Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Huge computer slowdowns, long boot and startup


  • This topic is locked This topic is locked
7 replies to this topic

#1 arman12

arman12

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 25 July 2017 - 01:07 PM

Hey everyone, I wanted to thank you guys for doing this and any help you can provide would be great! I have a 2 year old gaming labtop that used to be a beast, but after my antivirus expired last year and its been kind of turned off, I fear that I have huge virus and malwares issues because my computer has slowed down tremendously. Startups take around 3 minutes, and sometimes loading the internet takes 2-3 minutes also. Today, it seemed like the sound card or driver booted up really slow because sound of any sorts was off until about 5 minutes in. One time when I turned my computer off for the night, the next morning it said that it was diagnosing the disk and then scanning and repairing (:C) drive and that took 30-40 minutes. Not sure why it did that. I did the steps you guys mentioned in the pinned threads, and they helped a little but it is still very slow.  If there is anymore information you need please let me know! Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by Arman (administrator) on ALADIN (25-07-2017 12:57:28)
Running from C:\Users\Arman\Downloads
Loaded Profiles: Arman (Available Profiles: Arman)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Dell Inc.) C:\Windows\System32\pnusbvirtualhubwssrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Dell Inc.) C:\Windows\SysWOW64\PNUSBCLITRAY.exe
(Dell Inc.) C:\Windows\SysWOW64\PNTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Hammer & Chisel, Inc.) C:\Users\Arman\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Arman\AppData\Local\Discord\app-0.0.297\Discord.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Trend Micro Inc.) C:\Users\Arman\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) D:\World of Warcraft Classic2\WoW.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Arman\Downloads\FRST64 (2).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [14448 2014-01-28] (ASUS)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2874440 2016-02-22] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [pnusbclitray] => C:\Windows\SysWOW64\pnusbclitray.exe [174384 2015-07-15] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1224704 2017-04-07] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
Startup: C:\Users\Arman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-17]
ShortcutTarget: Twitch.lnk -> C:\Users\Arman\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{0C18D81B-D1A9-4140-9C41-F97776C63E32}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{4BBC6E82-5BA6-4D35-943D-7D6FB20C5355}: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={98DEAA6E-061E-4875-8255-4D2775E49D4A}&mid=cc12f50380a447cca0a5c18a3d488278-76821f59f4b054ce7dcdce46968affccff0726a3&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215avt&pr=fr&d=2015-11-19 19:34:01&v=4.2.4.155&pid=wtu&sg=&sap=hp
hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1162603160-520621064-4255279686-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={98DEAA6E-061E-4875-8255-4D2775E49D4A}&mid=cc12f50380a447cca0a5c18a3d488278-76821f59f4b054ce7dcdce46968affccff0726a3&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215avt&pr=fr&d=2015-11-19 19:34:01&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1162603160-520621064-4255279686-1001 -> {C39B72B8-6D67-4B4E-A93A-0E4B6E9D657D} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-22] (AVG)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-22] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.6\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch"
CHR Profile: C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (Google Slides) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKU\S-1-5-21-1162603160-520621064-4255279686-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1162603160-520621064-4255279686-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1162603160-520621064-4255279686-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-10] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
S2 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-21] (BitRaider, LLC)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-02-01] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [524800 2014-11-12] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S2 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
R2 pnusbvirtualhubwssrv; C:\Windows\system32\pnusbvirtualhubwssrv.exe [476672 2016-08-08] (Dell Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S4 vToolbarUpdater40.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-22] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-02-22] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-10] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-10] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-10] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-10] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-10] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-18] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-10] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-10] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-10] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-10] (AVG Technologies CZ, s.r.o.)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-08-05] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-01-06] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows ® Win 7 DDK provider)
R2 pnpnptool; C:\Windows\system32\Drivers\pnpnptool.sys [41392 2016-08-08] (Dell Inc.)
S3 pnusbd; C:\Windows\system32\Drivers\pnusbd.sys [37680 2016-08-08] (Dell Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204936 2014-02-12] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-20] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-25 12:56 - 2017-07-25 12:56 - 02382336 _____ (Farbar) C:\Users\Arman\Downloads\FRST64 (2).exe
2017-07-25 12:40 - 2017-07-25 12:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Arman\Downloads\HijackThis.exe
2017-07-21 17:08 - 2017-07-21 17:08 - 05377601 _____ C:\Users\Arman\Downloads\Quest Helper.zip
2017-07-20 09:27 - 2017-07-20 09:27 - 00075989 _____ C:\Users\Arman\Downloads\PhD Extra Credit Summer 2017.pptx
2017-07-11 12:32 - 2017-06-29 01:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-11 12:32 - 2017-06-29 01:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-11 12:32 - 2017-06-29 00:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-11 12:32 - 2017-06-29 00:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-11 12:32 - 2017-06-29 00:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-11 12:32 - 2017-06-29 00:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-11 12:32 - 2017-06-28 23:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-11 12:32 - 2017-06-28 23:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-11 12:32 - 2017-06-28 23:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-11 12:32 - 2017-06-28 23:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-11 12:32 - 2017-06-28 23:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-11 12:32 - 2017-06-28 23:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-11 12:32 - 2017-06-28 23:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-11 12:32 - 2017-06-22 09:22 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-11 12:32 - 2017-06-17 11:45 - 03631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-11 12:32 - 2017-06-17 11:34 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-11 12:32 - 2017-06-17 11:11 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-11 12:32 - 2017-06-17 11:05 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-11 12:32 - 2017-06-15 17:02 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-11 12:32 - 2017-06-15 08:45 - 07440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-11 12:32 - 2017-06-15 08:45 - 01674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-11 12:32 - 2017-06-15 08:45 - 01534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-11 12:32 - 2017-06-15 08:45 - 01499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-11 12:32 - 2017-06-15 08:45 - 01370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-11 12:32 - 2017-06-15 08:45 - 00086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-11 12:32 - 2017-06-11 19:06 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-11 12:32 - 2017-06-11 17:21 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-11 12:32 - 2017-06-11 16:43 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-11 12:32 - 2017-06-11 16:15 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-11 12:32 - 2017-06-11 16:08 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-11 12:32 - 2017-06-11 16:00 - 00962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-11 12:32 - 2017-06-11 15:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-11 12:32 - 2017-06-11 15:40 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-11 12:32 - 2017-06-11 15:35 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-11 12:32 - 2017-06-11 15:31 - 00781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-11 12:32 - 2017-06-11 10:15 - 02013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-11 12:32 - 2017-06-06 15:52 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-11 12:32 - 2017-06-06 15:42 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-11 12:32 - 2017-06-06 15:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-11 12:32 - 2017-06-06 15:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-11 12:32 - 2017-06-06 15:35 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-11 12:32 - 2017-06-06 14:13 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-11 12:32 - 2017-06-06 14:11 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-11 12:32 - 2017-06-06 14:11 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-11 12:32 - 2017-06-06 14:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-11 12:32 - 2017-06-06 14:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-11 12:32 - 2017-06-06 14:08 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-11 12:32 - 2017-06-06 14:03 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-11 12:32 - 2017-06-06 13:57 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-11 12:32 - 2017-06-06 13:56 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-11 12:32 - 2017-06-06 13:03 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-11 12:32 - 2017-06-06 13:02 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-11 12:32 - 2017-06-06 13:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-11 12:32 - 2017-06-06 13:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-11 12:32 - 2017-06-06 13:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-11 12:32 - 2017-06-03 11:27 - 02346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-11 12:32 - 2017-06-03 11:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-11 12:32 - 2017-05-31 16:20 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-11 12:32 - 2017-05-15 17:09 - 00057688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-11 12:32 - 2017-05-15 15:03 - 00379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-11 12:32 - 2017-05-09 09:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-11 12:32 - 2017-05-09 09:35 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-11 12:32 - 2017-05-09 09:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-11 12:32 - 2017-05-09 09:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-11 12:32 - 2017-05-09 09:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-11 12:32 - 2017-05-06 11:45 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-11 12:32 - 2017-05-06 11:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-11 12:32 - 2017-05-02 15:09 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-11 12:32 - 2017-05-02 15:08 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-11 12:32 - 2017-05-02 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-11 12:32 - 2017-05-02 13:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-11 12:32 - 2017-05-02 13:31 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-11 12:32 - 2017-05-02 13:31 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-11 12:32 - 2017-04-30 11:48 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-07-11 12:32 - 2017-04-27 20:13 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-11 12:32 - 2017-04-27 20:11 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-11 12:31 - 2017-07-06 03:52 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-11 12:31 - 2017-06-29 00:17 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-11 12:31 - 2017-06-29 00:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-11 12:31 - 2017-06-29 00:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-11 12:31 - 2017-06-28 23:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-11 12:31 - 2017-06-28 23:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-11 12:31 - 2017-06-28 23:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-11 12:31 - 2017-06-28 23:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-11 12:31 - 2017-06-27 09:29 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-11 12:31 - 2017-06-27 09:29 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-11 12:31 - 2017-06-27 09:26 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-11 12:31 - 2017-06-27 09:26 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 12:31 - 2017-06-11 16:25 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-11 12:31 - 2017-06-11 16:07 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-11 12:31 - 2017-06-06 15:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-11 12:31 - 2017-06-06 13:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-11 12:31 - 2017-05-09 09:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-11 12:31 - 2017-05-09 09:12 - 00448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-11 12:31 - 2017-05-02 12:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-11 12:24 - 2017-05-03 18:11 - 00103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-11 12:24 - 2017-05-03 08:43 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-11 12:24 - 2017-05-03 08:43 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-11 12:24 - 2017-05-03 08:43 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-11 12:24 - 2017-05-03 08:43 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-11 12:24 - 2017-05-03 08:43 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-11 12:24 - 2017-05-03 08:43 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-11 12:24 - 2017-05-03 08:43 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-11 12:24 - 2017-05-03 08:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-11 12:03 - 2017-07-23 12:00 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2017-07-10 11:18 - 2017-07-10 11:18 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-07-03 18:17 - 2017-07-03 18:17 - 00001657 _____ C:\Users\Arman\Documents\semaphore.h
2017-07-03 18:17 - 2017-07-03 18:17 - 00000518 _____ C:\Users\Arman\Documents\semaphore.c
2017-07-03 18:17 - 2017-07-03 18:17 - 00000000 ____D C:\Users\Arman\Documents\misc
2017-07-03 14:14 - 2017-07-03 14:14 - 00000000 ____D C:\Users\Arman\Downloads\MP3_Source (1)
2017-07-03 14:13 - 2017-07-03 14:14 - 00010601 _____ C:\Users\Arman\Downloads\MP3_Source (1).zip
2017-07-03 13:37 - 2017-04-21 16:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-07-03 13:37 - 2017-04-21 16:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-07-03 13:37 - 2017-04-21 16:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-07-03 13:37 - 2017-04-11 13:27 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-07-03 13:37 - 2017-03-15 13:15 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-07-03 13:36 - 2017-04-21 16:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-07-03 13:36 - 2017-04-11 13:27 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-07-03 13:36 - 2017-03-15 13:15 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-07-03 10:21 - 2017-07-03 10:21 - 00284555 _____ C:\Users\Arman\Desktop\cheatsheets.pdf
2017-07-02 17:45 - 2017-07-02 17:45 - 00348492 _____ C:\Users\Arman\Downloads\Lecture8-2017.pptx
2017-07-02 17:30 - 2017-07-02 17:30 - 00523258 _____ C:\Users\Arman\Downloads\Lecture7-2017.pptx
2017-07-02 06:21 - 2017-07-02 06:21 - 00000000 ____D C:\Users\Arman\Downloads\MP4_Source (1)
2017-07-02 06:20 - 2017-07-02 06:20 - 00006025 _____ C:\Users\Arman\Downloads\MP4_Source.zip
2017-07-02 06:20 - 2017-07-02 06:20 - 00006025 _____ C:\Users\Arman\Downloads\MP4_Source (1).zip
2017-07-02 06:11 - 2017-07-02 06:11 - 00056206 _____ C:\Users\Arman\Downloads\SubmissionMP5.zip
2017-07-02 05:53 - 2017-07-02 05:53 - 00050260 _____ C:\Users\Arman\Desktop\mp5report.pdf
2017-07-02 02:22 - 2017-07-02 02:23 - 00000000 ____D C:\Users\Arman\Downloads\MP5_Source
2017-07-02 02:22 - 2017-07-02 02:22 - 00010532 _____ C:\Users\Arman\Downloads\MP5_Source.zip
2017-06-30 10:04 - 2017-06-30 10:04 - 00056896 _____ C:\Users\Arman\Desktop\hw3csce313.pdf
2017-06-30 09:52 - 2017-06-30 09:52 - 00651632 _____ C:\Users\Arman\Downloads\Lecture11-2017 (1).pptx
2017-06-30 01:05 - 2017-06-30 01:05 - 00372027 _____ C:\Users\Arman\Downloads\Lecture10-2017.pptx
2017-06-30 01:05 - 2017-06-30 01:05 - 00152852 _____ C:\Users\Arman\Downloads\Lecture9-2017.pptx
2017-06-30 00:52 - 2017-06-30 00:52 - 00651632 _____ C:\Users\Arman\Downloads\Lecture11-2017.pptx
2017-06-30 00:51 - 2017-06-30 00:51 - 01274368 _____ C:\Users\Arman\Downloads\Lecture12-2017.ppt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-25 12:58 - 2015-11-19 20:52 - 00025139 _____ C:\Users\Arman\Downloads\FRST.txt
2017-07-25 12:57 - 2015-11-19 20:52 - 00000000 ____D C:\FRST
2017-07-25 12:52 - 2014-12-30 16:39 - 00000000 ____D C:\Users\Arman\AppData\Roaming\ClassicShell
2017-07-25 12:41 - 2016-10-20 14:39 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-07-25 12:38 - 2015-11-27 02:15 - 00000073 _____ C:\Users\Arman\AppData\Roaming\sp_data.sys
2017-07-25 12:36 - 2014-08-30 12:32 - 00000000 __RDO C:\Users\Arman\OneDrive
2017-07-25 12:32 - 2015-10-06 23:57 - 00000000 ____D C:\Users\Arman\AppData\Roaming\Curse Client
2017-07-25 12:30 - 2016-12-18 14:52 - 00000000 ___RD C:\Users\Arman\Google Drive
2017-07-25 12:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-25 12:07 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-07-23 19:49 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-23 12:00 - 2016-09-05 18:57 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2017-07-22 08:26 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2017-07-21 21:47 - 2014-08-30 12:36 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1162603160-520621064-4255279686-1001
2017-07-21 10:04 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 11:19 - 2017-05-17 23:28 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys
2017-07-17 11:46 - 2017-05-30 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-07-17 11:46 - 2017-05-17 23:22 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-07-17 02:31 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2017-07-16 21:24 - 2015-12-05 18:32 - 00000000 ____D C:\Users\Arman\AppData\Local\CrashDumps
2017-07-14 13:16 - 2015-11-19 04:12 - 00000000 ____D C:\Users\Arman\AppData\Local\Avg
2017-07-14 12:59 - 2017-03-21 20:18 - 00383648 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-14 12:55 - 2015-05-24 18:30 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-11 12:37 - 2014-09-07 10:57 - 00000000 ____D C:\Windows\system32\MRT
2017-07-11 12:35 - 2014-09-07 10:57 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 12:35 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-11 00:18 - 2014-08-30 12:30 - 00000000 ____D C:\Users\Arman
2017-07-10 11:19 - 2017-05-17 23:28 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys
2017-07-10 11:19 - 2017-05-17 23:28 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-07-10 11:18 - 2017-05-17 23:28 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00353232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys.149970355106204
2017-07-10 11:18 - 2017-05-17 23:28 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-07-10 11:18 - 2017-05-17 23:28 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-07-09 18:28 - 2015-11-24 20:40 - 00000000 ____D C:\Users\Arman\AppData\Roaming\discord
2017-07-03 19:35 - 2016-02-26 17:16 - 00000600 _____ C:\Users\Arman\AppData\Local\PUTTY.RND
2017-07-03 13:45 - 2017-03-21 21:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-03 13:45 - 2015-02-28 03:36 - 00000000 ____D C:\ProgramData\Skype
2017-07-03 07:23 - 2017-06-11 17:37 - 20599339 _____ C:\Users\Arman\Downloads\csce313textbook.pdf
2017-07-02 05:15 - 2016-04-29 22:58 - 00004352 _____ C:\Users\Arman\Downloads\graph_algorithms4.h
2017-06-29 19:27 - 2017-06-14 18:01 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-29 19:27 - 2017-06-14 18:01 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 14:22 - 2014-11-19 00:45 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 14:22 - 2014-11-19 00:45 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-26 12:52 - 2017-01-12 19:21 - 00000000 ____D C:\Users\Arman\AppData\Local\Sling_cache
 
==================== Files in the root of some directories =======
 
2015-11-27 02:15 - 2017-07-25 12:38 - 0000073 _____ () C:\Users\Arman\AppData\Roaming\sp_data.sys
2016-02-26 17:16 - 2017-07-03 19:35 - 0000600 _____ () C:\Users\Arman\AppData\Local\PUTTY.RND
 
Some files in TEMP:
====================
2017-04-30 02:44 - 2017-04-30 02:44 - 0739904 _____ (Oracle Corporation) C:\Users\Arman\AppData\Local\Temp\jre-8u131-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-23 04:02
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Arman (25-07-2017 12:58:31)
Running from C:\Users\Arman\Downloads
Windows 8.1 (Update) (X64) (2014-08-30 17:30:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1162603160-520621064-4255279686-500 - Administrator - Disabled)
Arman (S-1-5-21-1162603160-520621064-4255279686-1001 - Administrator - Enabled) => C:\Users\Arman
ASPNET (S-1-5-21-1162603160-520621064-4255279686-1002 - Limited - Enabled)
Guest (S-1-5-21-1162603160-520621064-4255279686-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Amazon Kindle (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\Amazon Kindle) (Version: 1.14.1.43029 - Amazon)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.54 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{97CF5B1B-FCCD-4D5C-9FD9-3025CCB793DF}) (Version: 2.1 - Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio Express 2013 for Windows (HKLM-x32\...\{04831041-22A1-4B58-A9C7-569E0B5ADD13}) (Version: 2.1 - Microsoft Corporation) Hidden
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3021 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.6.552 - AVG Technologies)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Baldur's Gate II - Enhanced Edition (HKLM-x32\...\1207666373_is1) (Version: 2.1.0.3 - GOG.com)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Beamdog)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (HKLM-x32\...\{403759F5-1D77-49F4-812D-AF43196E8C74}) (Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (HKLM\...\{2C5DC777-D62C-427D-8CC6-90331A734E91}) (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{A1CFE5F7-07CA-44D6-B553-BE22B180F660}) (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{299CAA36-AED0-402E-8D85-E20D4FBB9B88}) (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{7754915B-C85B-458C-B531-48E286DE96E6}) (Version: 12.0.30723 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.02034 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{B9FE27F9-F458-4775-8C12-A8238960583F}) (Version: 4.4.02034 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.1 - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 9 - Illustrate)
Discord (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Fallout (HKLM\...\Steam App 38400) (Version:  - Interplay Inc.)
Fallout Fixt 0.81alpha (Full Custom) (HKLM-x32\...\{83D6B5DC-9C8C-4DE2-B66C-14FA5C8680B5}_is1) (Version: 0.81alpha (Full Custom) - Sduibek)
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
GitHub (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{326A5052-061C-F656-31E3-3B73842ABD46}) (Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mediatek Bluetooth (HKLM\...\{9ACFC67B-786F-CC9B-847A-D0350FF6F5E0}) (Version: 11.0.752.0 - Mediatek)
Memory Profiler (HKLM-x32\...\{93DF97DE-12CD-4D43-9192-C5D31E116303}) (Version: 12.0.30723 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{C263C94A-83B1-431C-8BF5-2E9BEB9311D2}) (Version: 12.0.30723 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows - ENU with Update 3 (HKLM-x32\...\{14d6f1b4-c9e0-4eeb-87cc-82ab80295526}) (Version: 12.0.30723.0 - Microsoft Corporation)
Microsoft Visual Studio Premium 2013 (HKLM-x32\...\{d3ab6132-e182-4c47-bf3f-fbf79ab78f07}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mumble 1.2.10 (HKLM-x32\...\{63243F5C-E941-4461-A4B0-2689A9A3BF13}) (Version: 1.2.10 - Thorvald Natvig)
Neverwinter Nights 2 Complete (HKLM-x32\...\1207659162_is1) (Version: 2.2.0.10 - GOG.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.1.1.50223 - Grinding Gear Games)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.13.0.18 - GOG.com)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Python Tools Redirection Template (HKLM-x32\...\{540C3D75-5872-4441-AB09-BE3397B663BC}) (Version: 1.2 - Microsoft Corporation) Hidden
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sling (HKLM-x32\...\{A0C306FE-01A5-4B94-A037-EF5403F8CE41}) (Version: 5.0.174 - Echostar)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Soul Gambler (HKLM\...\Steam App 313020) (Version:  - Tlön Studios)
Star Wars: Knights of the Old Republic (HKLM\...\Steam App 32370) (Version:  - BioWare)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXstudio 2.6.6 (HKLM-x32\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander)
The Lord of the Rings Online™ (HKLM\...\Steam App 212500) (Version:  - Turbine, Inc.)
The Lord of the Rings Online™ v03.08.00.8029 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8029 - Turbine, Inc.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
TypeScript Power Tool (HKLM-x32\...\{495D0BE3-CA66-4768-9D3E-7CDCA0C2B9F7}) (Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{E12AD0E4-1FCD-4E23-A58A-C983B85E112A}) (Version: 1.0.3.1 - Microsoft Corporation) Hidden
Ubiquitous2 (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\b5693a82cc6c4439) (Version: 2.2.1.97 - Xedoc)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (HKLM-x32\...\{1E30CCBB-0773-38D3-8433-C426EF2C0FF0}) (Version: 12.0.30723 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
vWorkspace Connector for Windows (HKLM-x32\...\{1444136D-67F5-4498-87C0-BBF118CD74D3}) (Version: 8.6.309.4062 - Dell, Inc.)
Way of the Samurai 4 (HKLM-x32\...\Steam App 312780) (Version:  - ACQUIRE Corp.)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{940596e5-652a-4970-8a5a-492e73ed0fbb}) (Version: 12.0.30501.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World of Warcraft Classic (HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers01: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers03: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers04: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers04: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-01] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-08-11] (NVIDIA Corporation)
ContextMenuHandlers06: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06FBE3F2-35FD-4D0D-A157-B932AAE7C549} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {0E3DF2F7-FDDE-4ADC-BC1B-CCAF2A4DEA0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {107E1162-EC1F-4430-8FDD-B69D27B7A39D} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-20] (Realtek Semiconductor)
Task: {18407485-FBFB-415A-A8AB-5C1E96A5B893} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {1FD0785E-C806-4716-94CD-B7AF0A773015} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {24BA361E-5947-4A90-9BA7-53E315EA26AE} - System32\Tasks\{B72B3FFC-9686-44AB-9F40-71D56C6BDB56} => C:\Windows\system32\pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {2AF6DA7D-E3EC-40C8-BE9F-7C76D31C1380} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {4798AEFC-3942-4853-8DBF-DA6C583DED28} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {59B29764-01B1-4393-AB3C-E9A681EDB164} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {5D48D314-41AC-4944-A9E5-14A45AA7D44F} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {62FA112B-F97C-437B-824A-201FACC0A621} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-11] ()
Task: {8388152C-AFF5-4542-A136-87F233C68EB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {9B0BA18C-570B-41E0-8DA7-C41D1FE9DEB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A7BA1358-D37C-4380-901A-8862FC0957E0} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {B7CAC9A1-77D3-4EC5-A2E3-0FEC56C3BAF2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {BC12BB5C-D042-4F9F-990F-A1516626EAC8} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {BDBC3765-DBBE-4E4C-B6CB-093473DC4417} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS)
Task: {D260E366-2C4A-487B-B5E6-40AE6D1F86D3} - System32\Tasks\{95FBAC4C-F2F8-4086-A9A1-1D42627CC49E} => C:\Windows\system32\pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {E2E07BE1-6C3B-47EF-95F9-3292670874A5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {E6B8ED08-BC15-4B32-A977-60D2C8EADDC8} - System32\Tasks\{B4C196E2-D153-410A-99AC-56DBDE4E55DF} => C:\Windows\system32\pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {E9D92220-D412-4F16-8EB1-3658F54D1FC1} - System32\Tasks\{195C45BA-B840-4FD3-9528-055922815F7D} => C:\Windows\system32\pcalua.exe -a "C:\World of Warcraft Classic\WoW.exe" -d "C:\World of Warcraft Classic"
Task: {F24E883B-B84C-4DB3-BD34-F1A1C8540309} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-10] (AVG Technologies CZ, s.r.o.)
Task: {F36119F4-98B2-4EF2-9817-3860C6BBCCDB} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-19 20:33 - 2016-02-22 14:59 - 01215560 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-07-11 19:15 - 2016-08-11 06:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-12 04:20 - 2014-11-12 04:20 - 00524800 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
2016-08-20 01:28 - 2016-01-11 23:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2014-02-11 19:08 - 2014-02-11 19:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-11 19:08 - 2014-02-11 19:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-11-19 20:33 - 2016-02-22 14:59 - 02874440 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2017-06-28 14:22 - 2017-06-22 22:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 14:22 - 2017-06-22 22:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-04-07 12:27 - 2017-04-07 12:27 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-09 20:23 - 2013-09-09 20:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 22:41 - 2013-10-08 22:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-11-05 18:30 - 2016-01-11 23:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-05-17 23:25 - 2017-05-17 23:25 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-10 11:18 - 2017-07-13 23:19 - 01040072 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-10 11:18 - 2017-07-10 11:18 - 67109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-07-10 11:18 - 2017-07-10 11:18 - 00193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-10 11:18 - 2017-07-10 11:18 - 00225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-07-10 11:18 - 2017-07-10 11:18 - 00690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-02-22 14:59 - 2016-02-22 14:59 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\log4cplusU.dll
2017-07-25 12:29 - 2017-07-25 12:29 - 00098816 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32api.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00110080 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\pywintypes27.dll
2017-07-25 12:29 - 2017-07-25 12:29 - 00364544 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\pythoncom27.dll
2017-07-25 12:29 - 2017-07-25 12:29 - 00320512 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32com.shell.shell.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00914432 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_hashlib.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 01176576 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._core_.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00806400 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._gdi_.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00816128 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._windows_.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 01067008 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._controls_.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00733184 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._misc_.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00682496 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\pysqlite2._sqlite.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00088064 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_ctypes.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00686080 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\unicodedata.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00119808 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32file.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00108544 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32security.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00007168 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\hashobjs_ext.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00017920 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\thumbnails_ext.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00088064 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\usb_ext.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00012800 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\common.time34.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00018432 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32event.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00167936 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32gui.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00046080 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_socket.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 01303552 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_ssl.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00128512 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_elementtree.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00127488 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\pyexpat.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00038912 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32inet.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00036864 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_psutil_windows.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00524248 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\windows._lib_cacheinvalidation.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00011264 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32crypt.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00123392 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._wizard.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00077312 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._html2.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00027648 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_multiprocessing.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00020480 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\_yappi.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00035840 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32process.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00078848 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\wx._animate.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00024064 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32pipe.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00010240 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\select.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00025600 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32pdh.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00017408 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32profile.pyd
2017-07-25 12:29 - 2017-07-25 12:29 - 00022528 ____R () C:\Users\Arman\AppData\Local\Temp\_MEI60522\win32ts.pyd
2016-12-04 01:08 - 2016-12-04 01:08 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2014-07-11 19:13 - 2013-12-09 17:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-01-28 15:16 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Arman\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-28 15:17 - 2017-01-28 15:17 - 01082880 _____ () \\?\C:\Users\Arman\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-28 15:17 - 2017-01-28 15:17 - 03750400 _____ () \\?\C:\Users\Arman\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-28 15:17 - 2017-01-28 15:17 - 00914432 _____ () \\?\C:\Users\Arman\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-28 15:17 - 2017-01-28 15:17 - 01127424 _____ () \\?\C:\Users\Arman\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-06-14 13:48 - 2017-06-14 13:48 - 01385976 _____ () \\?\C:\Users\Arman\AppData\Roaming\discord\0.0.297\modules\discord_overlay\discord_overlay.node
2017-07-25 12:33 - 2017-07-25 12:33 - 00148992 _____ () \\?\C:\Users\Arman\AppData\Local\Temp\90C9.tmp.node
2017-01-28 15:17 - 2017-05-08 16:07 - 02658296 _____ () \\?\C:\Users\Arman\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-28 15:17 - 2017-03-30 13:25 - 02665976 _____ () \\?\C:\Users\Arman\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2015-12-04 17:48 - 2009-09-06 19:09 - 00413696 _____ () D:\World of Warcraft Classic2\DivxDecoder.dll
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arman\Desktop\KO.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: KinoniSvc => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\Services: vToolbarUpdater40.2.6 => 2
MSCONFIG\Services: WtuSystemSupport => 2
HKLM\...\StartupApproved\Run32: => "WRSVC"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1162603160-520621064-4255279686-1001\...\StartupApproved\Run: => "MsnMsgr"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{41D86FC8-B197-49C5-AE9D-27D9192B7CD9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0F4271B2-180D-4FF0-AB7B-B06BA6E778D3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{139F7399-2B24-4EBC-ADD9-7D85136313D7}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\X64\VsGraphicsRemoteEngine.exe
FirewallRules: [{CD529E98-CF3C-4EB9-94DF-A62C163DF93B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\VSWinExpress.exe
FirewallRules: [{BFC73BB0-3F9B-4EB3-9940-FDE26A6F6ADF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{57E55E00-265D-4305-B416-848E140FE6A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2AE05C88-9484-4D8B-9AC5-6385048229ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{A29D1FAF-6DBB-44B7-82F9-81D6714DFD54}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{FA38F0BA-4264-4EA2-B1F3-C89D82948A0D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3B791A93-4B0C-473D-9D39-D9C68CED9286}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AEE71A16-58AA-4D33-8F12-7E2C73D3AD9B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{CC93ADFB-365D-4CC4-BA84-CD630A74ADF6}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{49BE22BE-4B45-4566-8A9F-5A94BDEBAFBE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{9AB899A4-3E1D-49F7-9413-744B25A9887B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{620D50FB-A2A3-4A59-89FF-F564AB0517F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{5E6FD52E-FAF9-4C4A-A0DC-0C861F55015E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B602BCC0-90EA-4970-80AF-F9F8EA4D3482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B9BEE4E0-27F0-4D59-82E6-2D177CC2D255}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{7DDEB35A-F118-4E54-9EE7-E6EA7FE2AEF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{D1B726A5-D1AD-461F-BDCA-F71F9BA42A4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{AA628D8F-0405-4F0F-8B4C-211DBE705ABE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{2FBC15F5-7AEF-4CBD-BCE9-2C8A69AE808A}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{198B94BB-B1C3-4D22-A577-7CA95A25CEC0}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{4885EB57-19A8-4CF0-810B-A8F7D3F77A96}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{838C4F19-3491-4E31-B609-15E49D0332E3}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [{EF5FA57F-CECF-4B34-A3DD-39BD564CD737}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6D32BF58-E4EF-493E-A8AA-F648BBE781C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AABC817F-4F58-4267-A763-343574CC9176}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A5F94F97-940A-49CC-A035-78E29DD6984E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D52D2159-FB6C-4DC8-B894-403689C13FF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{02F5B6C0-A7A0-4662-878A-368D981DD1C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0B7DE847-456F-4DCE-A387-7D78E9605979}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{250E6D45-826B-4FBA-9D62-50BCEA768DD8}] => (Allow) LPort=5055
FirewallRules: [TCP Query User{9F4B54AB-67E9-43F5-BCD4-5BB44F8A7360}C:\users\arman\appdata\local\apps\2.0\jz9rqqnb.a5e\0omnk84b.jx7\ubiq..tion_1bba1ea0ead3dadc_0002.0002_8dbdb908978bacbe\ubiquitous2.exe] => (Allow) C:\users\arman\appdata\local\apps\2.0\jz9rqqnb.a5e\0omnk84b.jx7\ubiq..tion_1bba1ea0ead3dadc_0002.0002_8dbdb908978bacbe\ubiquitous2.exe
FirewallRules: [UDP Query User{5B487B79-F736-45B7-AE65-978427DC0022}C:\users\arman\appdata\local\apps\2.0\jz9rqqnb.a5e\0omnk84b.jx7\ubiq..tion_1bba1ea0ead3dadc_0002.0002_8dbdb908978bacbe\ubiquitous2.exe] => (Allow) C:\users\arman\appdata\local\apps\2.0\jz9rqqnb.a5e\0omnk84b.jx7\ubiq..tion_1bba1ea0ead3dadc_0002.0002_8dbdb908978bacbe\ubiquitous2.exe
FirewallRules: [{A3985B4F-795F-4059-9D45-A1E85FD4ABD6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E0668187-83C5-45C3-8882-EBAF7E76F2FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8B6F3D1D-0148-4417-8922-0EC2F6ECBDE7}] => (Allow) D:\Steam\steamapps\common\Way of the Samurai 4\WayOfTheSamurai4.exe
FirewallRules: [{88A213E4-B913-4171-B997-1D01341F97C7}] => (Allow) D:\Steam\steamapps\common\Way of the Samurai 4\WayOfTheSamurai4.exe
FirewallRules: [{07E3A54E-F5CE-49D8-850C-F214356E550B}] => (Allow) D:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{94BDEB3B-9B53-498E-A18C-12D6400C4A9F}] => (Allow) D:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A331612A-77E2-45A6-AA36-44D8F2A9A0EF}] => (Allow) D:\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{BC30A988-24CB-414C-88F0-63B6DAC0F7CA}] => (Allow) D:\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{6120D2CB-1AF4-4562-8FC6-CC59DE20893E}] => (Allow) D:\Steam\steamapps\common\Soul Gambler\nw.exe
FirewallRules: [{F640F684-0F80-453F-86D0-134AFC7C2C86}] => (Allow) D:\Steam\steamapps\common\Soul Gambler\nw.exe
FirewallRules: [{74B1919C-47AA-47BD-8292-DC6E440B6E71}] => (Allow) D:\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{946F8CBD-3454-42AC-9110-EE0FF81A85A8}] => (Allow) D:\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{C47DCFB3-45AF-4C68-9E30-86CBEA0471BF}] => (Allow) D:\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{8D9AF461-8CAD-4067-9721-D355CE740222}] => (Allow) D:\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [TCP Query User{CD59B150-54D3-4848-A173-FC22B95BAEF5}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{2E27B625-8212-4945-B396-559B698776FD}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [{C2A0B612-510C-4B58-91EA-1A38AAF1B683}] => (Allow) C:\Users\Arman\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B5DB9056-1A9A-404D-9E8F-DD6288792F76}] => (Allow) C:\Users\Arman\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3733DEC8-6C89-4F38-A889-55ED8E55274D}] => (Allow) C:\Users\Arman\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F17E570D-1536-4023-9C7C-C27642A668D9}] => (Allow) C:\Users\Arman\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{511F21CA-1662-4F18-AE91-9E897A709313}] => (Allow) C:\Users\Arman\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B03266AC-3EEF-4352-BEE5-335710F60BB8}] => (Allow) C:\Users\Arman\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{9568A3F8-6DDF-434D-95A5-AAEBCFDCD432}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F60E009F-B8E5-466C-9BA1-B7881F8A7582}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [{EC7ED61C-F9F6-43D3-A346-BA2DD846D61C}] => (Allow) D:\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{0D9647C7-CEC4-4E4B-B860-95B964FD6FDD}] => (Allow) D:\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [TCP Query User{70761835-34BA-4BE7-9CBC-5C605C63588D}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{931E7CF8-B64D-4154-BBEA-BEC215E19510}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{8AE5E290-FAA4-432C-B46B-882C1C740E91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
03-07-2017 13:35:11 Windows Update
10-07-2017 14:25:56 Scheduled Checkpoint
21-07-2017 10:59:48 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2017 01:22:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/23/2017 02:27:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/22/2017 02:02:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/21/2017 12:26:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/20/2017 09:36:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/18/2017 12:07:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/17/2017 12:55:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/16/2017 09:24:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Sling.exe, version: 0.0.0.0, time stamp: 0x5797a099
Faulting module name: libcef.dll, version: 1.1180.832.0, time stamp: 0x5216aa86
Exception code: 0xc0000005
Fault offset: 0x0050e675
Faulting process id: 0x16a8
Faulting application start time: 0x01d2fea3d523ad53
Faulting application path: C:\ProgramData\Sling\Sling.exe
Faulting module path: C:\ProgramData\Sling\libcef.dll
Report Id: 16590146-6a97-11e7-835d-10c37bac6b8b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/16/2017 12:18:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/15/2017 01:24:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/25/2017 12:41:35 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (07/25/2017 12:36:45 PM) (Source: DCOM) (EventID: 10010) (User: ALADIN)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
 
Error: (07/25/2017 12:26:34 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume43
 
Error: (07/25/2017 12:06:22 PM) (Source: DCOM) (EventID: 10010) (User: ALADIN)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (07/21/2017 07:29:17 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned and fixed offline.
 
Error: (07/21/2017 07:29:17 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume43
 
Error: (07/20/2017 04:05:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer FAFA-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4BBC6E82-5BA6-4D35-943D-7D6FB20C5355}.
The master browser is stopping or an election is being forced.
 
Error: (07/20/2017 11:12:05 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer FAFA-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4BBC6E82-5BA6-4D35-943D-7D6FB20C5355}.
The master browser is stopping or an election is being forced.
 
Error: (07/19/2017 12:22:24 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 24.32.171.2.
The computer with the IP address 24.32.169.124 did not allow the name to be claimed by
this computer.
 
Error: (07/14/2017 12:57:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Asus WebStorage Windows Service service.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-17 23:28:49.164
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 23:28:48.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 23:28:48.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 23:28:48.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 23:28:47.871
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 23:28:47.542
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 23:28:47.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 23:28:46.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 14:12:21.656
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-17 14:12:21.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 7321.13 MB
Available physical RAM: 3422.77 MB
Total Virtual: 15513.13 MB
Available Virtual: 11510.09 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:40.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:272.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: B118416D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by hamluis, 25 July 2017 - 02:10 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:09 AM

Posted 26 July 2017 - 07:15 AM

arman12:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I would ask that you please copy and paste the contents of all requested log files directly into your replies, as you have done with your request for assistance.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:09 AM

Posted 26 July 2017 - 09:12 AM

arman12:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I see that you have AVG Web TuneUp installed on your computer. I would recommend that you remove it. Please see this link for more information about that program.

I also see AVG PC TuneUp installed. Please see this post by quietman7, one of Bleeping Computer's foremost computer security analysts. This is another program that I would recommend that you uninstall.

Your browsers are also being redirected to the AVG MySearch page as well as to Yahoo. In addition, the FRST logs show that AVG Secure Search is installed. And, last but not least, AVG SafePrice is installed as a Google extension.

It is YOUR computer, so you can choose to keep those programs/extensions/add-ons, if you want. They are certainly not speeding up your computer. The experience of users, who I have assisted, is that their computer speeds up when such programs are uninstalled. Please let me know what you decide to do.

.

:step2: In going over your logs I noticed that you have BitTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step3: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
File: C:\Windows\system32\normidna.nls
File: C:\Windows\system32\convert.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

I am seeing other issues as well. You have a lot of programs installed and the free space on Drive C: is minimal for optimal Windows functioning, particularly for intense gaming. The logs also show possible corruption issues, which we will deal with later on.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 arman12

arman12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2017 - 01:54 PM

Hello! Yes, you may my name is Arman nice to meet you. Alright, sounds good I will wait until you have read everything. Thank you so much for your help, looking forward to working with you. I wil do the following steps then edit my response and post my logs. Thanks a lot, that was a fast reply!


Edited by arman12, 26 July 2017 - 01:57 PM.


#5 arman12

arman12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2017 - 08:56 PM

I ran the fix, and it gave me this log. I also uninstall all the AVG crap after what you linked me, thank you very much for that information I did not know that! Do you have any free or paid anti virus's you recommend? Since I do not have one right now. Here is the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017
Ran by Arman (26-07-2017 20:46:59) Run:2
Running from C:\Users\Arman\Downloads
Loaded Profiles: Arman (Available Profiles: Arman)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
File: C:\Windows\system32\normidna.nls
File: C:\Windows\system32\convert.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully

========================= File: C:\Windows\system32\normidna.nls ========================

File is digitally signed
MD5: 597C96281C55868CDBB06E22ADAEDCA9
Creation and modification date: 2017-07-11 12:32 - 2017-04-30 11:48
Size: 0080078
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\Windows\system32\convert.exe ========================

File is digitally signed
MD5: 99FA01A1058746932E428CCB7A9FFEE9
Creation and modification date: 2017-07-11 12:31 - 2017-06-06 15:36
Size: 0020992
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: convert
Original Name: CONVERT.EXE
Product: Microsoft® Windows® Operating System
Description: File System Conversion Utility
File Version: 6.3.9600.18724 (winblue_ltsb.170606-0600)
Product Version: 6.3.9600.18724
Copyright: © Microsoft Corporation. All rights reserved.

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key not found.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.


The system needed a reboot.

==== End of Fixlog 20:47:46 ====



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:09 AM

Posted 27 July 2017 - 06:17 AM

Arman:
 
Thank you for your two posts and for the fixlog.txt results.  They look good.  Thank you also for permission to address you by your first name.
 
I think you made a very good choice to remove the AVG products.  You can check out this link by quietman7 as to how to choose an anti-virus application, and also review this link about "layered" security.  Personally, I use Bitdefender 2018 Total Security along with Malwarebytes AntiMalware Premium, but you have choose what will best suit your requirements and budget.
 
The next thing that I would like to do is to run some standard anti-malware scans for me.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: I know that you have an older version of Malewarebytes installed. If it is a Premium version, you should save you licence information to file, or write it down, and then deactivate the product so that it reverts to the "Free" version. If you have the Free version, no need to worry about licence keys. Please download the MB-Clean tool from here to uninstall the old version of Malwarebytes.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:09 AM

Posted 30 July 2017 - 05:29 AM

Arman:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:09 AM

Posted 01 August 2017 - 06:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the Bleeping Computer Malware Removal Study Hall





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users