Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntuserlitelist and cpx infected whitelisted registry possible rootkit.


  • This topic is locked This topic is locked
17 replies to this topic

#1 IHATETROJANS1234

IHATETROJANS1234

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 10:48 AM

After downloading a file the other day I have had searchmanager extension added to chrome and "The requested resource is in use" text while trying to launch anti virus I am restricted from deleting many of my files by a group called "Administrators" and having trouble figuring out what to do. I have tried Avast rescue disk but every time I "delete" the files they come back. I have also tried RKill and File assassin to delete a file called "ntuserlitelist" and I am becoming restless I can post logs from Avast and Rkill but that is about it. Also everytime I try to launch in safe mode It eventually crashes and I still can't launch my anti virus and when I try to launch file explorer or control panel it says I am out of memory even though I have 16G. Also when I try to terminate some processes I am denied pretty much most of my capabilities are denied. I am about to cry I need closure and maybe even a hug

 

 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Matthew (administrator) on NERDS (22-07-2017 11:37:25)
Running from C:\Users\Matthew
Loaded Profiles: Matthew (Available Profiles: Matthew)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Windows\System32\tprdpw64.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(NordVPN) C:\Program Files\NordVPN\NordVPN Client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Matthew\AppData\Local\xnrvl\pqdam\ct.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [cpx] => "C:\Users\Default\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Default\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\Run: [GoogleChromeAutoLaunch_1DCACA8C0EC1716DD73D162837173624] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\MountPoints2: {96ca3f26-8ca9-11e4-b945-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-18\...\Run: [script_fcbd] => "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\fcbd.bat"
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-05] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-487131688-350952306-2892131715-1000] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{422F2B88-94F0-4899-B2FF-F8ED0249011A}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{7A278AC3-343B-46A0-A74A-B773CC2DA2F9}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{C9E28180-67C2-44C2-95B5-5764C28A6A22}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{D90F8A78-9D03-4EB6-9AEB-2E9C42862AA5}: [NameServer] 78.46.223.24,162.242.211.137
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c7bc8ad2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c7bc8ad2
HKU\S-1-5-21-487131688-350952306-2892131715-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-487131688-350952306-2892131715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c7bc8ad2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7bc8ad2&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7bc8ad2&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7bc8ad2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-487131688-350952306-2892131715-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7bc8ad2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-487131688-350952306-2892131715-1000 -> {02183E92-7BCE-4D98-A47E-EAC6634E2F48} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-487131688-350952306-2892131715-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7bc8ad2&q={searchTerms}
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-03] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-03] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-03] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
Toolbar: HKU\.DEFAULT -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-487131688-350952306-2892131715-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
 
FireFox:
========
FF DefaultProfile: 73kaf3k6.default
FF ProfilePath: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\73kaf3k6.default [2017-07-19]
FF NetworkProxy: Mozilla\Firefox\Profiles\73kaf3k6.default -> type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-30] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-487131688-350952306-2892131715-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Matthew\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-487131688-350952306-2892131715-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-ee338271909542da\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-487131688-350952306-2892131715-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-ee338271909542da\\NPRobloxProxy64.dll [No File]
FF Plugin HKU\S-1-5-21-487131688-350952306-2892131715-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.youtube.com/feed/subscriptions
CHR StartupUrls: Default -> "hxxps://www.youtube.com/feed/subscriptions"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default [2017-07-22]
CHR Extension: (Google Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (BetterTTV) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-22]
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Steam Inventory Helper) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-06-30]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Sheets) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (The QR Code Generator) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-11-14]
CHR Extension: (Google Docs Offline) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Aero Trans Brushed Metal Theme) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjdfchjlhkgnfjblhclgaliiccalckf [2016-11-17]
CHR Extension: (Video Blocker) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-07-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-21]
CHR Extension: (Google Hangouts) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Mobialia Chess 3D) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfppohnieolpklikdmhbofoabooijm [2016-10-28]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR Extension: (That's Pretty Good (iDubbbzTV)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnidecdngnainebcfbmebgpkmnmljdng [2017-06-29]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-487131688-350952306-2892131715-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-03] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-03] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-06-02] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-07-10] (EasyAntiCheat Ltd)
S4 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S4 GCloud; C:\Program Files (x86)\GIGABYTE\CloudStation\HomeCloud\GCloud.exe [19264 2014-06-18] (Microsoft)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-08-11] (Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-19] (Logitech Inc.)
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S4 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [416432 2017-07-04] ()
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
S4 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-03] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168208 2017-06-15] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148184 2017-06-15] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-17] (Overwolf LTD)
S4 PAExec; C:\Windows\PAExec.exe [189112 2017-06-03] (Power Admin LLC)
S4 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-06-29] (Copyright © 2017 Plays.tv, LLC)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-12-14] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-12-13] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-05-28] ()
S4 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-06-05] (Razer Inc.)
S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
S4 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [337408 2017-06-29] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Matthew\AppData\Local\xnrvl\pqdam\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
S2 Dataup; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 OVPNService; "C:\Users\Matthew\AppData\Local\TotalVPN\OVPN.Service.exe" [X]
S2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [X] <==== ATTENTION
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-03] (AVAST Software)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.5\dbk64.sys [82496 2015-12-24] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 etocdrv; C:\Windows\etocdrv.sys [15584 2013-10-30] (Giga-Byte Technology CO., LTD.)
R2 GhFlt; C:\Windows\system32\drivers\ghflt.sys [16856 2014-12-25] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-07-21] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
S3 ladfGSS; C:\Windows\System32\drivers\ladfGSS.sys [54552 2016-12-19] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyHidFilter; C:\Windows\System32\drivers\LGJoyHidFilter.sys [57368 2016-12-08] (Logitech Inc.)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-05-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
S3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-09-02] (Adoriasoft LLC)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-11-06] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-07-18] (Anchorfree Inc.)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-22 05:56 - 2017-07-22 05:56 - 11584088 _____ (SurfRight B.V.) C:\Users\Matthew\HitmanPro_x64.exe
2017-07-22 05:45 - 2017-07-22 05:45 - 00167034 _____ C:\Users\Matthew\fileassassin-setup-1.06.exe
2017-07-22 05:45 - 2017-07-22 05:45 - 00001055 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2017-07-22 05:45 - 2017-07-22 05:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-07-22 05:45 - 2017-07-22 05:45 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-07-22 01:26 - 2017-07-22 01:26 - 08162248 _____ (Malwarebytes) C:\Users\Matthew\AdwCleaner.exe
2017-07-22 01:25 - 2017-07-22 01:27 - 00092629 _____ C:\Users\Matthew\Addition.txt
2017-07-22 01:23 - 2017-07-22 01:23 - 01151488 _____ (Bleeping Computer, LLC) C:\Users\Matthew\235526375464-7164.exe
2017-07-22 01:22 - 2017-07-22 11:39 - 00025786 _____ C:\Users\Matthew\FRST.txt
2017-07-22 01:22 - 2017-07-22 11:37 - 00000000 ____D C:\FRST
2017-07-22 01:22 - 2017-07-22 01:22 - 02382336 _____ (Farbar) C:\Users\Matthew\FRST64.exe
2017-07-22 01:19 - 2017-07-22 01:19 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Matthew\mbar-1.09.4.1001 (1).exe
2017-07-22 01:18 - 2017-07-22 05:54 - 00000000 ____D C:\Users\Matthew\Desktop\mbar
2017-07-22 01:17 - 2017-07-22 01:17 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Matthew\mbar-1.09.4.1001.exe
2017-07-22 01:10 - 2017-07-22 01:10 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Matthew\mbar-1.09.3.1001.exe
2017-07-22 01:06 - 2017-07-22 01:06 - 01151488 _____ (Bleeping Computer, LLC) C:\Users\Matthew\235526375464.exe
2017-07-22 01:05 - 2017-07-22 01:05 - 02107392 _____ (Bleeping Computer, LLC) C:\Users\Matthew\2355263754.exe
2017-07-22 01:01 - 2017-07-22 01:01 - 01525384 _____ C:\Users\Matthew\sarsfx.exe
2017-07-22 00:59 - 2017-07-22 00:59 - 05766464 _____ (Zemana Ltd. ) C:\Users\Matthew\chromE.exe
2017-07-22 00:39 - 2017-07-22 05:31 - 00843910 _____ C:\Windows\ntbtlog.txt
2017-07-22 00:36 - 2017-07-22 00:36 - 05766464 _____ (Zemana Ltd. ) C:\Users\Matthew\Desktop\eXplorer.exe
2017-07-22 00:32 - 2017-07-22 01:24 - 00002268 _____ C:\Users\Matthew\Desktop\Rkill.txt
2017-07-22 00:32 - 2017-07-22 01:06 - 00000000 ____D C:\Users\Matthew\Desktop\rkill
2017-07-22 00:31 - 2017-07-22 00:32 - 02107392 _____ (Bleeping Computer, LLC) C:\Users\Matthew\a2590890852.exe
2017-07-21 23:40 - 2017-07-21 23:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Matthew\requestedresource.exe
2017-07-21 23:38 - 2017-07-22 05:45 - 00003020 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-07-21 18:29 - 2017-07-21 18:31 - 331845632 _____ C:\Users\Matthew\kav_rescue_10.iso
2017-07-20 04:30 - 2017-07-20 04:30 - 00111535 _____ C:\Users\Matthew\SuperF4-1.3.exe
2017-07-19 19:44 - 2017-07-19 19:44 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow\Prideful Sloth
2017-07-19 19:34 - 2017-07-19 19:34 - 00018833 _____ C:\Users\Matthew\[katcr.co]rld-yothclca.torrent
2017-07-19 18:05 - 2017-07-19 18:05 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-19 17:06 - 2017-07-19 17:07 - 00000000 ____D C:\Program Files\ntuserbleepyourself
2017-07-19 17:01 - 2017-07-19 17:01 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\c
2017-07-19 17:01 - 2017-07-19 17:01 - 00000000 ____D C:\Users\Matthew\AppData\Local\xnrvl
2017-07-19 17:01 - 2017-07-19 17:01 - 00000000 ____D C:\Users\Matthew\AppData\Local\rgoxbj
2017-07-19 16:55 - 2017-07-19 16:55 - 00003072 _____ C:\Users\Matthew\AppData\Local\uninstallce.exe
2017-07-19 16:23 - 2017-07-19 16:23 - 00000000 ___HD C:\$AV_ASW
2017-07-17 13:30 - 2017-07-17 13:30 - 00863744 _____ (Farbar) C:\Windows\mod_frst.exe
2017-07-10 14:58 - 2017-07-10 14:58 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-07-10 14:58 - 2017-07-10 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-10 14:57 - 2017-07-10 14:58 - 00000000 ____D C:\Program Files\iTunes
2017-07-10 14:57 - 2017-07-10 14:57 - 00000000 ____D C:\Program Files\iPod
2017-07-10 14:55 - 2017-07-10 14:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-07-10 14:55 - 2017-07-10 14:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-07-07 16:41 - 2017-07-07 16:41 - 00000000 ____D C:\Users\Matthew\Documents\WB Games
2017-07-06 18:31 - 2017-07-06 18:33 - 52565526 _____ C:\Users\Matthew\Documents\Little Einsteins.mp4
2017-07-06 18:11 - 2017-07-06 18:11 - 00001913 _____ C:\Users\Public\Desktop\NordVPN.lnk
2017-07-06 18:11 - 2017-07-06 18:11 - 00000000 ____D C:\Program Files (x86)\NordVPN
2017-07-06 18:10 - 2017-07-06 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-07-06 18:10 - 2017-07-06 18:10 - 00003340 _____ C:\Windows\System32\Tasks\NordVPN
2017-07-06 15:39 - 2017-07-06 15:40 - 00000000 ____D C:\Program Files\Virtual Audio Cable
2017-07-06 15:39 - 2017-07-06 15:39 - 00113696 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2017-07-06 15:39 - 2017-07-06 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2017-07-06 12:33 - 2017-07-06 12:34 - 00000000 ____D C:\Users\Matthew\Desktop\Stream
2017-07-06 12:17 - 2017-07-06 12:17 - 00000000 ____D C:\Users\Matthew\Downloads\OBS Music Bar
2017-07-06 02:37 - 2017-07-06 02:37 - 00727328 _____ C:\Users\Matthew\Documents\Untitled.wav
2017-07-06 02:03 - 2017-07-12 22:54 - 00000000 ____D C:\Users\Matthew\.chatty
2017-07-05 22:00 - 2017-07-05 22:00 - 00000000 ____D C:\Users\Matthew\Documents\Nightbot
2017-07-05 21:59 - 2017-07-05 22:25 - 00000000 ____D C:\Program Files (x86)\Nightbot
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\Users\Matthew\AppData\Local\Nightbot
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightbot
2017-07-05 14:35 - 2017-07-05 14:35 - 00000000 ____D C:\Users\Matthew\Desktop\SMG
2017-07-05 10:42 - 2017-07-05 10:42 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow\Stardog Games
2017-07-04 03:09 - 2017-07-04 03:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\.technic
2017-07-03 18:54 - 2017-07-03 18:54 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-02 18:37 - 2017-07-02 18:37 - 00000000 ____D C:\Users\Matthew\Documents\AutomaticSolution Software
2017-07-01 13:14 - 2017-07-01 13:14 - 00000000 ____D C:\Users\Matthew\ansel
2017-06-30 09:03 - 2017-06-30 09:03 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow\Temp
2017-06-30 08:36 - 2017-06-30 08:36 - 00000000 ____D C:\Users\Matthew\AppData\Local\IdleMaster
2017-06-29 21:20 - 2017-06-29 21:20 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow\Nickervision Studios
2017-06-29 10:37 - 2017-06-29 10:37 - 00000000 ____D C:\Users\Matthew\Documents\Telltale Games
2017-06-29 00:07 - 2017-06-29 00:09 - 103054667 _____ C:\Users\Matthew\Documents\Preview.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-22 11:35 - 2015-04-30 20:08 - 00000398 __RSH C:\ProgramData\ntuser.pol
2017-07-22 11:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-22 06:19 - 2009-07-14 00:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-22 06:19 - 2009-07-14 00:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-22 06:13 - 2014-12-30 02:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-07-22 05:56 - 2014-12-25 20:01 - 00000000 ____D C:\Users\Matthew
2017-07-22 05:53 - 2014-12-30 02:59 - 00000000 ____D C:\Users\Matthew\AppData\Local\Adobe
2017-07-22 01:30 - 2014-12-26 20:01 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\TS3Client
2017-07-22 01:04 - 2017-06-03 12:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-22 00:57 - 2017-05-27 22:56 - 00000167 _____ C:\Users\Matthew\BullseyeCoverageError.txt
2017-07-22 00:57 - 2016-06-29 06:55 - 00000000 ____D C:\Users\Matthew\AppData\Local\LogMeIn Hamachi
2017-07-22 00:57 - 2016-01-07 17:38 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Spotify
2017-07-22 00:57 - 2014-12-26 20:01 - 00000000 ____D C:\Users\Matthew\AppData\Local\Overwolf
2017-07-22 00:55 - 2017-06-18 01:25 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\PlaysTV
2017-07-22 00:55 - 2014-12-30 02:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-22 00:52 - 2014-12-25 21:23 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2017-07-22 00:51 - 2015-03-14 03:51 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-22 00:51 - 2014-12-25 21:42 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-07-22 00:25 - 2016-10-06 16:32 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-07-21 23:37 - 2014-12-25 21:23 - 00030528 _____ C:\Windows\GVTDrv64.sys
2017-07-21 23:37 - 2014-12-25 21:23 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2017-07-21 23:32 - 2014-12-25 22:11 - 00000000 __SHD C:\Users\Matthew\IntelGraphicsProfiles
2017-07-21 23:21 - 2017-06-18 01:28 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Raptr
2017-07-21 23:21 - 2017-05-26 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-07-21 23:21 - 2017-05-26 15:12 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2017-07-21 23:21 - 2016-10-08 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-21 23:21 - 2016-07-30 15:56 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2017-07-21 23:21 - 2016-07-30 15:56 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2017-07-21 23:21 - 2015-12-03 10:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-07-21 23:21 - 2015-10-31 20:34 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-07-21 23:21 - 2015-10-31 20:34 - 00000000 ____D C:\Users\Matthew\AppData\Local\Discord
2017-07-21 23:21 - 2015-08-09 03:35 - 00000000 ___SD C:\Windows\system32\GWX
2017-07-21 23:21 - 2015-01-07 20:40 - 00000000 ____D C:\Users\Matthew\Documents\my games
2017-07-21 23:21 - 2014-12-26 01:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-21 23:21 - 2009-07-14 03:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-07-21 23:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-07-21 23:20 - 2015-10-31 20:34 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\discord
2017-07-21 23:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-07-21 19:25 - 2016-01-07 17:38 - 00000000 ____D C:\Users\Matthew\AppData\Local\Spotify
2017-07-21 17:09 - 2017-05-26 15:12 - 00000153 _____ C:\Users\Default\BullseyeCoverageError.txt
2017-07-20 19:50 - 2015-10-31 20:34 - 00000000 ____D C:\Users\Matthew\AppData\Local\SquirrelTemp
2017-07-20 06:08 - 2017-03-09 19:24 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-20 00:16 - 2014-12-26 20:01 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-07-19 18:23 - 2015-05-30 16:34 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Skype
2017-07-19 17:16 - 2015-10-17 12:29 - 00000000 ____D C:\Users\Matthew\AppData\Local\Ubisoft Game Launcher
2017-07-19 16:57 - 2014-12-25 21:27 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-19 16:23 - 2017-06-14 23:18 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2017-07-19 16:23 - 2014-02-28 18:28 - 00000000 ____D C:\Games
2017-07-18 18:55 - 2016-10-08 12:29 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-16 14:39 - 2016-05-29 05:52 - 00000000 ____D C:\Users\Matthew\AppData\Local\Frontier_Developments
2017-07-14 02:30 - 2015-04-11 17:14 - 00000000 ____D C:\Users\Matthew\AppData\Local\Arma 3 Launcher
2017-07-14 01:18 - 2015-03-27 22:10 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\foobar2000
2017-07-14 01:04 - 2014-12-26 03:16 - 00000000 ____D C:\Users\Matthew\AppData\Local\Arma 3
2017-07-14 01:02 - 2015-10-06 16:19 - 00000000 ____D C:\Users\Matthew\Documents\Arma 3 - Other Profiles
2017-07-13 13:35 - 2015-12-25 16:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-13 01:19 - 2015-02-13 23:49 - 00280856 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-07-13 01:19 - 2015-02-07 01:20 - 00280856 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-07-12 22:54 - 2016-11-12 14:34 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\obs-studio
2017-07-11 13:08 - 2015-12-20 19:57 - 00000000 ____D C:\Users\Matthew\AppData\Local\CrashDumps
2017-07-10 17:23 - 2017-06-15 21:40 - 00382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-07-10 14:57 - 2015-06-19 02:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-07-10 14:55 - 2015-06-19 02:17 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-07-09 11:41 - 2015-02-07 00:58 - 00000000 ____D C:\ProgramData\Origin
2017-07-07 11:11 - 2016-10-08 12:31 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1475944270
2017-07-07 11:05 - 2009-07-14 00:45 - 00286208 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-06 18:12 - 2017-04-23 14:06 - 00000000 ____D C:\ProgramData\NordVpn
2017-07-06 18:11 - 2017-04-23 14:06 - 00000000 ____D C:\Users\Matthew\AppData\Local\NordVPN
2017-07-06 18:07 - 2017-04-19 21:41 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\NordVPN
2017-07-06 12:41 - 2014-12-25 20:39 - 00062320 _____ C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-06 12:13 - 2015-01-16 20:03 - 00000000 ___RD C:\Users\Matthew\Creative Cloud Files
2017-07-06 03:09 - 2015-04-12 00:08 - 00000000 ____D C:\Users\Matthew\AppData\Local\Battle.net
2017-07-06 03:04 - 2015-04-12 00:08 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-07-06 02:00 - 2016-06-13 23:58 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-07-05 14:50 - 2016-01-07 17:38 - 00001777 _____ C:\Users\Matthew\Desktop\Spotify.lnk
2017-07-05 14:50 - 2016-01-07 17:38 - 00001763 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-07-05 14:13 - 2016-11-12 14:34 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-07-03 18:55 - 2016-10-08 12:29 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-03 18:54 - 2016-10-08 12:29 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-03 18:54 - 2016-10-08 12:29 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149912250717306
2017-07-03 18:54 - 2016-10-08 12:29 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-03 18:54 - 2016-10-08 12:29 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-03 18:54 - 2016-10-08 12:29 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-03 18:54 - 2016-10-08 12:29 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-03 18:53 - 2017-03-09 19:24 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-03 18:53 - 2017-03-09 19:24 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-03 18:53 - 2017-03-09 19:24 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-03 18:53 - 2017-03-09 19:24 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-03 18:53 - 2016-10-08 12:30 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-03 18:53 - 2016-10-08 12:29 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-02 02:40 - 2015-02-07 00:58 - 00000000 ____D C:\Program Files (x86)\Origin
2017-07-01 06:57 - 2016-05-15 14:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-06-30 13:06 - 2017-06-16 20:15 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-06-30 12:42 - 2016-05-28 22:08 - 00000000 ____D C:\Users\Matthew\.junique
2017-06-30 11:24 - 2014-12-26 16:31 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 04:52 - 2016-12-13 22:30 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2017-06-29 02:35 - 2016-06-27 03:55 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-06-29 02:18 - 2016-02-12 16:54 - 00000000 ____D C:\Users\Matthew\AppData\Local\ManyCam
2017-06-28 19:48 - 2014-12-25 21:28 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 16:28 - 2015-07-08 03:26 - 00003410 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-06-27 16:28 - 2015-01-01 20:26 - 00003284 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-06-27 16:28 - 2015-01-01 20:26 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-06-26 08:12 - 2015-02-26 03:58 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow\Noble Empire
2017-06-26 07:55 - 2015-03-07 00:54 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\vlc
2017-06-25 00:39 - 2015-12-22 13:43 - 00000000 ____D C:\Program Files (x86)\WS.ARMA.SU
 
==================== Files in the root of some directories =======
 
2017-02-13 21:46 - 2016-11-18 21:59 - 0004573 _____ () C:\Program Files\change.log
2017-02-13 21:46 - 2016-11-18 21:58 - 0463872 _____ (Orbmu2k) C:\Program Files\nvidiaInspector.exe
2017-02-13 21:46 - 2014-10-06 17:45 - 0000192 _____ () C:\Program Files\nvidiaInspector.exe.config
2017-02-13 21:46 - 2016-09-23 21:05 - 0424448 _____ () C:\Program Files\nvidiaProfileInspector.exe
2015-06-27 05:43 - 2015-06-28 04:25 - 0000304 _____ () C:\Users\Matthew\AppData\Roaming\BreakingPoint_Login.ini
2015-06-27 05:44 - 2015-06-28 04:27 - 0001380 _____ () C:\Users\Matthew\AppData\Roaming\BreakingPoint_Options.ini
2015-01-08 17:20 - 2015-01-08 17:20 - 0003584 _____ () C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Matthew\AppData\Local\report
2015-06-22 01:49 - 2017-06-01 23:46 - 0007597 _____ () C:\Users\Matthew\AppData\Local\Resmon.ResmonCfg
2017-07-19 16:55 - 2017-07-19 16:55 - 0003072 _____ () C:\Users\Matthew\AppData\Local\uninstallce.exe
2014-12-25 20:19 - 2014-12-25 20:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-17 19:55 - 2017-02-12 17:52 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-17 19:55 - 2017-02-12 15:27 - 0003771 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Files to move or delete:
====================
C:\Users\Matthew\2355263754.exe
C:\Users\Matthew\235526375464-7164.exe
C:\Users\Matthew\235526375464.exe
C:\Users\Matthew\a2590890852.exe
C:\Users\Matthew\AdwCleaner.exe
C:\Users\Matthew\chromE.exe
C:\Users\Matthew\fileassassin-setup-1.06.exe
C:\Users\Matthew\FRST64.exe
C:\Users\Matthew\HitmanPro_x64.exe
C:\Users\Matthew\mbar-1.09.3.1001.exe
C:\Users\Matthew\mbar-1.09.4.1001 (1).exe
C:\Users\Matthew\mbar-1.09.4.1001.exe
C:\Users\Matthew\requestedresource.exe
C:\Users\Matthew\sarsfx.exe
C:\Users\Matthew\SuperF4-1.3.exe
 
 
Some files in TEMP:
====================
2017-07-06 15:38 - 2017-07-06 15:38 - 0096680 _____ (Eugene V. Muzychenko) C:\Users\Matthew\AppData\Local\Temp\b03aa645-9d9d-4ffa-9283-406f9aaeea53.EXE
2017-05-27 22:56 - 2017-05-27 22:56 - 0008720 _____ () C:\Users\Matthew\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-06-14 23:18 - 2004-02-05 19:36 - 0040960 _____ () C:\Users\Matthew\AppData\Local\Temp\comver.dll
2017-07-19 16:55 - 2017-07-19 16:55 - 1762741 _____ () C:\Users\Matthew\AppData\Local\Temp\FullVersion.exe
2017-06-03 23:17 - 2016-08-23 14:49 - 0037376 _____ (Microsoft) C:\Users\Matthew\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2017-06-03 23:17 - 2016-08-23 13:01 - 0020992 _____ (Microsoft) C:\Users\Matthew\AppData\Local\Temp\HiRezLauncherControls.dll
2016-07-19 01:08 - 2016-07-19 01:08 - 0467064 _____ (AnchorFree Inc.) C:\Users\Matthew\AppData\Local\Temp\HssInstaller.exe
2017-07-04 03:21 - 2017-07-04 03:21 - 0017408 _____ () C:\Users\Matthew\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll
2017-07-06 02:03 - 2017-07-12 22:52 - 0000000 _____ () C:\Users\Matthew\AppData\Local\Temp\JIntellitype.dll
2017-04-19 05:22 - 2017-04-19 05:22 - 0739904 _____ (Oracle Corporation) C:\Users\Matthew\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-09-10 19:32 - 2016-12-12 19:36 - 0253376 _____ (NVIDIA Corporation) C:\Users\Matthew\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-09-10 19:32 - 2016-12-12 19:36 - 0334272 _____ (NVIDIA Corporation) C:\Users\Matthew\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-07-19 11:10 - 2017-07-19 11:10 - 0142408 _____ () C:\Users\Matthew\AppData\Local\Temp\NYg1cg5S-upd.exe
2017-06-09 17:47 - 2017-06-09 17:47 - 7094520 _____ () C:\Users\Matthew\AppData\Local\Temp\paint.net.4.0.16.install.exe
2017-06-18 01:24 - 2017-06-18 01:25 - 116505848 _____ () C:\Users\Matthew\AppData\Local\Temp\playstv_patch.exe
2017-03-01 22:04 - 2017-03-01 22:04 - 56756184 _____ (Skype Technologies S.A.) C:\Users\Matthew\AppData\Local\Temp\SkypeSetup.exe
2017-03-15 14:24 - 2017-03-15 14:24 - 14456872 _____ (Microsoft Corporation) C:\Users\Matthew\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 02:59
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Matthew (22-07-2017 11:39:53)
Running from C:\Users\Matthew
Windows 7 Professional Service Pack 1 (X64) (2014-12-26 00:01:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-487131688-350952306-2892131715-500 - Administrator - Disabled)
Guest (S-1-5-21-487131688-350952306-2892131715-501 - Limited - Disabled)
Matthew (S-1-5-21-487131688-350952306-2892131715-1000 - Administrator - Enabled) => C:\Users\Matthew
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS B14.0603.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B14.0603.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
A3Launcher version 0.1.4.6 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.4.6 - Maca134)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.31.4 - Mirillis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\{FE2D627E-D7E0-46EA-93A6-8583420285FA}) (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0417 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0417 - Gigabyte)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Arma 3 Tools (HKLM\...\Steam App 233800) (Version:  - Bohemia Interactive)
ArmA3Sync 1.5.80 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.80 - The [S.o.E] team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.14.0226.1 -  GIGABYTE)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.40.836.0 - Logitech) Hidden
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Cloud Station (HKLM-x32\...\{41B20CB6-32EE-468B-982C-4864E2135BD0}) (Version: 1.00.1406.2401 - GIGABYTE) Hidden
Cloud Station (HKLM-x32\...\InstallShield_{41B20CB6-32EE-468B-982C-4864E2135BD0}) (Version: 1.00.1406.2401 - GIGABYTE)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DarthMod Napoleon (HKLM-x32\...\DarthMod Napoleon) (Version:  - )
Day of Defeat: Source (HKLM\...\Steam App 300) (Version:  - Valve)
Dino D-Day (HKLM\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Discord (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
DragonBoost (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\119) (Version:  - ) <==== ATTENTION
Dropbox (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dungeon Keeper (HKLM-x32\...\{B9E79070-56B6-4980-A7E9-C28D6480D050}) (Version: 1.0.0.1 - Electronic Arts)
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
Elite Dangerous (HKLM\...\Steam App 359320) (Version:  - Frontier Developments)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Epic Games Launcher (HKLM-x32\...\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}) (Version: 1.1.78.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Europa Universalis IV (HKLM\...\Steam App 236850) (Version:  - Paradox Development Studio)
EVGA PrecisionX 16 (HKLM\...\Steam App 268850) (Version:  - EVGA)
EZSetup B14.0528.1 (HKLM-x32\...\{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE) Hidden
EZSetup B14.0528.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
FaceRig (HKLM-x32\...\Steam App 274920) (Version:  - Holotech Studios)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
FarSky (HKLM-x32\...\Steam App 286340) (Version:  - Farsky Interactive)
Fast Boot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
ForHonor (HKLM-x32\...\Uplay Install 569) (Version:  - Ubisoft)
FORTIFY (HKLM\...\Steam App 505040) (Version:  - RTK Entertainment)
GameCtrl B14.0528.1 (HKLM-x32\...\{6BBE6CF2-84B2-4ECA-9ECA-C56925C1CCE2}) (Version: 1.00.0000 - GIGABYTE) Hidden
GameCtrl B14.0528.1 (HKLM-x32\...\InstallShield_{6BBE6CF2-84B2-4ECA-9ECA-C56925C1CCE2}) (Version: 1.00.0000 - GIGABYTE)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive®)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version:  - Paradox Development Studios)
Hearts of Iron IV Together for Victory (HKLM-x32\...\Hearts of Iron IV Together for Victory_is1) (Version:  - )
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.2.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
InstallShieldHiRezCurrent (HKLM-x32\...\{9433FC1C-7405-433C-A26D-81076293BBCE}) (Version: 3.0.0.0 - Hi-Rez Studios)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Insurgency: Modern Infantry Combat (HKLM\...\Steam App 17700) (Version:  - Insurgency Development Team)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.9.108.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.2 (HKLM-x32\...\{3EE9923D-3045-46AB-9CAA-E375993AEB4A}) (Version: 2.2.0.1 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kodi (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\Kodi) (Version:  - XBMC-Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.90 (HKLM\...\Logitech Gaming Software) (Version: 8.90.117 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\{E59194A0-A215-4C44-8B92-40780387EBE0}) (Version: 2.2.0.578 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.578 - LogMeIn, Inc.)
LonelyScreen 1.2 (HKLM-x32\...\LonelyScreen AirPlay Receiver_is1) (Version: 1.2 - IMTIGER Technologies Inc.)
LonelyScreen 1.2.15 (HKLM-x32\...\LonelyScreen_is1) (Version: 1.2.15 - IMTIGER Technologies Inc.)
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MorphVOX Pro - Voice Changer (HKLM\...\Steam App 269470) (Version:  - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{be1439f4-6c0a-4963-82c8-36f123182357}) (Version: 4.4.26.28472 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{EAB12CE6-EB07-496A-9D59-F3D087071FB8}) (Version: 4.4.26.28472 - Screaming Bee) Hidden
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Napoleon: Total War (HKLM\...\Steam App 34030) (Version:  - The Creative Assembly)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Nightbot (HKLM-x32\...\{c59fdb2c-3f60-4455-b0a8-c45b5aee5447}_is1) (Version: 0.0.5 - NightDev, LLC)
NordVPN (HKLM-x32\...\{5B46769B-8218-43A8-9113-BC4FB72E48D9}) (Version: 6.4.8 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.4.8) (Version: 6.4.8 - NordVPN)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Omegalodon (HKLM-x32\...\Steam App 248350) (Version:  - North of Earth)
ON_OFF Charge 2 B14.0217.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B14.0217.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Orbt XL (HKLM\...\Steam App 615610) (Version:  - Nickervision Studios)
Origin (HKLM-x32\...\Origin) (Version: 10.4.13.6637 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.105.324.0 - Overwolf Ltd.)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PBO Manager v.1.4 beta (HKLM-x32\...\{0E3A79BF-E860-4371-8ABC-7AAEDD68DA0A}) (Version: 1.4.0 -  )
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PlanetSide 2 (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.25.1-r123776-release - Plays.tv, LLC)
Poker Night 2 (HKLM\...\Steam App 234710) (Version:  - Telltale Games)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.5.31.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla Steam Edition (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Rising Storm 2: Vietnam (HKLM\...\Steam App 418460) (Version:  - Antimatter Games)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version:  - Artifice Studio)
Shadow Tactics - Blades of the Shogun 1.0.8 (HKLM-x32\...\{BB762706-65FA-44C1-B2BB-EF29CA88D7CE}_is1) (Version: 1.0.8 - Daedalic Entertainment GmbH)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Sid Meiers Civilization VI (HKLM-x32\...\Sid Meiers Civilization VI_is1) (Version:  - )
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Smart Recovery 2 B14.0521.1  (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0001 - GIGABYTE)
Smart TimeLock B14.0521.1 (HKLM-x32\...\{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE) Hidden
Smart TimeLock B14.0521.1 (HKLM-x32\...\InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.11.4146.1 - Hi-Rez Studios)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Spotify (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Customizer (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\Steam Customizer) (Version: 1.00.00.00 - Blumont)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
SWAT 4 (HKLM-x32\...\{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Sierra Entertainment, Inc.) Hidden
SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Sierra Entertainment, Inc.)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TexView 2 Uninstall (HKLM-x32\...\TexView 2) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stomping Land (HKLM-x32\...\Steam App 263440) (Version:  - SuperCrit)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Town of Salem (HKLM\...\Steam App 334230) (Version:  - BlankMediaGames)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
Unity Web Player (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Virtual Audio Cable 4.15 (HKLM\...\Virtual Audio Cable 4.15) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version:  - Kristjan Skutta)
WinDirStat 1.1.2 (HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd)
WS Launcher (HKLM-x32\...\{B6496B72-C011-47EA-B68C-F9CD3A0025DA}) (Version: 30.0.4.3 - WS.ARMA.SU) Hidden
WS Launcher (HKLM-x32\...\WS Launcher 30.0.4.3) (Version: 30.0.4.3 - WS.ARMA.SU)
Yareel version 1.0.2 (HKLM-x32\...\{7D3D9C01-C6C7-4993-8CE8-FB01F4A1178F}_is1) (Version: 1.0.2 - Yareel Entertainment Ltd)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-487131688-350952306-2892131715-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-03] (AVAST Software)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers03: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} =>  -> No File
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-07-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-11] (Intel Corporation)
ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-11] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1_S-1-5-21-487131688-350952306-2892131715-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-487131688-350952306-2892131715-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-487131688-350952306-2892131715-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05B6449E-F438-4815-851B-8C51511F5648} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {23C4A967-C687-4346-8C6D-D5B796D53679} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {2DF67A25-206C-415F-92B9-1C163C95004E} - System32\Tasks\AdobeAAMUpdater-1.0-NERDS-Matthew => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {33516783-AB02-4426-9641-92AB1D96C4A5} - System32\Tasks\{73175BF1-00CF-4FA0-B198-C62EB14172E4} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {3C4FD21D-A6AD-4C16-A313-0D5878BDEB8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {3C76981F-E4E1-4D16-8EDD-0941E8922946} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-03] (AVAST Software)
Task: {3D2EB8E7-0876-4A71-AA48-524112D423A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-07] (Adobe Systems Incorporated)
Task: {622BACA0-B0A1-424D-B469-01C76696BFAD} - System32\Tasks\{A0861678-FEE3-4172-BA5A-BE82C1F077FD} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.10.0.104&LastError=404
Task: {64033DD1-2B0E-47FD-99AC-68AD822AC82E} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-17] (Overwolf LTD)
Task: {66FB15E9-6E7C-4250-80A0-34AE3148D01F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {7431D7FA-0D5B-4EC6-8DE5-09BE3C5140A5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {7A8DE188-3E9F-4F3E-A111-CF43148299B6} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {8517F039-168D-40D7-AB1D-8ABBC071A4C7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {899DCBD4-674E-4471-98E5-FFF50DEF9542} - System32\Tasks\{61A0F615-5371-41FC-9FA9-2388C51633AC} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.8.80.102/en/abandoninstall?page=tsProgressBar
Task: {8DE711F4-27C7-4F9A-9B7F-69E66CC6E640} - System32\Tasks\{D7B80C5B-94FF-4CEC-9336-8DCDAEDCEA00} => C:\Windows\system32\pcalua.exe -a C:\Users\Matthew\Downloads\lgs510.exe -d C:\Users\Matthew\Downloads
Task: {9731CB7B-D4E0-4AAE-A563-8A76D36AA56B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {97CEED38-1EDA-4E69-9FA7-525F9830CCAB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {9800769D-5F0E-4ABF-8BFE-EA6927CB0D28} - System32\Tasks\NordVPN => C:\Program Files (x86)\NordVPN\NordVPN.exe [2017-07-04] (NordVPN)
Task: {9BF4ACD6-EC3E-48EB-BB82-91DE387738B9} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {A1A5FBB4-431F-428A-BA52-E63DDB150AA6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {A3137C00-695E-4A01-8780-E109C21C2313} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {A6688D09-EB0D-4D59-A6EA-E9CD60F85075} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {AB379E2E-0CF4-44E5-B10A-C1AA03AA6782} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {BACD01CD-C3C3-4018-929F-DD13F31DA8AD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {BFD88F62-9CC8-4452-9894-2EFFAC0169D7} - System32\Tasks\SafeZone scheduled Autoupdate 1475944270 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {C010B908-83AC-4BFF-86A7-FA1657522411} - System32\Tasks\NordVPN Client auto-start => C:\Program Files\NordVPN\NordVPN Client.exe [2017-04-19] (NordVPN)
Task: {C09E62F2-833E-4BA3-A41B-6A1831982C40} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {C4827E78-9682-4244-90DF-B435068FD894} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {C56213E6-695F-4A56-99D2-5A270A7197BE} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {F3647230-6854-4F54-B10D-19B0D7CBAFAA} - System32\Tasks\Shutdown => shutdown [Argument = –s –f –t 0]
Task: {F9D8B91D-BEE5-4BA7-ABB2-32F19B0218CF} - System32\Tasks\{1C0A7318-9D9B-4A35-8854-4EC91FB51878} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
Task: {F9DB0127-C2D3-4428-AC9E-160593E2FFE2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-10-06] (Adobe Systems Incorporated)
Task: {FEDA37EF-99C2-4C58-AC8F-CD3264FDAB0F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk -> hxxp://openiv.com
 
ShortcutWithArgument: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Matthew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-24 06:03 - 2016-10-24 06:03 - 00589512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
2017-06-28 19:48 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 19:48 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-05-30 21:52 - 2017-05-30 21:52 - 00689664 ____N () C:\Users\Matthew\AppData\Local\xnrvl\pqdam\ct.exe
2016-10-10 12:46 - 2016-10-10 12:46 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00228864 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 00526848 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2017-07-17 13:30 - 2017-07-17 13:30 - 00863744 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Matthew:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-487131688-350952306-2892131715-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-487131688-350952306-2892131715-1000\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-05-07 23:43 - 00001027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-487131688-350952306-2892131715-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.46.223.24 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: Dataup => 
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gadjservice => 2
MSCONFIG\Services: GCloud => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LogiRegistryService => 2
MSCONFIG\Services: ManyCam Service => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSCamSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlaysService => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RemoteMouseService => 2
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Smart TimeLock => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: upnphost => 2
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: Wallpaper Engine Service => 2
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: windowsmanagementservice => 
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: Gaijin.Net Agent => "C:\Users\Matthew\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1DCACA8C0EC1716DD73D162837173624 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LonelyScreen => C:\Program Files (x86)\LonelyScreen\lonelyscreen.exe /start_context sys_auto
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => C:\Users\Matthew\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Matthew\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: World of Warships => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{D75DFBEF-740D-46ED-8C28-4B76064B9E32}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{75C919CE-DF34-4831-902D-23B89C8DAE57}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{6357C7E0-8CFC-40B9-A9C7-7E366AF4A7EF}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{C48B7D1D-191A-4FD6-A43C-72B885167F62}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [TCP Query User{5FDF4E63-C2FE-4E2D-AD88-1D6F969E8CD1}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{C1087115-B77C-47CF-81E8-DCA1442F1923}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{B903AFD7-DC86-4F1D-8E9C-F18A455EEDAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{06D1E7B5-C516-4DB9-B0A6-768518763CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{FBB735BC-FCAC-47C7-B9AD-75FD37C0C3DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1D9B86AC-3394-4B71-AD3A-816B3A60D0AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{384CDA6E-7E1D-4F8C-8830-AF97FDDAF960}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{7EFEE9A8-8806-4941-883C-597720548A12}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{B65C1A73-F151-499E-99AF-627CEE24BC4A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7796A330-FB55-4018-9A3A-0FEAA9C26C6E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{52BECA0D-2EE6-4825-9277-1C6C4C270707}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe
FirewallRules: [UDP Query User{45A63177-0B18-436A-90E8-157F1DE1BB6F}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe
FirewallRules: [{9197C330-BE9D-4749-B036-2A11F90F5B4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{E3F906BC-66C8-4813-AFF4-9D97528641AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{6D6B6574-D7C9-4A62-B973-C9E6813CC929}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{E02EA97B-2FEA-4F8F-A69F-0549A1500AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{94F1159E-5AD4-4A58-9430-D3277C4E7872}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EBC123B3-5A55-4E16-84B7-BD10B72C8928}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C98139C7-DEEA-43F5-96C3-F3A108AC3F5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{488648D8-D5BE-4415-8364-DA0815BCAFC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EFA36761-9434-42BB-91F8-11803B707562}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{23EA5275-E8BA-4980-B2CE-0E3C5DDBA76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{8062D328-B5CB-444F-AC35-8FE1764075F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{79EA4D2F-5ADA-4CC5-9B13-7B3D70738768}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{B9F580B3-954E-43DA-B2B0-2700AFE58494}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [TCP Query User{7E925A91-98BC-4E52-BFB8-CEB30571F0A3}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{1D5B92F1-227F-4492-AE40-32B510F98880}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{C001FA5F-8AD1-4B1B-8684-20F73542B55F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{7D45583F-6179-45DA-B715-F557FC926D9F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{224CD030-8A58-4A3C-82A4-08EEFD50D1FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3447EAED-7B9C-4733-87C7-74224B8FEF47}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8AF68195-BDF0-47DF-9BEE-9BA666F147BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{EBA7C842-6FE7-407E-B6BB-09816008C929}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [TCP Query User{34F78208-DCBA-48F4-BA09-9F4807079834}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{224E2C64-ABC5-4B2D-965E-DC1949B9E2BE}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{28DE953C-9BB2-4C47-AC3A-4FC2ECCA1B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{D6F0B484-4509-4064-9EBF-112CDDC30B56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [TCP Query User{314E568E-9E8B-4BEF-BAAA-CB4CE2BB7D18}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{FEC0C2B7-6B68-41B4-BA2D-DE748F9271B6}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{B23C9224-550F-4BE2-9FFE-4C62599190A4}C:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [UDP Query User{A063B8F4-2E9C-4F27-8728-BF53CC058564}C:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{F683CF72-7133-4B04-BA03-1C892ED72E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{E07580F2-C4EB-4D9B-BA92-7A01D3BC37FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{E66F5D4D-D9B4-434F-92AB-B3D35F6A0E70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{76A14A99-C697-4130-A242-0B4D9ACFBE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{05AA857A-1795-428D-A26B-3B52CE8AB6C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Arma3Tools.exe
FirewallRules: [{03C8B397-2E9D-4B8D-AEAC-51D598CE83A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Arma3Tools.exe
FirewallRules: [{C2B86435-C4CD-4381-BE8C-F8DC81CE1FAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\starter.exe
FirewallRules: [{9705AC6E-14BA-4FF5-A92A-58251EFDB81E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\starter.exe
FirewallRules: [{6169D4BA-6DDB-47B2-8C03-E578B316C440}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\AddonBuilder\AddonBuilder.exe
FirewallRules: [{D203315B-3963-4C1C-8F2A-712658308C64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\AddonBuilder\AddonBuilder.exe
FirewallRules: [{CD799C00-F09D-4880-A149-E40BA682BC87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Publisher\Publisher.exe
FirewallRules: [{DD9B375A-6EF6-47A1-9729-114F78E60E51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Publisher\Publisher.exe
FirewallRules: [{F9DDF73E-3844-4220-8D71-C20730D1B864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{42BA8C00-D534-4C2C-A764-AC6395BF2193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{1659659B-E182-4C60-85E6-4B4A216D1A5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{2ADB2899-1BDF-4B1C-BCC8-3E8F129B3F42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{93D9BAF9-3531-4BCB-801E-FF0E8DB968B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{11D2D4E5-4635-4309-8928-9CA16B830E58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{6FE259ED-1914-47F9-A582-EA8E56F83C7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{07A32D76-FCBB-4632-86A6-A984CA85A141}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{722E11A3-2837-48F7-BCAD-586966388B5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{15EA014E-DCE6-4712-8604-38BF51B6228C}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{F29CCE01-F104-468B-94C3-C64F91433D80}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{82B62323-15F9-4D84-B1B7-028696BD7910}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{893CE581-94E3-44FF-B20A-82A7115E29CA}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{50463D18-C23B-4412-861B-791F030F52B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{9EE2E02D-5A27-4468-8822-4EB263AE5187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{F8B2D79B-4352-4FAB-AD0A-BD96059754EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{CD5B2C42-B5E6-4EDD-AD2B-64E86059A1B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{9C1C10B6-2AF4-4C8C-82FF-B94F3884A1DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{EE658A09-AF4E-4B1F-8D41-10AB6502FA26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{94D35723-E091-490D-B7E3-9501CD28AD3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\orbt xl\orbtxl.exe
FirewallRules: [{ACC45D85-55E1-4794-B087-12F16724D754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\orbt xl\orbtxl.exe
FirewallRules: [TCP Query User{34E3421E-46C6-4951-B870-1343BA81E577}C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{BCFA6765-7A6B-4A4B-9F14-D11C7C21C5B9}C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [{39E244AF-000E-4788-9520-89F7880ACA83}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6A610EAD-41DD-4E91-9C42-002923B6035F}C:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe
FirewallRules: [UDP Query User{D2405B86-7B3A-49C1-A2AC-2D2A7563BCB8}C:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe
FirewallRules: [{2596D0E2-A56C-4F22-A0CA-4275613D3DAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{115ED2CE-3946-438D-A182-E00A68E1E230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{905BA89F-3B34-4ECA-B268-767CC90B3999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8E6A796E-3E4B-425E-AE3E-4F93DF185C0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{376B99A3-12EE-4662-899C-3487D46B129E}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{439932A6-F11D-42B6-9B70-C93F5F02CD26}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{B2E4D36F-4711-4239-A715-23F35D6D8E9D}C:\programdata\oracle\java\javapath_target_588123\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_588123\java.exe
FirewallRules: [UDP Query User{5BB9730F-9BED-4065-A531-169A55FC402B}C:\programdata\oracle\java\javapath_target_588123\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_588123\java.exe
FirewallRules: [TCP Query User{3C94CB77-96FC-4BE2-A4E6-DC6BD3AABEDE}C:\users\matthew\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matthew\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{864C6E45-25E3-423C-B702-3BF9F114CE73}C:\users\matthew\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matthew\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3A2E6427-2D85-4F1C-A4FA-691E80B32B10}C:\users\matthew\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matthew\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7E5A87ED-CFE8-4286-B451-F89D7EC6B78C}C:\users\matthew\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matthew\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B6959AD5-C4C7-4725-84F3-45244AE8AA08}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{223E8AF7-A9A7-48D3-9AE4-F2830986A9C1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{BC34ADE0-2E3D-49C5-AC5E-227B6D7AA2DF}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{81C71CE1-5028-445C-B896-7D1D22393F97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{B4E60E3F-5C4A-48E3-8EBB-A6DDFB559FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{F0E7950D-0D7B-4915-8CAE-8004F406E4D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{5008BE23-C7EA-4525-A19F-E2C7AAC3C8B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{EB587B04-8E6B-442E-8872-B68E8C2EA4B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{8864CA57-9B9D-4B8F-BCF7-39F1FB06ED24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{EA75290A-8B1E-4F1A-90B0-B760E40EC40C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B9B7BC7E-8299-469E-988E-08F4822E72AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{27B3529E-0388-409B-BE1D-EC537DCD229C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [TCP Query User{10D2CF2A-376A-47CE-B5F3-71BC5F1941D5}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [UDP Query User{9F9D566A-2C3E-45F8-8844-2724C1B1B102}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [{16A219FC-7DD6-4BF4-A170-4F56E120330D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{C04ECA82-732B-4F74-922F-8EB090C1FBDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [TCP Query User{835F19E2-3E20-4157-B7B3-85669F15ADBE}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{6473D956-CCCD-4254-B57A-4EDC50FDA0C1}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{D32A0BA6-2326-4912-8FC7-9D66035AFD48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{DFB08EB0-6A8F-4D83-9B58-F453C1BBA576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{7A8B1ABF-F797-4AD3-84F7-6866908CB710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{119A9D9C-90D2-47F1-93C7-684DF0FA4097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{896ACAEB-779E-493E-A630-D2C19FC91075}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{925D6008-8AE3-4C92-B77D-B184DECA5FFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{6D0E358A-6C97-4217-85BF-004D34AA0DC2}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{BAC57C90-9F4A-4ADD-A19E-66B4B3A3BDC6}C:\program files\yonder the cloud catcher chronicles\yonderccc.exe] => (Allow) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe
FirewallRules: [UDP Query User{8816E1DE-60A5-4C4C-A3DF-3F5240B347B7}C:\program files\yonder the cloud catcher chronicles\yonderccc.exe] => (Allow) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe
FirewallRules: [{EF349F17-264F-4EC9-8288-2979D8353BCE}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation\HomeCloud\HCLOUD.exe
FirewallRules: [{04B50EE2-84A6-4272-B5A3-62BCC27BA341}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation\RemoteOC\ubssrv_oc_only.exe
FirewallRules: [{C410B5BD-ED15-4D97-9CF3-33BEF2449AF4}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation\RemoteControl\grckm.exe
FirewallRules: [{A358F614-B5BC-4ECE-BA64-7C8983BD7F72}] => (Allow) LPort=1980
FirewallRules: [{6223DDC3-4235-4160-8F06-9BA0A7BF339F}] => (Allow) LPort=1900
FirewallRules: [{A09D054B-DEA7-43BB-ADA7-1953C26FE764}] => (Allow) LPort=1900
FirewallRules: [{F72D0D4F-9B54-4E2A-BE32-BFBF025E4357}] => (Allow) LPort=8960
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2017 11:35:14 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070002.
 
Error: (07/22/2017 05:45:55 AM) (Source: MsiInstaller) (EventID: 11719) (User: NERDS)
Description: Product: NordVPN -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (07/22/2017 05:45:53 AM) (Source: MsiInstaller) (EventID: 11719) (User: NERDS)
Description: Product: NordVPN -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (07/22/2017 05:43:34 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070002.
 
Error: (07/22/2017 01:34:22 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070002.
 
Error: (07/22/2017 01:10:32 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (07/22/2017 01:06:30 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (07/22/2017 01:02:28 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (07/22/2017 12:58:27 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (07/22/2017 12:56:07 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007000e, Not enough storage is available to complete this operation.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {554af093-cd0c-40b5-8fa7-247f8b632dd0}
 
 
System errors:
=============
Error: (07/22/2017 11:37:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/22/2017 11:35:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (07/22/2017 11:35:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The srcsrv service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/22/2017 11:35:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/22/2017 11:35:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/22/2017 11:35:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error: 
The requested resource is in use.
 
Error: (07/22/2017 11:35:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (07/22/2017 05:45:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/22/2017 05:43:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (07/22/2017 05:43:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The srcsrv service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-15 21:48:17.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:46:26.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:35.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:28.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:26.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:25.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:23.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:22.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:20.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-15 21:45:19.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\RenderAPO.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 15%
Total physical RAM: 16244.33 MB
Available physical RAM: 13687.89 MB
Total Virtual: 32486.86 MB
Available Virtual: 29733.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:147.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Rescue Disc) (Removable) (Total:14.62 GB) (Free:14.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C501C501)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: 1FA12FF8)
Partition 1: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
I see that a lot of the whitelisted stuff in my regedit looks pretty nasty...


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 22 July 2017 - 01:16 PM

Hi IHATETROJANS1234 :)
 
My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
For now, please follow the instructions in the guide below to download and run Zemana Anti-Malware.

https://www.bleepingcomputer.com/virus-removal/remove-ntuserlitelist-adware-and-Trojans#zemana

If Zemana gets blocked with the same "Resources already in use" message, let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 04:26 PM

Hello Aura! Thanks for responding in such a short amount of time I tried launching Zemana and the resource is already in use message still pops up. See you soon :)



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 22 July 2017 - 04:34 PM

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 05:00 PM

Sadly I can't even run this program, this is either an extremely sophisticated virus or I f***** it up



#6 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 05:11 PM

It gets to 100% extraction and then closes without MBAR running



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 22 July 2017 - 05:13 PM

If you launch the mbar.cmd file inside the MBAR folder, does it works?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 05:19 PM

I can't use file explorer it says not enough ram.. is it because I am in clean boot, and I managed the to find the two programs that I can't disable on boot in msconfig I found them in regedit I will post pictures on my computer, I am using my laptop for this message



#9 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 05:21 PM

https://gyazo.com/7106ee0f1e596c3b31c8347148fb541f



#10 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 05:23 PM

Value name:

svcvmx

Value data:

"C:\Users\Default\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup

Value name:

cpx

Value data:

"C:\Users\Default\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup

 

 

 

 

 

 

should I attempt to delete?


https://gyazo.com/96613f1e6964d8849ccba4347a5071cd



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 22 July 2017 - 05:30 PM

Disabling them won't do anything since they'll be re-enabled automatically.

If you can't open MBAR, we'll have to use FRST. Do you have your Windows installation media and a USB Flash Drive?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 05:35 PM

Should I reformat and reinstall windows I don't care about my files....



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 22 July 2017 - 05:46 PM

If you're ready to go down that path, you can. There's way to remove that infection without MBAR, but you need a Windows installation media to access the Recovery PE, and a USB Flash Drive to put FRST on it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 06:25 PM

I appreciate your help Aura I have just upgraded to windows 10 and reformatted thank you again and you can lock the thread now :)



#15 IHATETROJANS1234

IHATETROJANS1234
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 22 July 2017 - 06:34 PM

Actually before you lock can you guide me through... I can't install windows on my hard drive it says I have an MBR partition table, Windows can only be installed to GPT disk.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users