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {0926EFE5-8CF7-4BC4-94F7-0A9FA9EAF2F3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-10] (NVIDIA Corporation)
Task: {109B6BA3-E7F2-4867-855C-ACB95BFE9DDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {327E6884-ADBE-4F6F-B86B-88C375E1CCEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {399CE794-1988-4161-A271-31F505CEDC4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {3FB788A1-6307-4374-ACFD-1C45861848FF} - System32\Tasks\{5748EBA9-C9B4-4A2D-B120-9432668F9210} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.1.0.129.272&LastError=404
Task: {4770736D-8605-43FA-98E1-CA089C8F372D} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe
Task: {47F39BFE-00D3-4EBF-8BEE-07DB8D745D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {48620FF0-A304-43AA-AB4C-7F487E8FA7E8} - System32\Tasks\Unblock-us => C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSGY4F3O\unblock-us.exe
Task: {4CE979B0-9A5C-4322-A16F-72D93AD5FB8D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)
Task: {50FEA251-7731-4DE2-A7E0-3FB75A8B2816} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {5485DEEE-4AD8-4BB5-A5B7-D9C8A7843CD8} - System32\Tasks\Opera scheduled Autoupdate 1461275125 => G:\Programs\launcher.exe [2016-06-21] (Opera Software)
Task: {58CAE7D9-7A9D-4C1C-AE92-25ED055CC383} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2016-12-09] (Micro-Star INT'L CO., LTD.)
Task: {5A86C13C-30EA-4BA3-8215-9FE6DE683F3E} - System32\Tasks\Opera scheduled Autoupdate 1421414836 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-30] (Opera Software)
Task: {75CACEC0-1437-4F22-9414-7C733978D597} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {7C86D7A3-C560-4948-93B9-4A530F5989A9} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {7F9EB5FB-7A64-44EB-85BA-FBE510821AB8} - System32\Tasks\Auto Virtual Wifi => G:\autowifi.bat [2013-05-22] ()
Task: {83DDBAC2-1B01-4955-9276-91D870442603} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-04] (AVG Technologies CZ, s.r.o.)
Task: {88061434-61CD-47C8-A565-899D1AB35959} - System32\Tasks\NordVPN => C:\Program Files (x86)\NordVPN\NordVPN.exe [2017-06-02] (NordVPN)
Task: {91F86DE8-5911-40A9-AB1D-A9CE3398FE14} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {9C0B0A4F-F5C5-483F-A6E8-A72F3A1DB5A1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-10] (NVIDIA Corporation)
Task: {A0C92B39-EBE4-486E-857D-EC544098D121} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {AE908071-C2DF-4FA0-8782-AE75705B57A1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)
Task: {B2B69C9A-E863-4C2B-9D73-A672CD246053} - System32\Tasks\{FBCF1B55-ADB2-41D4-9A49-3C0DE4AE1E14} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/privacy
Task: {B4CC1387-F95E-4031-A74D-5A7EE7D7DD62} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)
Task: {BE92897C-A17D-4FE1-A8BD-430BAC8FC09B} - System32\Tasks\MSIAfterburner => G:\Programs\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {C837F814-A455-4263-AE12-6E9EFA8618A2} - System32\Tasks\Peerblock => C:\Program Files\PeerBlock\peerblock.exe
Task: {CC772A0A-C834-434F-A133-3C15BF4D7ADE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-05] (Overwolf LTD)
Task: {F84B10B0-49FC-41BA-9014-52ADB7932424} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {FA5248F5-4369-44D3-B828-0CFC9D4104AB} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {FA747F66-863F-476F-887D-1FC7FB4DD1EB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BattleScribe\Help.lnk -> hxxp://www.battlescribe.net/help-overview.htm

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -incognito

==================== Loaded Modules (Whitelisted) ==============

2016-03-14 21:00 - 2017-06-14 03:39 - 00981576 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2017-02-25 22:18 - 2017-02-09 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-02 23:44 - 2013-08-26 13:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2015-06-08 04:18 - 2013-04-29 10:12 - 00282624 _____ () C:\Program Files (x86)\MSI\ControlCenter\Sleep\MSISleepService.exe
2017-06-02 10:38 - 2017-06-02 10:38 - 00416432 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2017-06-02 10:38 - 2017-06-02 10:38 - 00008704 _____ () C:\Program Files (x86)\NordVPN\NordVpn.ServiceProxy.dll
2014-03-11 07:51 - 2014-03-11 07:51 - 00130048 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32api.pyd
2014-03-11 07:48 - 2014-03-11 07:48 - 00138240 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\pywintypes27.dll
2014-03-11 07:55 - 2014-03-11 07:55 - 00548864 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\pythoncom27.dll
2014-03-11 07:50 - 2014-03-11 07:50 - 00017920 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32trace.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00136192 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32security.pyd
2014-03-11 08:01 - 2014-03-11 08:01 - 00522752 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.shell.shell.pyd
2014-03-11 07:51 - 2014-03-11 07:51 - 00064000 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32evtlog.pyd
2014-03-11 07:49 - 2014-03-11 07:49 - 00149504 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32file.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00027648 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32pipe.pyd
2014-03-11 07:49 - 2014-03-11 07:49 - 00023040 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32event.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00045056 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32process.pyd
2014-03-11 07:51 - 2014-03-11 07:51 - 00223744 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32gui.pyd
2014-03-11 08:02 - 2014-03-11 08:02 - 00125952 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.propsys.propsys.pyd
2017-02-25 22:45 - 2017-02-10 01:52 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-25 22:45 - 2017-02-10 01:52 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2016-06-03 15:39 - 2016-06-03 15:39 - 00821240 _____ () G:\Programs\HTC Sync\adb.exe
2017-01-01 14:59 - 2017-01-01 14:59 - 00125440 _____ () C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
2017-01-01 14:59 - 2017-01-01 14:59 - 00111104 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2017-01-01 14:59 - 2017-01-01 14:59 - 00125952 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2017-01-01 14:59 - 2017-01-01 14:59 - 00130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2016-03-14 21:00 - 2017-06-14 03:39 - 02184776 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2017-05-24 13:21 - 2017-05-24 13:21 - 00163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 00832784 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 00277416 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2014-12-10 12:28 - 2014-12-10 12:28 - 01152000 _____ () C:\Program Files\SpiderOakONE\lib\_hashlib.pyd
2014-03-11 07:51 - 2014-03-11 07:51 - 00130048 _____ () C:\Program Files\SpiderOakONE\lib\win32api.pyd
2014-03-11 07:48 - 2014-03-11 07:48 - 00138240 _____ () C:\Program Files\SpiderOakONE\lib\pywintypes27.dll
2014-12-10 12:28 - 2014-12-10 12:28 - 00059392 _____ () C:\Program Files\SpiderOakONE\lib\_sqlite3.pyd
2014-12-10 12:27 - 2014-12-10 12:27 - 00535040 _____ () C:\Program Files\SpiderOakONE\lib\sqlite3.dll
2014-12-10 12:28 - 2014-12-10 12:28 - 00047616 _____ () C:\Program Files\SpiderOakONE\lib\_socket.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00025088 _____ () C:\Program Files\SpiderOakONE\lib\zope.interface._zope_interface_coptimizations.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00067584 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._OOBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00022528 _____ () C:\Program Files\SpiderOakONE\lib\persistent.cPersistence.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00012800 _____ () C:\Program Files\SpiderOakONE\lib\persistent.TimeStamp.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00018944 _____ () C:\Program Files\SpiderOakONE\lib\persistent.cPickleCache.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00072192 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._OIBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00075264 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._IIBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00072704 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._IOBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00075776 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._IFBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00073728 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._OLBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00076288 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._LLBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00073728 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._LOBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00076288 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._LFBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00073216 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._fsBTree.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00006656 _____ () C:\Program Files\SpiderOakONE\lib\twisted.python._initgroups.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00011264 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Hash.SHA256.pyd
2014-10-22 08:02 - 2014-10-22 08:02 - 00024064 _____ () C:\Program Files\SpiderOakONE\lib\bcrypt._bcrypt.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00010752 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Random.OSRNG.winrandom.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00010752 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Util._counter.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00033280 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Cipher.AES.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00112128 _____ () C:\Program Files\SpiderOakONE\lib\_ctypes.pyd
2014-03-11 07:55 - 2014-03-11 07:55 - 00548864 _____ () C:\Program Files\SpiderOakONE\lib\pythoncom27.dll
2014-03-11 08:01 - 2014-03-11 08:01 - 00522752 _____ () C:\Program Files\SpiderOakONE\lib\win32com.shell.shell.pyd
2014-03-11 07:49 - 2014-03-11 07:49 - 00149504 _____ () C:\Program Files\SpiderOakONE\lib\win32file.pyd
2014-11-09 13:20 - 2014-11-09 13:20 - 02184704 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtCore.pyd
2014-11-09 13:13 - 2014-11-09 13:13 - 00100352 _____ () C:\Program Files\SpiderOakONE\lib\sip.pyd
2014-11-09 13:25 - 2014-11-09 13:25 - 07851008 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtGui.pyd
2014-11-09 13:26 - 2014-11-09 13:26 - 00653824 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtNetwork.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00010752 _____ () C:\Program Files\SpiderOakONE\lib\select.pyd
2015-03-23 10:46 - 2015-03-23 10:46 - 00069120 _____ () C:\Program Files\SpiderOakONE\lib\OpenSSL.crypto.pyd
2015-03-23 10:46 - 2015-03-23 10:46 - 00010240 _____ () C:\Program Files\SpiderOakONE\lib\OpenSSL.rand.pyd
2015-03-23 10:47 - 2015-03-23 10:47 - 00053760 _____ () C:\Program Files\SpiderOakONE\lib\OpenSSL.SSL.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00045056 _____ () C:\Program Files\SpiderOakONE\lib\win32process.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00048128 _____ () C:\Program Files\SpiderOakONE\lib\win32inet.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00059392 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Cipher.DES3.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00009728 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Cipher.XOR.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00008192 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Util.strxor.pyd
2012-09-28 22:43 - 2012-09-28 22:43 - 00007680 _____ () C:\Program Files\SpiderOakONE\lib\twisted.protocols._c_urlarg.pyd
2014-11-09 13:26 - 2014-11-09 13:26 - 00262656 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtDeclarative.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00689664 _____ () C:\Program Files\SpiderOakONE\lib\unicodedata.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00027648 _____ () C:\Program Files\SpiderOakONE\lib\win32pipe.pyd
2014-03-11 07:49 - 2014-03-11 07:49 - 00023040 _____ () C:\Program Files\SpiderOakONE\lib\win32event.pyd
2014-03-11 07:51 - 2014-03-11 07:51 - 00064000 _____ () C:\Program Files\SpiderOakONE\lib\win32evtlog.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00136192 _____ () C:\Program Files\SpiderOakONE\lib\win32security.pyd
2015-06-01 19:41 - 2015-06-01 19:41 - 00174080 _____ () C:\Program Files\SpiderOakONE\styles\fusion.dll
2014-03-11 07:51 - 2014-03-11 07:51 - 00223744 _____ () C:\Program Files\SpiderOakONE\lib\win32gui.pyd
2014-03-11 07:50 - 2014-03-11 07:50 - 00055296 _____ () C:\Program Files\SpiderOakONE\lib\win32console.pyd
2012-09-28 22:42 - 2012-09-28 22:42 - 00035840 _____ () C:\Program Files\SpiderOakONE\lib\simplejson._speedups.pyd
2015-05-27 19:27 - 2015-05-27 19:27 - 00551424 _____ () C:\Program Files\SpiderOakONE\lib\pycurl.pyd
2016-04-11 15:02 - 2016-04-11 15:02 - 00013824 _____ () C:\Program Files\SpiderOakONE\lib\spideroak_version_matcher.pyd
2015-05-26 22:58 - 2015-05-26 22:58 - 01295872 _____ () C:\Program Files\SpiderOakONE\lib\PIL._imaging.pyd
2016-04-11 15:07 - 2016-04-11 15:07 - 00015360 _____ () C:\Program Files\SpiderOakONE\windows_dir_watcher.exe
2017-05-24 13:21 - 2017-05-24 13:21 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 00193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 00225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-07-09 11:41 - 2017-07-09 11:41 - 05781496 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17070900\algo.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 00690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 00232784 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2017-05-23 11:11 - 2017-05-23 11:11 - 00178128 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00030720 _____ () G:\Programs\DbAccess.dll
2016-06-03 15:37 - 2016-06-03 15:37 - 00607016 _____ () G:\Programs\sqlite3.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00059392 _____ () G:\Programs\NAdvLog.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00035864 _____ () G:\Programs\NFileCacheDBAccess.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00079888 _____ () G:\Programs\ninstallerhelper.dll
2016-03-09 14:41 - 2016-03-09 14:41 - 00129016 _____ () G:\Programs\zlib1.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00223240 _____ () G:\Programs\DevConnMon.dll
2017-06-22 14:14 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-02-25 22:45 - 2017-02-10 01:52 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-25 22:45 - 2017-02-10 01:52 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-25 22:45 - 2017-02-10 01:52 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-28 22:48 - 2016-11-28 22:48 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 01040072 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-04 00:49 - 2017-07-04 00:49 - 67109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2015-02-26 23:23 - 2012-05-14 13:43 - 00043008 _____ () C:\Program Files (x86)\Corsair\M90 Mouse\hidGetKey.dll
2016-03-23 11:04 - 2016-03-23 11:04 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-07-08 20:05 - 00454441 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15595 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2154846950-3185026240-1571722450-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.222.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Epic Privacy Browser Update => "C:\Users\Matt\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3D847CBE-C864-4836-B08F-E2DA67B1BE59}C:\users\matt\downloads\mtgoiii_helper.exe] => (Allow) C:\users\matt\downloads\mtgoiii_helper.exe
FirewallRules: [UDP Query User{4E24A4EF-14CE-4862-9203-0A18258A7572}C:\users\matt\downloads\mtgoiii_helper.exe] => (Allow) C:\users\matt\downloads\mtgoiii_helper.exe
FirewallRules: [{4B92FEFA-F84F-4BC1-A1AD-21AF18969745}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{07F3CCD6-1B61-4DE8-BA3D-2B5DD61796D5}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{88411A87-6246-4915-8C6B-324FDCFFF27C}C:\users\matt\downloads\operator-3.5\operator\opera\opera.exe] => (Allow) C:\users\matt\downloads\operator-3.5\operator\opera\opera.exe
FirewallRules: [UDP Query User{29C3BF6D-587F-41FF-9339-1E66EAB0B631}C:\users\matt\downloads\operator-3.5\operator\opera\opera.exe] => (Allow) C:\users\matt\downloads\operator-3.5\operator\opera\opera.exe
FirewallRules: [TCP Query User{C5A0E0BC-2ABB-4F42-802E-3A95603D3DC3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{F088449D-1DA6-4D75-BCE2-464F7FB786D2}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{FA5D6C86-15DB-4E29-8450-A2605320067D}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{753727A8-50B7-4998-93E9-9B5DC108A5A3}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{47A6F98E-71ED-4BC6-81CD-CE0A76054062}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{F7E54BA9-3F95-42A1-A569-DE226D9313D6}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{40D19ADD-E905-401D-A85D-17D8D995A1CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B77992F-400D-428C-811F-7A5BFCCD3F5B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B035DB8-2D6C-4600-B4EC-EF817B687BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{C7569AAF-75C4-424C-9E65-CB343343F0C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{82406C33-DA19-4F4E-A707-F7FDA06D6E89}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0434F373-C15A-44EF-BEEC-52CDBEFFC24F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4E2B41BE-C083-48B0-AD89-2EAA91D962CD}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{65FD3B35-0A2C-4FF5-A7A5-594BA9C46D37}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{B350DECA-152C-45FC-A2E4-CD3D1329920E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{6A89E14E-80DC-42DF-A529-9DA0C20D628B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{3C5BD988-206D-45AF-8E14-545D81F18E8B}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [UDP Query User{5FD09337-8114-44EA-A582-C1DF7B4D816D}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [{111CB6EB-CCAB-4BE3-893B-DA1F141D7B50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{6A4D3526-66C2-4CEA-B45B-5637185C0201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{26DE99B7-881F-4C4B-9672-D9D6A9B4D26F}] => (Allow) G:\Programs\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{E90C931D-2DF0-49B6-8B95-0BCE29326690}] => (Allow) G:\Programs\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{A4367BA8-E2DA-4902-BF3D-E49FF19D6E3C}] => (Allow) G:\Programs\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{B348C83D-6037-4BB5-AF9D-DFC182361A2F}] => (Allow) G:\Programs\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{9499BFE8-B89B-448A-B008-108DBD6425CA}] => (Allow) G:\Programs\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{66A772DB-8B7B-4B49-8972-9B8473774785}] => (Allow) G:\Programs\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{7783BA0D-B916-48D7-933E-FC95BD6831DE}] => (Allow) G:\Programs\SteamApps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{3846B6AD-AB87-440E-8172-FF28FC38B4D1}] => (Allow) G:\Programs\SteamApps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{B2BFEAE1-6FF5-474E-B1DE-0F6AC1C53134}] => (Allow) G:\Programs\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{4B61FC1F-0347-4E4F-AA1B-CE0052BE93F0}] => (Allow) G:\Programs\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{A5A2FD5D-4EC6-4BC8-8AAD-0F150A63CF1B}] => (Allow) G:\Programs\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{3ADBD7C0-D82F-45A5-9131-71BAD33F84FD}] => (Allow) G:\Programs\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{3BF6DDF8-3C84-48D1-BC32-1F1C1DC98256}] => (Allow) G:\Programs\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{32713BD7-1C26-4850-BF2D-744CA3CCDCAF}] => (Allow) G:\Programs\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{51175926-AFDB-4A55-9AD9-1978D49F2E9E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C9D6233F-31AF-4824-B60D-33236107B08B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{388F94F2-CFE6-4884-8EC6-321A83F45320}] => (Allow) G:\Programs\SteamApps\common\Space Hulk\game.exe
FirewallRules: [{AC29EE4C-23B6-4A3D-AB6F-D4D7EF8BA946}] => (Allow) G:\Programs\SteamApps\common\Space Hulk\game.exe
FirewallRules: [TCP Query User{0BB7272A-A93E-4E85-9ECF-E70E7DF6DDA9}G:\programs\space run\ospacegame.exe] => (Block) G:\programs\space run\ospacegame.exe
FirewallRules: [UDP Query User{87E29CE3-E8F2-46F0-8E14-19C8E96A554A}G:\programs\space run\ospacegame.exe] => (Block) G:\programs\space run\ospacegame.exe
FirewallRules: [TCP Query User{B1823C7A-A4A2-44CF-B36D-2F2EBD197DD3}C:\program files\spideroak\spideroak.exe] => (Allow) C:\program files\spideroak\spideroak.exe
FirewallRules: [UDP Query User{02C2253B-6709-4219-8441-79DE9F6BEA8B}C:\program files\spideroak\spideroak.exe] => (Allow) C:\program files\spideroak\spideroak.exe
FirewallRules: [{CA13FB0A-6B59-4894-A518-D7185AB52747}] => (Allow) G:\Programs\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{6C4E9AC7-7342-4619-9A0F-362C5AC8B752}] => (Allow) G:\Programs\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{95A7C67F-80A9-4FF3-AF43-031C4F6C80E7}] => (Allow) G:\Programs\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{7DAEBDC0-9AAB-4D3D-BC4C-BA0B6A94ABC8}] => (Allow) G:\Programs\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{9666E7AE-D71C-407F-B164-C1084DDCB642}] => (Allow) G:\Programs\SteamApps\common\Worms Armageddon\WA.exe
FirewallRules: [{E2CBAC4A-9EF7-4386-B2DA-A03138360013}] => (Allow) G:\Programs\SteamApps\common\Worms Armageddon\WA.exe
FirewallRules: [{83EF1C23-384A-4CA4-84F2-9F53B27F91D8}] => (Allow) G:\Programs\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{A76CEC0A-A45D-4F9C-A193-7540CDB29590}] => (Allow) G:\Programs\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{37D23DEE-D8B5-4279-8AD5-5078A52EBA8C}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{102977FD-79D3-46BF-810E-DE6B26FCB1BF}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F07EE7BE-713F-475E-82C9-F0249D6DA84F}] => (Allow) C:\Users\Matt\AppData\Local\Epic Privacy Browser\Application\epic.exe
FirewallRules: [{CC317BB6-8E38-4055-8D4F-A536AED4B854}] => (Allow) G:\Programs\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{0365DECD-F878-4B79-884D-AEE5602984BE}] => (Allow) G:\Programs\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{24ABA1CC-9BE3-47E0-BF52-A9C7B9D24E19}] => (Allow) G:\Programs\SteamApps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{6AA1BA35-BD41-473E-A655-7B127095DAB4}] => (Allow) G:\Programs\SteamApps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{5A12864C-DFEB-4589-8867-AECCAC69CEEF}] => (Allow) G:\Programs\SteamApps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{6529BF9D-DF66-46C2-A32A-B2FCA91E23F6}] => (Allow) G:\Programs\SteamApps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{D1121E62-447C-453C-8777-543A4932FDF7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{AC447EC9-2278-40CC-85F3-FECE08A1A2E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{1302FC6C-BEC2-4A13-9167-EDD83230CE36}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{66557B3D-D0AD-4CAF-8736-2E7C577FF153}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [TCP Query User{E510E320-AFAA-464B-8DDC-194811A6B0A0}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{41808191-12E2-426D-9BDB-789B925334CF}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [{E6C9396C-D577-43F5-A57D-1CBB938BB617}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{03FC31BD-D287-4E3E-BB6E-B34EC47E648B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{E6DFEAE3-BA57-4FA0-9A63-67D366B0E47F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB87BC3E-178B-419B-8EDE-A85CD7CDEFC5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96C073DC-C0C7-48F0-83AE-9636CF36AEE0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{7A259AD2-BFD3-4593-8810-12991FEC0941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{CF505747-4ED9-456E-BF0D-C5CEF4B2B499}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{8B2F9627-7D09-4A27-BDC5-8782ECC6324D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{EF23366B-6EE1-4CF8-9F70-6C9928A7B19C}G:\vuze\small world 2 v2.5.1.1375\small world 2.exe] => (Block) G:\vuze\small world 2 v2.5.1.1375\small world 2.exe
FirewallRules: [UDP Query User{62A4ECDC-5CD1-4FC3-8922-47D7BF99639C}G:\vuze\small world 2 v2.5.1.1375\small world 2.exe] => (Block) G:\vuze\small world 2 v2.5.1.1375\small world 2.exe
FirewallRules: [TCP Query User{ECB262D2-0C37-4E19-8740-35CC0280FE46}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5266460A-6BC0-490D-A584-728D8262F2F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4AA65580-FB01-4582-ABB3-98793BBA62A8}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1919D9AC-FA48-45C1-8ED4-D8DC6602D383}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [{7BF479A2-BD17-4BF9-9E27-C773BDC0887D}] => (Allow) G:\Programs\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{9FEBF820-1C35-4EC3-B1CC-375D8FA1585B}] => (Allow) G:\Programs\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{B89FD5EA-998E-4305-8151-1E38D0DCCF50}] => (Allow) G:\Programs\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{60715ACE-A435-47B0-AF0E-621C761FE14A}] => (Allow) G:\Programs\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [TCP Query User{79C158CA-6D6C-40D0-AA1C-2B60D94BE9D7}G:\programs\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) G:\programs\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{C69C6D56-CF29-42F5-BC1F-88AB49103913}G:\programs\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) G:\programs\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{E5ADEA41-326A-4F55-B6A6-0306EDD1021A}] => (Allow) G:\Programs\SteamApps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{B17DF1F9-82AD-406C-9E6F-FB05FA0A889B}] => (Allow) G:\Programs\SteamApps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [TCP Query User{A8F4E6BA-3E87-46C1-B706-7E9FC29CA357}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{79177E21-F00B-4DF5-90A1-79898CCBD039}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{C7B13B82-8511-4EE9-8199-93A4CB735C3F}] => (Allow) G:\Programs\SteamApps\common\AnotherPerspective\ap.exe
FirewallRules: [{B979BB43-93AC-4BF4-A9D7-18BEB3184DD5}] => (Allow) G:\Programs\SteamApps\common\AnotherPerspective\ap.exe
FirewallRules: [{96989488-6AE1-4187-B7EC-6C2E958E4C14}] => (Allow) G:\Programs\SteamApps\common\Teslagrad\Teslagrad.exe
FirewallRules: [{91645594-03C1-4241-9AC6-6B0F9FC980CF}] => (Allow) G:\Programs\SteamApps\common\Teslagrad\Teslagrad.exe
FirewallRules: [{9F4294FF-83B0-4B2C-A04B-0A0DB3FED1B7}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nscA856.tmp\CnetInstaller-75181507.exe
FirewallRules: [{CFABBAD6-3F9D-4516-BDC9-B6C4C67E9E1D}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nscA856.tmp\CnetInstaller-75181507.exe
FirewallRules: [{BCCA0238-6D5F-411C-AB55-0F52ADB970CC}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nst461B.tmp\CnetInstaller-75181507.exe
FirewallRules: [{BA6C6DC1-45CF-48DA-AE31-2EE80F44906E}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nst461B.tmp\CnetInstaller-75181507.exe
FirewallRules: [TCP Query User{5403BB2B-1887-42F5-B99E-9D00C1529727}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D3326A93-B31D-4279-A858-2DE75F6898D8}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{C72E8468-B214-4889-BEA2-4C3FE00CA265}] => (Allow) G:\Programs\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{F0FB92DC-7B74-4583-B360-840853971572}] => (Allow) G:\Programs\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{237CE9FE-5D66-456F-B3E9-A5F4398DD511}] => (Allow) G:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [{4AF54244-6C36-46AB-B2AA-ECC84F07CE82}] => (Allow) G:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{76DDC5DD-844A-4E55-97B7-7298B9604F66}G:\programs\starcraft ii\versions\base32283\sc2.exe] => (Allow) G:\programs\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{5D60F14A-0934-4495-B58D-C7563123BCE3}G:\programs\starcraft ii\versions\base32283\sc2.exe] => (Allow) G:\programs\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{7C3222F5-FC2C-4A8E-AA64-32684D8A97CE}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1BCA6888-C911-4881-94C6-18F70D668A32}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{9B333D0B-5901-4407-BC96-42A7A9ABF3BE}] => (Allow) G:\Programs\SteamApps\common\RONIN Demo\Ronin.exe
FirewallRules: [{6DF5EFF9-6A69-4235-9284-9CC9F0019B24}] => (Allow) G:\Programs\SteamApps\common\RONIN Demo\Ronin.exe
FirewallRules: [{9DA138FA-50AF-41EB-B4EC-A4F469E1D8BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{458505D3-434B-492A-8119-061A2BBF17B6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CF4ED976-A762-41B1-8D3D-2B6A82CF563C}] => (Allow) G:\Programs\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{30AA640C-5576-4ABA-81C1-69C81E5135D9}] => (Allow) G:\Programs\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{8FCDF381-0B74-4717-ABC8-2EABEBA629E3}] => (Allow) G:\Programs\World of Tanks\WoTLauncher.exe
FirewallRules: [{83A7C2AA-56F8-499C-BA9A-2962608E3568}] => (Allow) G:\Programs\World of Tanks\WorldofTanks.exe
FirewallRules: [{D762C985-EF81-422E-8179-35AC9CE2B2E0}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nshD2CB.tmp\Installer-75891451.exe
FirewallRules: [{71870858-687F-42FD-BE5A-7ECB80A57541}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nshD2CB.tmp\Installer-75891451.exe
FirewallRules: [TCP Query User{EF482C0F-8067-4527-9584-2939A24AEBE5}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E16AD71D-385B-4119-B7E3-7DD8F83ADDA4}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
FirewallRules: [{EFE95A2F-C0A8-4094-91BB-E46B43F0D117}] => (Allow) G:\Programs\Hearthstone\Hearthstone.exe
FirewallRules: [{0B9DE0BD-C423-4C7B-B54D-3F74EDB91D7B}] => (Allow) G:\Programs\Hearthstone\Hearthstone.exe
FirewallRules: [{0A9A39C2-6CDD-47A6-9F51-4D8E7458E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5106B5F-B85C-46A6-ACAF-0F8DB1A1EAE7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F13E36B-73FB-46E2-9B90-85C93DB68BE0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{0DAB6109-4125-4B57-AA55-521736717C04}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{0BF1B3D7-C0C9-4BF8-A5C4-EC373475FC20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{CF0F61C8-C096-4814-B98B-2E47119657A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{7ED062C7-1047-4E11-B237-09BC41D55FF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{D1044F9B-5154-447C-8912-6D59A3C7F806}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{7058B642-5CDC-434E-A099-A375E49A5FDA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{441CD0D2-22D2-48AD-8813-EBEAEB6AE610}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{90AD9727-1ED5-44E9-925E-3D733726E040}] => (Allow) G:\Programs\SteamApps\common\This War of Mine\Storyteller.exe
FirewallRules: [{4323856D-EF88-44D5-A7D5-BECE34669912}] => (Allow) G:\Programs\SteamApps\common\This War of Mine\Storyteller.exe
FirewallRules: [{A5C97A8D-A941-4290-A5F4-CEE8B221D486}] => (Allow) G:\Programs\SteamApps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{294B56B8-94CF-40CF-AC4D-A9C3AE4750D1}] => (Allow) G:\Programs\SteamApps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{7A13D216-EA29-45C6-900D-E9640A1A83DA}] => (Allow) G:\Programs\SteamApps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{DAE75BD2-6C6A-41D2-9A9A-2316D5D56637}] => (Allow) G:\Programs\SteamApps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{07F01C1A-0BE2-4441-978B-26914F43FAA1}] => (Allow) G:\Programs\SteamApps\common\Hacknet\Hacknet.exe
FirewallRules: [{5B4D0E48-B050-4592-B179-38A385589B7F}] => (Allow) G:\Programs\SteamApps\common\Hacknet\Hacknet.exe
FirewallRules: [TCP Query User{C9DBC1BD-BF8E-45D3-8774-1F6F2A684263}G:\programs\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E2CB758C-5C4B-4E98-96FB-752C95193FC2}G:\programs\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B5F0B8F6-5801-41A8-9326-4ADE6A66022A}G:\programs\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\programs\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{8BC471D1-6AAF-44B3-A571-99CFC5D67CE6}G:\programs\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\programs\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{AA7237A0-9488-4AB7-8E3C-C2E7B1D3ADB1}] => (Allow) G:\Programs\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{FE14E39C-5389-49A8-9E17-E2B20603053E}] => (Allow) G:\Programs\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [TCP Query User{1C3A493E-8DB7-447E-B77C-25CB37922328}G:\programs\hearthstone\hearthstone.exe] => (Allow) G:\programs\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BFBAFF4C-CF91-4A38-955B-1D4931DB6D26}G:\programs\hearthstone\hearthstone.exe] => (Allow) G:\programs\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{04B1FFFD-D84E-413D-B12B-43B176CC3542}G:\programs\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{72012ED4-A194-4CDB-B509-36FC2B3188E1}G:\programs\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0BE35145-D509-4171-B107-B5BE3080390C}G:\programs\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1FDB5BE7-51CE-4FE3-AB4C-5DF191B392EC}G:\programs\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2FDD13FE-BBD6-4D09-A50F-C3C8E241FC16}G:\programs\enter the gungeon\etg.exe] => (Block) G:\programs\enter the gungeon\etg.exe
FirewallRules: [UDP Query User{F8599CB8-35A3-4F8C-9542-1C0C00A7A933}G:\programs\enter the gungeon\etg.exe] => (Block) G:\programs\enter the gungeon\etg.exe
FirewallRules: [{BA2DDCE2-8F71-4462-BA62-8AA53FF06A64}] => (Block) c:\users\user\appdata\local\temp\androidoffer\spigotandroidoffer.exe
FirewallRules: [{13E7002F-6B1C-46BE-9B3A-7117E6CEA2B3}] => (Block) c:\users\user\appdata\local\temp\androidoffer\spigotandroidoffer.exe
FirewallRules: [{93EA2D66-EACE-4629-9793-26AC6BA2EE93}] => (Allow) G:\Programs\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{5E36B370-C10A-44F0-8B48-4B487574012C}] => (Allow) G:\Programs\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{8B91A4F4-BA74-4883-8431-59672152EA12}] => (Allow) G:\Programs\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{DC23C66A-F5B8-4803-9170-906BC8B89D7D}] => (Allow) G:\Programs\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [TCP Query User{809F5314-DB58-4187-A4F8-9CD3A38FFB2E}G:\programs\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Block) G:\programs\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [UDP Query User{436DE317-3B01-4320-80C3-BDDD9BCFFE05}G:\programs\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Block) G:\programs\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [TCP Query User{5D252415-F76E-4318-A001-69D23396F1A4}G:\programs\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{17C325BE-0170-4A81-A469-BFE3C62FF55E}G:\programs\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5824F05B-30A1-4A14-A01C-46AA5F372D7F}G:\programs\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1E0E9819-24B2-40A8-B0A9-6F7394B3A54C}G:\programs\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [{520EAC0E-B99F-42B2-A875-2A98940EE982}] => (Allow) G:\Programs\HTCSyncManager.exe
FirewallRules: [{4FF5F269-3E86-4D96-8706-47A42D91C043}] => (Allow) G:\Programs\HTCSyncManager.exe
FirewallRules: [{78799C1E-62F7-4E1C-975A-DA57A18C25F9}] => (Allow) G:\Vuze\IGG-Captain.Forever.Remix\cap4ever.exe
FirewallRules: [{C9E7A88D-CC35-4EFC-A2A6-7E63558623C1}] => (Allow) G:\Vuze\IGG-Captain.Forever.Remix\cap4ever.exe
FirewallRules: [{674E278F-0E32-4811-9404-D47897DB6D97}] => (Allow) G:\Vuze\IGG-Captain.Forever.Remix\cap4ever.exe
FirewallRules: [{858D455F-4188-4BE6-843B-0C05A3E4E836}] => (Allow) G:\Vuze\IGG-Captain.Forever.Remix\cap4ever.exe
FirewallRules: [TCP Query User{7A046FBD-CFE8-4196-B00C-43241623D16B}C:\program files\spideroakone\spideroakone.exe] => (Allow) C:\program files\spideroakone\spideroakone.exe
FirewallRules: [UDP Query User{B07277B1-A8A8-4F23-AFBC-8BDE2959B5BC}C:\program files\spideroakone\spideroakone.exe] => (Allow) C:\program files\spideroakone\spideroakone.exe
FirewallRules: [TCP Query User{E5114E34-E1DA-406C-8B0E-7DA08DC198FB}G:\programs\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BB784DFC-ABDC-4ACA-B5C5-BE5D3B1B1B82}G:\programs\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [{3D1CC013-61A5-4717-8944-9323FE392F95}] => (Allow) G:\Programs\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{32091A82-33F6-4C85-8CAC-97D0DE433AFE}] => (Allow) G:\Programs\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{5D36C894-8D30-40A2-8781-927E147559B1}] => (Allow) G:\Programs\SteamApps\common\Faeria\Faeria.exe
FirewallRules: [{C7FF18E5-14A0-4674-AA94-247C0844B2DF}] => (Allow) G:\Programs\SteamApps\common\Faeria\Faeria.exe
FirewallRules: [{BA9602AD-BD35-4588-BB83-C125280B7714}] => (Allow) G:\Programs\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{2BF360A1-07CE-4718-B16F-4BC39E9AA699}] => (Allow) G:\Programs\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{FB69301F-F8B9-48A0-A4D8-56EEB2D7056F}] => (Allow) G:\Programs\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{B07962D6-DAD4-4855-8C88-189AA141D156}] => (Allow) G:\Programs\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{91B03243-E7CD-48C2-A25B-5331BF3B356A}] => (Allow) G:\Programs\SteamApps\common\Duelyst\Duelyst.exe
FirewallRules: [{5EF0F48F-3BC2-4201-BE3C-D20B3CBCF179}] => (Allow) G:\Programs\SteamApps\common\Duelyst\Duelyst.exe
FirewallRules: [TCP Query User{10FC5A0C-DA70-4F27-814B-5EBBE055D244}G:\programs\starcraft ii\versions\base46154\sc2_x64.exe] => (Allow) G:\programs\starcraft ii\versions\base46154\sc2_x64.exe
FirewallRules: [UDP Query User{5B3B343A-2D59-4952-8731-E26808DC5312}G:\programs\starcraft ii\versions\base46154\sc2_x64.exe] => (Allow) G:\programs\starcraft ii\versions\base46154\sc2_x64.exe
FirewallRules: [TCP Query User{377ABBA1-B5F9-400B-AD29-ADFE599FB1A8}G:\programs\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C5A42D4D-BBFA-4E94-A0FC-A8F0BDF4F403}G:\programs\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{9EFE8B00-D802-4498-8378-9A64EC7A9069}] => (Allow) G:\Programs\SteamApps\common\Dex\Dex.exe
FirewallRules: [{DC0A6DB4-40B3-4142-AAC1-198ED552F635}] => (Allow) G:\Programs\SteamApps\common\Dex\Dex.exe
FirewallRules: [{219308E9-20B1-4A78-B360-71CC2068A42A}] => (Allow) G:\Programs\SteamApps\common\Dex\GamepadConfigTool.exe
FirewallRules: [{951EE8BF-013C-4D50-8C0B-CD985AFFC352}] => (Allow) G:\Programs\SteamApps\common\Dex\GamepadConfigTool.exe
FirewallRules: [TCP Query User{491F2E20-08B9-4533-8759-8F53146BFFEA}G:\programs\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DEDD0506-9EB3-4A60-8E54-742A5E14F6EF}G:\programs\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [{256653E5-C226-4ECF-A03D-6571A4515C66}] => (Allow) G:\Programs\SteamApps\common\The Desolate Hope\The Desolate Hope.exe
FirewallRules: [{452A75B1-261C-41E2-8C62-2F535EC91647}] => (Allow) G:\Programs\SteamApps\common\The Desolate Hope\The Desolate Hope.exe
FirewallRules: [TCP Query User{7D79AB71-97DE-4049-9D8B-6041C4FA7112}G:\programs\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{004EFCB8-A1D1-4DAA-BE49-B7AA0D89C928}G:\programs\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{BC97C07C-20AD-4E07-A027-C3EF0A9EDEC2}] => (Allow) G:\Programs\SteamApps\common\Defcon\defcon.exe
FirewallRules: [{1A1BEFBE-A422-4F0E-A05F-28FA05157800}] => (Allow) G:\Programs\SteamApps\common\Defcon\defcon.exe
FirewallRules: [{4498D58D-F560-4B87-9312-01F6F10591BC}] => (Allow) G:\Programs\SteamApps\common\Luftrausers\bin\Luftrausers.exe
FirewallRules: [{EA81DADE-0287-4E63-B2BE-7668A189667B}] => (Allow) G:\Programs\SteamApps\common\Luftrausers\bin\Luftrausers.exe
FirewallRules: [{D534B7F1-41D7-474B-98D7-914CADE58A3E}] => (Allow) G:\Programs\SteamApps\common\Oh...Sir! The Insult Simulator\ohsir.exe
FirewallRules: [{B318DD71-9FA6-43C3-939E-9EC84C70E601}] => (Allow) G:\Programs\SteamApps\common\Oh...Sir! The Insult Simulator\ohsir.exe
FirewallRules: [{DF043DE1-693A-4468-A735-BCEA9ECA57C7}] => (Allow) G:\Programs\SteamApps\common\StealthBastardDeluxe\StealthBastard[Steam].exe
FirewallRules: [{A2EC0953-EFF8-4C55-8B08-1EA8E0724F66}] => (Allow) G:\Programs\SteamApps\common\StealthBastardDeluxe\StealthBastard[Steam].exe
FirewallRules: [TCP Query User{FE5E35A4-8B74-4E7E-9206-640A8A1AD3D0}G:\programs\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{457BF86F-7BA9-4BE5-8A48-16BB5F7EA045}G:\programs\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{F59636DB-2679-4006-9A79-ACD9EAACE9F7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6B065ABF-60E5-4E79-A622-9AF972CEF256}G:\programs\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8C335082-7328-4C63-8E77-5551BFBA40A8}G:\programs\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [{F747B210-A12C-4DFB-BFB3-F8871FABE1FB}] => (Allow) G:\Programs\SteamApps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{24BC6DA3-ADE2-4CD9-8424-127E0F9D250E}] => (Allow) G:\Programs\SteamApps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{7370918F-1952-4A70-AAA2-986A4E5DFD2E}] => (Allow) G:\Programs\SteamApps\common\SteamWorld Heist\Heist.exe
FirewallRules: [{AAC1B29A-C399-4A9D-8A3E-28B98941169B}] => (Allow) G:\Programs\SteamApps\common\SteamWorld Heist\Heist.exe
FirewallRules: [{FCB13020-308D-4A89-A6BB-D8D2D4CA033B}] => (Allow) G:\Programs\SteamApps\common\Lethis - Path of Progress\Lethis-Path_Of_Progress.exe
FirewallRules: [{F22E8612-0D9E-4F73-A6EC-4B5F7ED77F9D}] => (Allow) G:\Programs\SteamApps\common\Lethis - Path of Progress\Lethis-Path_Of_Progress.exe
FirewallRules: [{F3D633F1-36FE-42A9-80B0-B87D5DF4EE25}] => (Allow) G:\Programs\SteamApps\common\The Swindle\TheSwindle.exe
FirewallRules: [{CCC832E4-7BF8-4992-96B3-D9D33212A215}] => (Allow) G:\Programs\SteamApps\common\The Swindle\TheSwindle.exe
FirewallRules: [TCP Query User{CE8C8243-9301-427E-A395-2971BF2F2470}G:\programs\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A81E9FB4-7ED6-426C-A131-A9BCD883D29B}G:\programs\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4DB7ACF5-1DFD-48B1-A020-E766CC7AA9DE}G:\programs\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D9C803F8-052F-4CB2-BF63-C88F471D9C32}G:\programs\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [{D9A39D93-BBD5-441E-A9B2-CCE777CD26B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0E904D23-F1EE-4E8C-B552-0472993CD265}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{24BA3436-C387-4E5E-8971-C26BD0E024DE}G:\programs\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7198DF32-F997-42CD-BE0B-E76FC640B06A}G:\programs\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{A0DB33A9-F607-4C2E-836F-D28CB140FCBB}] => (Allow) G:\Programs\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{78C88094-1A3D-4146-8A7F-7DF749F5CA09}] => (Allow) G:\Programs\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [TCP Query User{D8DD17E3-4AC4-4F85-8752-B0611095288D}G:\programs\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2F178991-DC1C-40CE-A586-FED1E2E44427}G:\programs\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [{DB3F94A7-B4FF-4452-B6B6-9085273005FC}] => (Allow) G:\Programs\SteamApps\common\Blood Bowl 2\BloodBowl2.exe
FirewallRules: [{BF60C2B0-34A2-460D-A433-D421D527EF96}] => (Allow) G:\Programs\SteamApps\common\Blood Bowl 2\BloodBowl2.exe
FirewallRules: [TCP Query User{319D9348-C6F4-4AC2-8BAD-A8934FDB1CCB}G:\programs\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Block) G:\programs\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1BB28A33-7BDA-49B9-88ED-0717A653DD2B}G:\programs\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Block) G:\programs\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{DBCDBBF5-7A82-490F-92D3-13F8A4C94B6B}] => (Allow) G:\Programs\SteamApps\common\DepressionQuest\DepressionQuest.exe
FirewallRules: [{663D1C5A-C69C-4D5C-8F29-7D643B078B6C}] => (Allow) G:\Programs\SteamApps\common\DepressionQuest\DepressionQuest.exe
FirewallRules: [TCP Query User{61107352-1388-4719-A47C-CF0B71A74AC1}G:\programs\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{63A4E578-E306-4392-B6EC-CD226C56C464}G:\programs\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{64B92C12-E2AF-4550-8000-DC7E2EB526A6}G:\programs\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) G:\programs\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{00D9F59E-6F06-4D7A-AAF3-31E106613B7A}G:\programs\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) G:\programs\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{12923B75-B77F-4643-B560-4DBCBA7D213C}G:\programs\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) G:\programs\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{3A987E67-EB72-4642-96AB-2EEEEFC8544E}G:\programs\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) G:\programs\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [TCP Query User{28E1A136-69CD-4758-A09B-7336AAAF40B2}G:\programs\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{201F9311-DA89-4880-AAE9-70B2793CE0DB}G:\programs\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [{6227BCDC-C417-4934-8C6C-3F4A453134D6}] => (Allow) G:\Programs\SteamApps\common\Beholder\Beholder.exe
FirewallRules: [{A90326BD-65C6-423E-AB6D-04D5AE349B82}] => (Allow) G:\Programs\SteamApps\common\Beholder\Beholder.exe
FirewallRules: [{BC8FF146-C7DE-46F3-B1AA-6A5F36E03D7E}] => (Allow) G:\Programs\SteamApps\common\Orwell\Orwell.exe
FirewallRules: [{EC576E71-73D7-4684-BF37-C20C6CBBB925}] => (Allow) G:\Programs\SteamApps\common\Orwell\Orwell.exe
FirewallRules: [{9D28634D-DD58-477B-BF90-3929C8BA49E4}] => (Allow) LPort=26789
FirewallRules: [TCP Query User{0F9242B8-99AA-41D0-A77D-2806C5EAC89A}C:\program files\spideroakone\spideroakone.exe] => (Block) C:\program files\spideroakone\spideroakone.exe
FirewallRules: [UDP Query User{CBED3529-8C44-47B8-B2FC-23B8F28A3B41}C:\program files\spideroakone\spideroakone.exe] => (Block) C:\program files\spideroakone\spideroakone.exe
FirewallRules: [{A37009E3-FE2D-4648-BED4-65F6FE383316}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F42F43E5-705D-446C-B845-0B43B20C61E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7342658C-035C-4D56-8530-ECF444F5A5C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8D0DF3FC-C0ED-410A-80C7-EE2482E2AA06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E225E8E4-245D-4125-9AA8-DACEB45D67C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{29CBB603-4417-4C6A-8D4D-A1C5F4D2B359}G:\programs\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C68A410C-9BF0-4AEE-B163-6DD593305340}G:\programs\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{60F0123B-8C6E-444A-BA04-473D9F6C9319}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{CA48867A-4820-4009-8D55-5BA3005F778E}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{20480F2B-78B8-4E7C-8EC9-0A3DE84BF673}] => (Allow) G:\Programs\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{D1DDA601-927C-4BEA-920C-B61BDD22B124}] => (Allow) G:\Programs\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{4FDD297D-A0FE-43E1-966C-E212DC19F2F0}] => (Allow) G:\Programs\SteamApps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{00AC400A-81B0-47E7-AA80-0C73AB444D16}] => (Allow) G:\Programs\SteamApps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [TCP Query User{D2DF8D43-2710-47E1-824B-A951FDCCB0CC}G:\programs\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{95D55AC1-F117-4EE4-B22A-350896EA74D9}G:\programs\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [{F8EB5BBB-26EE-4E6A-86BE-0D5BF0496180}] => (Allow) G:\Programs\SteamApps\common\Sonic CD\soniccd.exe
FirewallRules: [{5C66D579-1269-46C1-BCB4-D195A020624C}] => (Allow) G:\Programs\SteamApps\common\Sonic CD\soniccd.exe
FirewallRules: [{2E29E462-DFF1-47A4-8B07-6CF3FCC02DC6}] => (Allow) G:\Programs\SteamApps\common\Sonic CD\setup.exe
FirewallRules: [{B766DBD6-3397-4B43-83E0-39221E7C48C8}] => (Allow) G:\Programs\SteamApps\common\Sonic CD\setup.exe
FirewallRules: [TCP Query User{96E887EE-B5F0-4C0F-8BAC-1FD0B29C4FF3}G:\programs\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3775FA17-3E8E-4159-92E8-F3EFF4AC480E}G:\programs\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [{E7950F96-1A5B-408F-A32A-784827D16E2D}] => (Allow) G:\Programs\Stellaris Utopia\stellaris.exe
FirewallRules: [{833A5A54-00D0-4DE1-A2A5-2938A4229DF0}] => (Allow) G:\Programs\Stellaris Utopia\stellaris.exe
FirewallRules: [{77113C0F-E395-4A22-808A-C689E936BBF9}] => (Allow) G:\Programs\Stellaris Utopia\stellaris.exe
FirewallRules: [{3BA2ADD3-BAEF-4737-8831-D5541673A2DA}] => (Allow) G:\Programs\Stellaris Utopia\stellaris.exe
FirewallRules: [TCP Query User{BF6425CD-2C21-4EC5-BF9F-0EE222148792}G:\programs\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{655496C9-1285-4879-9F95-4A6BCC35C17D}G:\programs\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F0D4E080-61C0-4945-8855-E4FB092DDCBC}G:\programs\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FCE244A9-2EE6-4C59-8F34-09AF6F13198E}G:\programs\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{23EC1468-284D-4418-A014-FEB7B4B1A9E4}] => (Allow) G:\Programs\SteamApps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{1C7E1EB3-8ADE-4D7B-925E-6E2DFDC88643}] => (Allow) G:\Programs\SteamApps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{8D421DF3-C900-4710-9EDC-C60EF8B03AE3}] => (Allow) G:\Programs\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CB29AC6F-EFB4-414A-96DC-442528D3E736}] => (Allow) G:\Programs\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{1935EBE5-50ED-4DA2-A05A-06480C6D6282}G:\programs\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{45B42CF8-0722-4706-9639-6FD587963160}G:\programs\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0F648F72-3812-4195-97CD-189AEC9697B1}G:\programs\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8C8DBBB0-C9CF-46AF-8BE0-B35BD3B6343F}G:\programs\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{326C7AAD-9E8A-4EFC-9F07-24691F9FAED7}G:\programs\overwatch\overwatch.exe] => (Allow) G:\programs\overwatch\overwatch.exe
FirewallRules: [UDP Query User{2431E8ED-C57E-4A56-9BCB-7792D47517D9}G:\programs\overwatch\overwatch.exe] => (Allow) G:\programs\overwatch\overwatch.exe
FirewallRules: [{F7534A19-D43A-4FDF-BC95-4371BF799256}] => (Allow) G:\Programs\SteamApps\common\Star Crusade CCG\app.exe
FirewallRules: [{E3078B5C-79C5-4C88-83D8-2AB27DA70AD2}] => (Allow) G:\Programs\SteamApps\common\Star Crusade CCG\app.exe
FirewallRules: [TCP Query User{F3A0FD9F-A0D8-4FF7-A7AC-9F9F237335E5}G:\programs\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4C1FF6D8-6263-4370-AC14-119D478B5297}G:\programs\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{94563E00-69BD-4953-8EE2-681AA005695C}] => (Allow) G:\Programs\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{0CC52DE2-40A5-4A68-A113-8CA6C4B6AB66}] => (Allow) G:\Programs\SteamApps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{7F6161FD-66BB-42BE-98DA-A7D4B34A7886}G:\programs\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BC7683F5-CE97-4794-BCEE-6623525F3D65}G:\programs\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{F1574668-0B0D-4E9B-AE41-3754C57D6052}] => (Allow) G:\Programs\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{B77FEAD2-F9C8-44B0-8211-D686B83F214A}] => (Allow) G:\Programs\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{A18A898B-A5AD-4FDD-80BA-8DF6C85E2814}] => (Allow) G:\Programs\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{A1F6AE27-EE7C-4F8E-9239-B9205C1D89DF}] => (Allow) G:\Programs\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{50C9B342-0A73-456C-B052-4F34D7750EFC}] => (Allow) C:\Program Files\Light\light.exe
FirewallRules: [{58F88242-1BBF-4D51-A43D-78FFCC844A7A}] => (Allow) C:\Program Files\Light\light.exe
FirewallRules: [{6886BD4E-08E0-4507-AC2C-EBECA23C290F}] => (Allow) G:\Programs\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{DED10508-41AA-43FB-999A-F1C54F950370}] => (Allow) G:\Programs\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{178FCE1D-9BE8-48D5-BAE5-4964D9B886AB}G:\programs\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{022E9BC3-929D-46CC-96AD-C83EAFF08AA7}G:\programs\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8F859FD3-17C3-4E39-A949-B3E35D4660ED}G:\programs\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{22B443C4-8843-4840-815B-9C5D0DC2A816}G:\programs\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) G:\programs\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{8583E79D-B7A4-4660-859E-F0BC3BACB0F1}] => (Allow) G:\Programs\SteamApps\common\Kingdom\Kingdom.exe
FirewallRules: [{C2CA582F-6973-4059-8D8E-37219B75ADA8}] => (Allow) G:\Programs\SteamApps\common\Kingdom\Kingdom.exe
FirewallRules: [{0BCEE270-A6B3-4740-8FF1-B06B57F4F0FB}] => (Allow) G:\Programs\SteamApps\common\Kingdom New Lands\Kingdom.exe
FirewallRules: [{1F52D5F7-9E99-44B9-9853-2EE40602B6EB}] => (Allow) G:\Programs\SteamApps\common\Kingdom New Lands\Kingdom.exe
FirewallRules: [{60844469-66BD-4725-AEDA-C25C5B654C42}] => (Allow) G:\Programs\SteamApps\common\Please, Don’t Touch Anything\DontTouchAnything.exe
FirewallRules: [{4F914E11-003F-41C7-BE39-B8DDEBDCA768}] => (Allow) G:\Programs\SteamApps\common\Please, Don’t Touch Anything\DontTouchAnything.exe
FirewallRules: [{6B7E9C89-AD4A-49E0-A86E-44F5B5DC70F6}] => (Allow) G:\Programs\SteamApps\common\Political Animals\PoliticalAnimals.exe
FirewallRules: [{1CD467A1-E96A-41A8-8027-301698ACA651}] => (Allow) G:\Programs\SteamApps\common\Political Animals\PoliticalAnimals.exe
FirewallRules: [{C5E96980-A026-4E2B-9DAD-3A1013CCDAAF}] => (Allow) G:\Programs\SteamApps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
FirewallRules: [{C12B6216-14F0-47DA-B5EC-31FE1278844F}] => (Allow) G:\Programs\SteamApps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
FirewallRules: [{88264D55-1896-46C0-A5B5-1C023C4C354D}] => (Allow) G:\Programs\SteamApps\common\Windward\Windward.exe
FirewallRules: [{2EF20EB2-E432-4EE9-B0E9-7E910C3C77F1}] => (Allow) G:\Programs\SteamApps\common\Windward\Windward.exe
FirewallRules: [{7CE36766-6091-4D17-B4EB-41C6043F90EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B0843793-B154-44A0-A73E-450906C82C41}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{901DB662-A677-4BDC-9976-74467A85E582}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C31D3060-72DC-4E90-BB3C-E94301A1BF15}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{A668DE9D-07A8-4D38-BDEC-FB93C2A19111}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{EB1089D3-D8CD-4CAA-8891-038275EF2969}] => (Allow) G:\Programs\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{CC5148B1-54FC-40C7-B29D-7C2D376C0656}] => (Allow) G:\Programs\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{185E0693-FDA5-4024-BAB7-4FFDCD5EE947}] => (Allow) G:\Programs\SteamApps\common\Duskers\Duskers.exe
FirewallRules: [{02D2D50F-B111-43C8-B183-BA7FFBDD3906}] => (Allow) G:\Programs\SteamApps\common\Duskers\Duskers.exe
FirewallRules: [{DF81B7BD-437C-4FC3-95E9-0CF899B7DF69}] => (Allow) G:\Programs\SteamApps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{0B214D07-634E-49C0-987B-86BAE52F7E47}] => (Allow) G:\Programs\SteamApps\common\DarkestDungeon\_windows\Darkest.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TP-LINK 300Mbps Wireless N Adapter #2
Description: TP-LINK 300Mbps Wireless N Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-LINK
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2017 12:23:15 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (07/09/2017 12:20:28 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
   at GamingApp_Service.Service1.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (07/09/2017 11:41:13 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (07/09/2017 11:37:20 AM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
   at GamingApp_Service.Service1.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (07/08/2017 10:37:25 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (07/08/2017 10:34:30 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
   at GamingApp_Service.Service1.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (07/08/2017 08:45:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2154846950-3185026240-1571722450-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9f1b0fd9-6da6-4007-8ddd-36b338e86ab1}

Error: (07/08/2017 07:04:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (07/08/2017 07:03:56 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
   at GamingApp_Service.Service1.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (07/08/2017 06:47:03 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start


System errors:
=============
Error: (07/09/2017 12:24:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (07/09/2017 12:24:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The GamingApp_Service service hung on starting.

Error: (07/09/2017 12:23:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (07/09/2017 11:42:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (07/09/2017 11:42:40 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The GamingApp_Service service hung on starting.

Error: (07/09/2017 11:41:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (07/09/2017 11:40:20 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The avgbIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (07/08/2017 10:37:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (07/08/2017 10:37:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The GamingApp_Service service hung on starting.

Error: (07/08/2017 10:35:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.


CodeIntegrity:
===================================
  Date: 2014-06-11 00:37:23.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-11 00:16:51.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-8120 Eight-Core Processor
Percentage of memory in use: 50%
Total physical RAM: 8162.12 MB
Available physical RAM: 4057.54 MB
Total Virtual: 16322.43 MB
Available Virtual: 12010.17 MB

==================== Drives ================================

Drive c: (YAMATO) (Fixed) (Total:232.79 GB) (Free:122.53 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (AGNI) (Fixed) (Total:97.56 GB) (Free:4.5 GB) NTFS
Drive g: (RUDRA) (Fixed) (Total:1765.36 GB) (Free:22.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: F4C9A1AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 815A4704)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1765.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 09 July 2017 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
HKLM-x32\...\RunOnce: [SpybotDeletingA3731] => command.com /c del "C:\END"
HKLM-x32\...\RunOnce: [SpybotDeletingC102] => cmd.exe /c del "C:\END"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingB1598] => command.com /c del "C:\END"
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingD4497] => cmd.exe /c del "C:\END"
GroupPolicy\User: Restriction <==== ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\user.js [2014-01-02]
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Comodo\IceDragon\Profiles\alaj1vnj.default [2014-07-10]
FF Homepage: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.yahoo.com?fr=fp-comodo
FF Keyword.URL: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
FF Extension: (No Name) - C:\Program Files (x86)\Comodo\IceDragon\browser\extensions\DnD@comodo.com [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp","hxxps://www.google.co.uk/","hxxps://uk.search.yahoo.com/?type=242154&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-14] (AVG Secure Search)

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====
Please let me know what problem persists with this computer.

#3 Moomintroll

Moomintroll
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 09 July 2017 - 02:34 PM

Hi nasdaq and thanks for your swift reply! I ran the fix, rebooted, then reset Chrome and Firefox. Shall I run another scan?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by User (09-07-2017 16:51:34) Run:1
Running from G:\Downloads
Loaded Profiles: Matt & User (Available Profiles: Matt & User & Megatron)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
HKLM-x32\...\RunOnce: [SpybotDeletingA3731] => command.com /c del "C:\END"
HKLM-x32\...\RunOnce: [SpybotDeletingC102] => cmd.exe /c del "C:\END"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingB1598] => command.com /c del "C:\END"
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingD4497] => cmd.exe /c del "C:\END"
GroupPolicy\User: Restriction <==== ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\user.js [2014-01-02]
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Comodo\IceDragon\Profiles\alaj1vnj.default [2014-07-10]
FF Homepage: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.yahoo.com?fr=fp-comodo
FF Keyword.URL: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
FF Extension: (No Name) - C:\Program Files (x86)\Comodo\IceDragon\browser\extensions\DnD@comodo.com [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp","hxxps://www.google.co.uk/","hxxps://uk.search.yahoo.com/?type=242154&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-14] (AVG Secure Search)

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA3731 => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC102 => value could not remove.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key could not remove. Access Denied.
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1598 => value not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-07-2017 20:05:30)

==> ATTENTION: System is not rebooted.

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully

==== End of Fixlog 20:05:30 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 10 July 2017 - 06:59 AM

Please run the Fix one more time.

Make sure you are using an Administrator account this time.

This one should be OK
Matt (S-1-5-21-2154846950-3185026240-1571722450-1000 - Administrator - Enabled) => C:\Users\Matt

Post a fresh FRST log for my review.

Let me know what problem persists.

#5 Moomintroll

Moomintroll
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 10 July 2017 - 10:28 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Matt (10-07-2017 16:16:11) Run:2
Running from G:\Downloads
Loaded Profiles: Matt & User (Available Profiles: Matt & User & Megatron)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
HKLM-x32\...\RunOnce: [SpybotDeletingA3731] => command.com /c del "C:\END"
HKLM-x32\...\RunOnce: [SpybotDeletingC102] => cmd.exe /c del "C:\END"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingB1598] => command.com /c del "C:\END"
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\...\RunOnce: [SpybotDeletingD4497] => cmd.exe /c del "C:\END"
GroupPolicy\User: Restriction <==== ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\user.js [2014-01-02]
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Comodo\IceDragon\Profiles\alaj1vnj.default [2014-07-10]
FF Homepage: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.yahoo.com?fr=fp-comodo
FF Keyword.URL: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
FF Extension: (No Name) - C:\Program Files (x86)\Comodo\IceDragon\browser\extensions\DnD@comodo.com [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp","hxxps://www.google.co.uk/","hxxps://uk.search.yahoo.com/?type=242154&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-14] (AVG Secure Search)

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA3731 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC102 => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1598 => value removed successfully
HKU\S-1-5-21-2154846950-3185026240-1571722450-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4497 => value removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gz8psi5w.default\user.js => moved successfully
C:\Users\Matt\AppData\Roaming\Comodo\IceDragon\Profiles\alaj1vnj.default => moved successfully
C:\Users\Matt\AppData\Roaming\Comodo\IceDragon\Profiles\alaj1vnj.default => path removed successfully
FF Homepage: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.yahoo.com?fr=fp-comodo => not found
FF Keyword.URL: Comodo\IceDragon\Profiles\alaj1vnj.default -> hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p= => not found
C:\Program Files (x86)\Comodo\IceDragon\browser\extensions\DnD@comodo.com => not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin => key removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\vToolbarUpdater40.3.8 => key removed successfully
vToolbarUpdater40.3.8 => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10855149 B
Java, Flash, Steam htmlcache => 138878 B
Windows/system/drivers => 53845356 B
Edge => 0 B
Chrome => 230812683 B
Firefox => 123536820 B
Opera => 7769037 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 1751614296 B
LocalService => 132372 B
NetworkService => 77598 B
Matt => 61915259 B
TEMP.NIGHTMARE-Y => 0 B
User => 153467603 B
TEMP => 0 B
Megatron => 30614406 B

RecycleBin => 1275389506 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:17:38 ====

 

Rebooted as prompted. I haven't run any antimalware programs yet, although will update you once I have done so. To be frank, there didn't appear to be anything out of the ordinary occurring prior to posting here; I did so for peace of mind more than anything.


Edited by Moomintroll, 10 July 2017 - 10:30 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 10 July 2017 - 12:53 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users