Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SmartDevice Trojan


  • This topic is locked This topic is locked
15 replies to this topic

#1 geodecent

geodecent

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 21 November 2017 - 06:33 PM

Hello, whenever i open a anti virus program i get "the requested resource is in use". I look online and i found this website and a guide on how to remove it. Unfortunately, i could not install any of the programs mentioned because im guessing the trojan knows about those programs as well. I hope there is a solution to this otherwise i have to bring it in to geek squad for a system restore.

 

First Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Ran by edwin (administrator) on EDWIN-PC (21-11-2017 15:20:17)
Running from C:\Users\edwin\Downloads
Loaded Profiles: edwin (Available Profiles: edwin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\tprdpw64.exe
() C:\Users\edwin\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
() C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\edwin\AppData\Local\ejmlz\ckrogk\ct.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-05] (AVAST Software)
HKLM-x32\...\Run: [cpx] => "C:\Users\edwin\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] () <==== ATTENTION
HKLM\...\RunOnce: [1121_1529931671] => C:\Users\edwin\AppData\Local\LMIR0001.tmp_r.bat [357 2017-11-21] ()
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{4F7135C1-1BDC-4D0E-A7B2-89DCE834710A}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> {37F7A980-CD73-4466-9CD8-C92F205E2C7E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-05] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)

FireFox:
========
FF DefaultProfile: ncp2saks.default-1378432710288
FF ProfilePath: C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288 [2017-11-21]
FF Homepage: Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288 -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288 -> hxxps://search.yahoo.com/yhs/search
FF Extension: (Avast SafePrice) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\sp@avast.com.xpi [2017-11-03]
FF Extension: (Avast Online Security) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\wrc@avast.com.xpi [2017-10-07]
FF Extension: (YouTube Flash Video Player) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-11-21]
FF Extension: (Adblock Edge) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-30] [Lagacy]
FF SearchPlugin: C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\searchplugins\yahoo-avast.xml [2016-06-18]
FF SearchPlugin: C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\searchplugins\yahoo-ysp.xml [2015-11-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-21] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2519258019-2461966117-1150050435-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\edwin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2519258019-2461966117-1150050435-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-26] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-2519258019-2461966117-1150050435-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-09-29] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=282369&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default [2017-11-21]
CHR Extension: (NikeShoeBot2) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmgjbnbjhhaakhanebecgfhokicjlef [2013-12-02]
CHR Extension: (Cite This For Me: Web Citer) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnmhgkokpalnmbeighfomegjfkklkle [2016-09-11]
CHR Extension: (SneakerBot) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmelnnjmoinpdmdlooccaanklomnbkd [2014-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-21]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"drmkpro64" => service could not be unlocked. <==== ATTENTION

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-05] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-05] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-24] ()
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-29] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S4 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
R2 Dataup; C:\Users\edwin\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
S4 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-14] (Intel Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
S4 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2236880 2016-11-10] (Micro-Star INT'L CO., LTD.)
S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2016-08-01] (MSI)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
S4 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-03-31] (NVIDIA Corporation)
S4 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [7908664 2012-07-12] (Trend Micro Inc.)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-17] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-20] ()
S4 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2015-02-09] (Micro-Star INT'L CO., LTD.)
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\edwin\AppData\Local\ejmlz\ckrogk\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-05] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [82936 2016-11-24] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [167592 2017-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-05] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-07-30] (Creative Technology Ltd)
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (Windows ® Win 7 DDK provider)
S3 ipadtst2; C:\Program Files (x86)\MSI\Super Charger\ipadtst2_64.sys [16336 2016-07-29] (MSI)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [14136 2009-10-05] (MSI)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7752v260\NTIOLib_X64.sys [11888 2011-01-06] (MSI) [File not signed]
S3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-08] (MSI)
S3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-05-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-08-16] (Razer USA Ltd) [File not signed]
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [21504 2012-08-16] (Razer USA Ltd) [File not signed]
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [110592 2012-08-16] (Razer USA Ltd) [File not signed]
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [22528 2012-08-16] (Razer USA Ltd) [File not signed]
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 15:20 - 2017-11-21 15:23 - 000021246 _____ C:\Users\edwin\Downloads\FRST.txt
2017-11-21 15:19 - 2017-11-21 15:20 - 000000000 ____D C:\FRST
2017-11-21 15:19 - 2017-11-21 15:19 - 002391552 _____ (Farbar) C:\Users\edwin\Downloads\FRST64.exe
2017-11-21 15:11 - 2017-11-21 15:11 - 000000357 _____ C:\Users\edwin\AppData\Local\LMIR0001.tmp_r.bat
2017-11-21 14:24 - 2017-11-21 14:24 - 014178840 _____ (Malwarebytes Corp.) C:\Users\edwin\Downloads\mbar-1.10.3.1001 (1).exe
2017-11-21 13:51 - 2017-11-21 13:57 - 000000000 ____D C:\Users\edwin\AppData\LocalLow\uTorrent
2017-11-21 12:20 - 2017-11-21 12:20 - 000000000 ____D C:\Windows\SysWOW64\Adobe
2017-11-21 12:18 - 2017-11-21 12:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-21 12:18 - 2017-11-21 12:18 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-11-21 12:18 - 2017-11-21 12:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-21 11:41 - 2017-11-21 12:25 - 000000000 ____D C:\ProgramData\Geek Squad
2017-11-21 10:12 - 2017-11-21 15:11 - 000000000 ____D C:\Users\edwin\AppData\Local\LogMeIn Rescue Applet
2017-11-21 10:12 - 2017-11-21 10:14 - 000000000 ____D C:\ProgramData\WRData
2017-11-21 10:11 - 2017-11-21 10:11 - 001851432 _____ (LogMeIn, Inc.) C:\Users\edwin\Downloads\Support-LogMeInRescue.exe
2017-11-21 09:59 - 2017-11-21 09:59 - 016563352 _____ (Malwarebytes Corp.) C:\Users\edwin\Downloads\mbar-1.09.3.1001.exe
2017-11-21 09:54 - 2017-11-21 09:54 - 008261584 _____ (Malwarebytes) C:\Users\edwin\Downloads\AdwCleaner(1).exe
2017-11-21 09:52 - 2017-11-21 09:52 - 005766464 _____ (Zemana Ltd. ) C:\Users\edwin\Downloads\zemana.exe
2017-11-21 09:52 - 2017-11-21 09:52 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\edwin\Downloads\rkill.exe
2017-11-21 09:50 - 2017-11-21 09:50 - 014178840 _____ (Malwarebytes Corp.) C:\Users\edwin\Downloads\mbar-1.10.3.1001.exe
2017-11-21 09:41 - 2017-11-21 09:41 - 062397600 _____ (Electronic Arts) C:\Users\edwin\Downloads\OriginThinSetup(2).exe
2017-11-21 09:33 - 2017-11-21 09:33 - 062397600 _____ (Electronic Arts) C:\Users\edwin\Downloads\OriginThinSetup(1).exe
2017-11-21 09:33 - 2017-11-21 09:33 - 000000000 ____D C:\Users\edwin\AppData\Local\Origin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 15:11 - 2016-11-24 22:16 - 000000000 ____D C:\Users\edwin\AppData\LocalLow\Mozilla
2017-11-21 15:10 - 2016-03-21 00:39 - 000000000 ____D C:\Users\edwin\AppData\Local\CrashDumps
2017-11-21 15:06 - 2014-07-09 10:49 - 000000000 ____D C:\Users\edwin\AppData\Local\Adobe
2017-11-21 14:48 - 2009-07-13 20:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-21 14:48 - 2009-07-13 20:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-21 14:39 - 2016-06-18 21:10 - 000000278 _____ C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2017-11-21 14:39 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-21 14:37 - 2012-10-09 21:41 - 000000000 ____D C:\Users\edwin\AppData\Roaming\uTorrent
2017-11-21 14:37 - 2012-10-07 23:48 - 000000000 ____D C:\Windows\pss
2017-11-21 14:15 - 2012-09-03 12:09 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-21 13:56 - 2012-09-03 12:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-21 12:26 - 2012-09-04 23:06 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-21 12:20 - 2017-05-14 12:37 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-21 12:20 - 2012-09-03 12:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-21 12:18 - 2012-09-03 12:58 - 000000000 ____D C:\ProgramData\Adobe
2017-11-21 10:08 - 2012-09-06 17:28 - 000404012 _____ C:\Windows\system32\prfh0404.dat
2017-11-21 10:08 - 2012-09-06 17:28 - 000116080 _____ C:\Windows\system32\prfc0404.dat
2017-11-21 10:08 - 2012-09-06 17:19 - 000386940 _____ C:\Windows\system32\prfh0804.dat
2017-11-21 10:08 - 2012-09-06 17:19 - 000120582 _____ C:\Windows\system32\prfc0804.dat
2017-11-21 10:08 - 2012-09-06 16:19 - 000666710 _____ C:\Windows\system32\perfh01D.dat
2017-11-21 10:08 - 2012-09-06 16:19 - 000143464 _____ C:\Windows\system32\perfc01D.dat
2017-11-21 10:08 - 2012-09-06 16:11 - 000431414 _____ C:\Windows\system32\perfh012.dat
2017-11-21 10:08 - 2012-09-06 16:11 - 000121374 _____ C:\Windows\system32\perfc012.dat
2017-11-21 10:08 - 2012-09-06 16:04 - 000671830 _____ C:\Windows\system32\perfh005.dat
2017-11-21 10:08 - 2012-09-06 16:04 - 000142416 _____ C:\Windows\system32\perfc005.dat
2017-11-21 10:08 - 2012-09-06 15:49 - 000746488 _____ C:\Windows\system32\perfh013.dat
2017-11-21 10:08 - 2012-09-06 15:49 - 000154092 _____ C:\Windows\system32\perfc013.dat
2017-11-21 10:08 - 2012-09-06 15:40 - 000484492 _____ C:\Windows\system32\perfh00B.dat
2017-11-21 10:08 - 2012-09-06 15:40 - 000102510 _____ C:\Windows\system32\perfc00B.dat
2017-11-21 10:08 - 2012-09-06 15:35 - 000686744 _____ C:\Windows\system32\perfh00E.dat
2017-11-21 10:08 - 2012-09-06 15:35 - 000172264 _____ C:\Windows\system32\perfc00E.dat
2017-11-21 10:08 - 2012-09-06 15:26 - 000748446 _____ C:\Windows\system32\perfh00A.dat
2017-11-21 10:08 - 2012-09-06 15:26 - 000159464 _____ C:\Windows\system32\perfc00A.dat
2017-11-21 10:08 - 2012-09-06 15:22 - 000395334 _____ C:\Windows\system32\perfh00D.dat
2017-11-21 10:08 - 2012-09-06 15:22 - 000085748 _____ C:\Windows\system32\perfc00D.dat
2017-11-21 10:08 - 2012-09-06 15:13 - 000743036 _____ C:\Windows\system32\perfh010.dat
2017-11-21 10:08 - 2012-09-06 15:13 - 000147836 _____ C:\Windows\system32\perfc010.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000748706 _____ C:\Windows\system32\perfh00C.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000482004 _____ C:\Windows\system32\perfh001.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000150570 _____ C:\Windows\system32\perfc00C.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000095762 _____ C:\Windows\system32\perfc001.dat
2017-11-21 10:08 - 2012-09-06 14:58 - 000700198 _____ C:\Windows\system32\perfh007.dat
2017-11-21 10:08 - 2012-09-06 14:58 - 000150106 _____ C:\Windows\system32\perfc007.dat
2017-11-21 10:08 - 2009-07-13 21:13 - 010822424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-21 10:08 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-11-21 09:58 - 2017-07-02 16:36 - 000332820 _____ C:\Windows\ntbtlog.txt
2017-11-21 09:48 - 2012-09-03 12:12 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-21 09:48 - 2012-09-03 12:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-21 09:48 - 2012-09-03 12:12 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-21 09:48 - 2012-09-03 12:12 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-21 09:33 - 2012-09-03 12:08 - 000000000 ____D C:\ProgramData\Origin
2017-11-21 09:31 - 2012-09-03 12:08 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-11-21 09:29 - 2013-04-11 16:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-21 09:29 - 2012-09-03 12:15 - 000000000 ____D C:\Users\edwin\AppData\Roaming\Mozilla
2017-11-21 09:29 - 2012-09-03 12:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-21 09:29 - 2012-09-03 12:08 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-11-21 09:28 - 2013-05-01 22:05 - 000000000 ____D C:\Users\edwin\AppData\Local\Spotify
2017-11-21 09:28 - 2009-07-13 21:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-21 09:25 - 2013-05-01 22:05 - 000000000 ____D C:\Users\edwin\AppData\Roaming\Spotify
2017-11-21 09:24 - 2012-09-02 23:46 - 000000000 ____D C:\Fraps

==================== Files in the root of some directories =======

2014-12-23 18:58 - 2014-05-15 18:28 - 000000226 _____ () C:\Users\edwin\update-dynasty8.bat
2013-05-21 09:16 - 2013-08-14 19:32 - 000003723 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-06-23 22:22 - 2013-12-16 23:40 - 000000600 _____ () C:\Users\edwin\AppData\Roaming\winscp.rnd
2012-09-26 22:11 - 2012-09-26 22:12 - 000009345 _____ () C:\Users\edwin\AppData\Local\CleanupUninstall.txt
2017-11-21 15:11 - 2017-11-21 15:11 - 000000357 _____ () C:\Users\edwin\AppData\Local\LMIR0001.tmp_r.bat
2017-05-17 10:32 - 2017-05-17 10:32 - 000125952 _____ () C:\Users\edwin\AppData\Local\report
2012-09-04 22:06 - 2013-10-07 21:23 - 000007601 _____ () C:\Users\edwin\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2017-07-29 19:26

==================== End of FRST.txt ============================

 

Additional log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by edwin (21-11-2017 15:24:12)
Running from C:\Users\edwin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2012-09-03 19:29:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2519258019-2461966117-1150050435-500 - Administrator - Disabled)
edwin (S-1-5-21-2519258019-2461966117-1150050435-1000 - Administrator - Enabled) => C:\Users\edwin
Guest (S-1-5-21-2519258019-2461966117-1150050435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2519258019-2461966117-1150050435-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20093 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{175D1C2E-CEF4-4909-901D-52AF3CD8ECD2}) (Version: 12.3.1.201 - Adobe Systems, Inc)
AIO Bot version 1.0.196.0 (HKLM-x32\...\{4A58CA26-B24E-42CE-923B-2D9700AC011C}_is1) (Version: 1.0.196.0 - ANB)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
AudioGenie (HKLM-x32\...\AudioGenie_is1) (Version:  - msi, Inc.)
Axife Mouse Recorder DEMO 5.01 (HKLM-x32\...\Axife Mouse Recorder DEMO_is1) (Version:  - Axife Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\BioShock) (Version: 1.1 - 2K Games)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
CPU-Control (HKLM-x32\...\CPU-Control_is1) (Version:  - Koma-Code)
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EasyViewer (HKLM-x32\...\{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI) Hidden
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
Fallout 4 v.1.1.30 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Happy Cloud Client (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
iExplorer 3.7.8.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2656 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.7 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Metal Gear Solid V Phantom Pain, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Metal Gear Solid V Phantom Pain_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Metro: Last Light © Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth - Shadow of Mordor (HKLM-x32\...\Middle Earth - Shadow of Mordor_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.024 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.11 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.07 - MSI)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.8 - MSI)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.1 - Black Tree Gaming)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.13580 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.69 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Play withSIX (HKLM-x32\...\{E42D4F41-392F-4993-A584-23A70118E7F3}) (Version: 1.00.0088 - SIX Networks)
Play withSIX Windows client (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\PlaywithSIX) (Version: 1.67.1229.1 - SIX Networks GmbH)
PrivitizeVPN (HKLM-x32\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
Registry Repair 4.1.0.388 (HKLM-x32\...\Registry Repair) (Version: 4.1.0.388 - Glarysoft Ltd)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
Scratches Director's Cut (HKLM-x32\...\Scratches Director's Cut_is1) (Version:  - GOG.com)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{CA0A90CB-F659-4E0B-B2A2-C8CF4B752AEC}) (Version: 1.01.26 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
ss helper 1.74 (HKLM-x32\...\SP_eea72b4f) (Version:  - ) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamingGenie (HKLM-x32\...\{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1) (Version: 1.0.1.3 - MSI)
TeamSpeak 3 Client (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\teraenmasse) (Version:  - )
TexView 2 Uninstall (HKLM-x32\...\TexView 2) (Version:  - )
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.02 - Creative Technology Limited)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Trend Micro SafeSync (HKLM\...\HFRS_is1) (Version: 5.1.0.1173 - Trend Micro)
Unity Web Player (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0.1 - Ubisoft)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.8.1.2 - Azureus Software, Inc.)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.122 - MSI)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-11] (Igor Pavlov)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-05] (AVAST Software)
ContextMenuHandlers1-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2013-04-19] (Piriform Ltd)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1-x32: [HrfsShellExtension] -> {FAC7AB1E-0E67-43FC-A7E7-1A4FF52DE01F} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-05] (AVAST Software)
ContextMenuHandlers3: [GB3ContextMenu] -> {3A488FE8-9916-4F36-BDFF-3DED559142E5} => C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll [2011-11-29] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-11] (Igor Pavlov)
ContextMenuHandlers4-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4-x32: [HrfsShellExtension] -> {FAC7AB1E-0E67-43FC-A7E7-1A4FF52DE01F} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-05] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2013-04-19] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033A0F0F-918C-40E6-8C6E-313B87934548} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor)
Task: {06D518EC-AB15-4E11-9899-7CF42EA44BD7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-17] (NVIDIA Corporation)
Task: {0E22255B-2DC9-4BCC-8E10-01E2427835BD} - System32\Tasks\{6E2FA656-A3BC-4F24-B712-B83151955239} => C:\Users\edwin\Desktop\New folder (3)\ProjectZomboid32.exe [2013-11-12] ()
Task: {0ED47054-F1F8-4857-84CB-1EB15D27C784} - System32\Tasks\avastBCLRestartS-1-5-21-2519258019-2461966117-1150050435-1000 => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {1769B740-62ED-4D97-B728-771F49C098FD} - System32\Tasks\{70B0832C-B580-44F4-8DCB-5735BCBDD78D} => C:\Windows\system32\pcalua.exe -a C:\Users\edwin\Desktop\pbsetup.exe -d C:\Users\edwin\Desktop
Task: {1CDAE116-7B36-4D55-8FD1-A385A6B490F5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {2E640DAF-50B0-442A-B367-12541BE4F08C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-21] (Adobe Systems Incorporated)
Task: {49DA4E1F-04A6-40DC-B317-33875F4C8793} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-15] ()
Task: {4AAEA6A1-55F1-4013-84B9-538F10A5AAA9} - System32\Tasks\{A481B2F7-B3A2-4BD7-B47C-7C3C10B13E5F} => C:\Windows\system32\pcalua.exe -a C:\Users\edwin\Desktop\pb\pbsetup.exe -d C:\Users\edwin\Desktop\pb
Task: {4F7080C4-C23B-42AC-94BF-F955EAF62AE4} - System32\Tasks\{1258CC9A-1087-4FA3-9D3E-13D10920B770} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/55230
Task: {5F50F288-6481-4BDB-856D-B678BFC11749} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {602C7AD0-9BE2-48A8-AF5C-1CEBCA9E8B7E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-05] (AVAST Software)
Task: {72E425AD-EBC5-4CE8-8971-5893D44740E0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-17] (NVIDIA Corporation)
Task: {73AAFCE5-47B7-4A85-87C0-342A9F13C264} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi\Steam" [Argument = overbtc123.] <==== ATTENTION
Task: {772E1DEA-A4B1-459B-B421-C094EAC66467} - System32\Tasks\{28FE7292-9AD8-44A7-B600-AF3013494748} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\redist\vcredist_x86.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\redist"
Task: {800A0EF7-F568-41D7-B8A5-061C7AFABB87} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {845525C1-C0CE-45F9-8F09-6E5277D8F5E9} - System32\Tasks\{17061570-0C9D-46FB-A449-07D7F1D1A67B} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Setup (2).exe" -d C:\Users\edwin\Desktop
Task: {8A4E2038-C9FA-4382-B5DE-08474E20E11D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {9406F434-2CF5-4A9D-8FA6-61B87D4D5587} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {99F9D672-DA71-40F6-9B44-1FCA81FDCAE3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-17] (NVIDIA Corporation)
Task: {A03F319D-9669-43CF-995E-70D4499B04C3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-17] (NVIDIA Corporation)
Task: {A18C71F1-5A6D-454C-B977-E9341C3EE269} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-17] (NVIDIA Corporation)
Task: {A732F07A-99D0-4DD6-8B22-B6DD8F281F35} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-17] (NVIDIA Corporation)
Task: {A9FA9550-4F1D-42B6-8C3F-D8C2C46FB719} - \{EC531902-0988-4176-AB15-4DB96F3B1FB6} -> No File <==== ATTENTION
Task: {C483FFC8-359E-4934-BC9D-40AD3F072277} - System32\Tasks\{A7237B2F-4632-48ED-AA17-F931C0178FF5} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Games\Setup (2).exe" -d C:\Users\edwin\Desktop\Games
Task: {CEBAFCDA-9E36-4A1A-B615-AEBD76E80C14} - System32\Tasks\{AFD2CEE6-CFE3-4F41-9AC0-D5093A984A33} => C:\Users\edwin\Desktop\New folder (3)\ProjectZomboid32.exe [2013-11-12] ()
Task: {CFEC8054-65A4-4745-851A-0EE4446D5124} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {D0C1FF2D-A5CB-456C-88EE-E717058FE37C} - System32\Tasks\SafeZone scheduled Autoupdate 1473034149 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {E124A765-3A4D-4A50-9287-892B4BFFFC6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EAE6A80B-3661-4419-B4C5-65CB7D578CED} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-17] (NVIDIA Corporation)
Task: {EC46692D-08D9-4444-9C26-E316E6041A85} - System32\Tasks\{5FC2870E-88C5-4D15-A290-FEE9D405C43D} => C:\Windows\system32\pcalua.exe -a E:\OriginInstaller.exe -d E:\
Task: {F214BDB8-82E6-4BF3-86F1-60E318C3B614} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2014-08-20] (PcWinTech.com)
Task: {F2BB0B21-9428-4FDC-A7CB-0E2975C7503F} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {F99093B8-C30D-4250-86B5-39C673605896} - System32\Tasks\{9CC983C6-32B6-4C04-A231-BBA1F29BA883} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Games\Setup (2).exe" -d C:\Users\edwin\Desktop\Games
Task: {FEC2DBB7-0287-4354-A3DA-B251AB5D0A54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FFF04BD4-2994-4F55-A735-05DD3CB778E4} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-03 16:11 - 2017-05-03 16:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
2017-01-05 16:36 - 2017-01-05 16:36 - 000077824 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-04-21 14:37 - 2017-04-21 14:37 - 000884224 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-04-21 15:28 - 2017-04-21 15:28 - 001080832 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-05-30 20:52 - 2017-05-30 20:52 - 000689664 ____N () C:\Users\edwin\AppData\Local\ejmlz\ckrogk\ct.exe
2017-05-04 10:13 - 2017-05-04 10:13 - 000235520 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2016-06-18 21:10 - 2014-04-21 14:09 - 000150528 _____ () C:\Program Files (x86)\MSI\NetworkGenie\gep.dll
2017-01-14 18:40 - 2017-01-14 18:40 - 053460992 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\edwin\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-07-02 16:58 - 000000971 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\edwin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: CtHdaSvc => 2
MSCONFIG\Services: Dataup =>
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSI_FastBoot => 2
MSCONFIG\Services: MSI_LiveUpdate_Service => 2
MSCONFIG\Services: MSI_SuperCharger => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: OnlineStorageService => 3
MSCONFIG\Services: OpenVPNAccessClient => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SuperRAIDSvc => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WajamUpdater => 2
MSCONFIG\Services: windowsmanagementservice =>
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^edwin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ControlCenterCount => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
MSCONFIG\startupreg: Fast Boot => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: NortonOnlineBackup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: Sound Blaster Recon3D PCIe Control Panel => "C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\edwin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Super Charger => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A3F108FE-A598-43CE-B209-6C2D8029BCD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3BF955FF-0676-477F-89CE-630BA9744BA3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EF5DB9C9-E2C8-42F0-A7AC-651892CAD923}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [{182F3351-C127-4B75-9278-AE1456614E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [TCP Query User{16D66DE8-7FEF-4DDA-86CC-B342C64CA76A}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [UDP Query User{F65E367C-875A-4AD2-BA32-36DF912B22AB}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [{7206F7D7-EDCB-4E9F-BE79-85210970B430}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{BF3AC48F-191F-4564-BE2D-85A361F5F636}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{ED4402F9-70ED-4F1D-82B0-EAD62E66677A}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{D849F65A-7C0A-45BC-85F8-172349E9FF52}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{69264F4C-A216-4987-8A2E-EC4700478BF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\game_launcher.exe
FirewallRules: [{901EB210-DE4A-4374-A6FE-2288716B388A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\game_launcher.exe
FirewallRules: [{12036478-D2D7-42A0-9411-B3B3E1ABD7AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird.exe
FirewallRules: [{89A7ACA5-56B2-4B62-8A8D-8BCB5DBD3FFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird.exe
FirewallRules: [{D9E6EE9F-C5E0-4BF6-973F-00A3D01EF426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{5595D49B-0913-4E97-A113-BCA0FD091FF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{EB64CDA6-354C-45E7-A0E3-F46715B11A22}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{21BA857F-AE55-401B-BEC2-B1FBE9F25DF2}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{987BC7A8-3D4B-4501-9344-431F8B186B55}] => (Allow) C:\Program Files (x86)\WB Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [TCP Query User{2776102F-C4E2-4389-9D94-4615E81616AE}C:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Block) C:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
FirewallRules: [{0931AB62-910C-458D-BF1B-9CA7586B1E0D}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{40194AEE-3C20-455C-B8DB-4AB8E6684B9C}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{8F543849-4BB1-4F05-8370-B18237FDCDCC}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{1154CA3A-0512-4418-B30C-87BA7340DAD5}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [TCP Query User{9F27E046-8138-4BF4-9A01-5DDEB420C12E}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{853B1AF6-8D72-45AF-BB2D-D7D063C14891}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{27EFA6BC-E2D8-45CC-9B63-B3D1C46D8639}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{48EBBDED-7109-4F45-9CC4-B5A8F0F6AD01}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [TCP Query User{45B95BD9-3DFE-4997-BFF9-0CBA9D140442}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [UDP Query User{5109048B-6491-498A-B582-30EDFD844ED8}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [{15E65AC0-13F2-4336-A251-7F661A234019}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
FirewallRules: [{0E3CDE64-7D45-41EB-88D0-23029CBF52B8}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
FirewallRules: [{FF199244-4B80-43BE-9AB1-090BAFF0965D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
FirewallRules: [{BA68B6ED-3CB5-481E-899E-7D324A2A9C40}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
FirewallRules: [{770290D8-F338-42AF-AFD0-0726A4C07220}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
FirewallRules: [{BD4A3289-0B18-4F3A-B7D7-C7D6E863B3BB}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
FirewallRules: [{F88E694B-174F-4377-98BE-F62795C84937}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B506FF02-1269-4002-A9FE-A1E547090267}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{2118337A-2D3C-4E72-A0FD-42073759AC05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{5FE5FCC2-B46A-4B9B-A378-6F7801260675}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{4DC458FB-DAAB-4F50-86E1-CA801C7EE502}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A9B5FCE0-D02E-4C21-BF99-30B96D00C775}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{8DE501FA-B6EF-4C56-8B77-A2BDADF92D08}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{518F12E1-3CB1-49CD-9050-E4240908E518}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{40EB950E-F202-441D-BC00-57101CB083C0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D3424250-8E3C-4883-9E14-BF810504E159}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8C01F6B0-3AE3-4D65-B08D-F68A3D476BDF}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{64C11D91-37D9-4459-A880-4F27048DBF49}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{424F508C-25C9-45A8-9744-5977AA3B4788}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{FB84573E-18A7-4AAC-97B8-BB9743153DB6}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{E32B5BE9-C894-40B3-991B-37318A13299E}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{1078BC69-B218-4DF0-A725-5272F60C1B9F}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{859BC727-9AF4-487F-ABA7-EED34F8298DC}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{B7FA307D-48F3-4A10-B50C-CEFDC8EC368F}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{AC24100A-7FB0-4A87-A2A4-8A84E0E7A1C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{848875D7-7C5B-4A5D-9605-2DD8C80DDB6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{AB2A1285-295F-4B75-9D13-A23559448553}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{978298E1-3EF3-449B-B648-FE0AD9A05BFD}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E35DCB36-DF0A-4503-B10E-22FF3F90AC22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{5D18AA50-73C8-4154-8E87-D3B35C97AEC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{CC228901-3E27-434E-807E-A80754AD5452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B1C52CC7-FA01-4448-BB99-21A0F61C3BDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{42E1B928-7A11-4B97-9A9C-3D58233752F0}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{88ACCDF9-DA8A-4D04-8DBC-F7FA02497D55}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{379DAA7F-0CB2-468D-B78A-50F2F56300E3}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{8FE87AA3-ABE7-496B-9355-EABBCAA67E5E}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{A6D858AD-B395-42CC-9D1C-5E6B160A6DDC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D29BF9D5-904D-4218-98B8-78050382123D}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [UDP Query User{FD469613-6C96-40D1-817D-D615BBC11C12}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [{832F7453-8AC6-48FB-BB3F-67FF93B9CD45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{E1C0FB80-A331-45A7-B6E7-E979B2F6E38C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{6293464D-D04D-4E00-90DC-075F6131FACB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{632FE4FD-8464-4530-84C3-881F83AAE11A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BFA71FF3-2B10-457F-AAAA-3AB1E8C4F4A1}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3 MP Open Beta\bin32\Crysis 3 MP Open Beta.exe
FirewallRules: [{D56DAE5B-5F66-4A13-87D6-B0DD772C196C}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3 MP Open Beta\bin32\Crysis 3 MP Open Beta.exe
FirewallRules: [{03F2BB9C-C02F-451E-B39F-2DD98C65EF6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{67D51227-28FA-47DA-9458-E5AAEEFB40C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{612F950A-E254-4FF0-92B9-49353848C1C1}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{B52F7C52-F42D-4266-B6DD-C41789829133}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{5CB2026D-87FD-49CF-9F61-E2986EB753DD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{5E9D08E1-D81C-46C9-A237-7D9D6F8082F1}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DC673619-00F8-4883-AB33-CB1D1B7D8116}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{6320051F-9974-4AD5-8128-0A4807067C1F}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{652D1B3D-54AA-4032-9C00-BB95CDBE4C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2E85A229-9561-4999-848B-BAA44F1FD406}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{3B865986-E4B1-4BBC-BF26-2ED08DAFE73F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D41BE06-3C6C-4C26-A82D-B3A6F5234E2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A4FC97EB-AE0D-46CF-9DA7-F7BCCCC46342}C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe
FirewallRules: [UDP Query User{D067E93A-4434-491E-8F8D-275B8F18D733}C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe
FirewallRules: [{FB6E2F9C-4C18-4CD1-A964-0D0EF07A810B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{52F196BD-D073-477C-8037-F6A7D7A6201B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{2672A3DE-8FA5-4770-97B1-AA405A490C7A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{5A19C369-14DF-43BA-92FF-71A72E19262D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{D42F87F4-4F06-4D6E-B46C-3EB53302CCBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{E2A46252-FFD4-4996-BBA6-67B03C4C4ADC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{8B5B0252-067A-47F3-A87B-D029CE6445AF}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{761760F2-1607-4283-BABB-D0D122FF8446}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [TCP Query User{29391FD0-3E0A-4D73-BAD5-D69308E75E6F}C:\users\edwin\downloads\tinyumbrella-6.12.00.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.12.00.exe
FirewallRules: [UDP Query User{4D686A0F-79A2-403D-ABBA-652E0E7F320D}C:\users\edwin\downloads\tinyumbrella-6.12.00.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.12.00.exe
FirewallRules: [TCP Query User{2A3A166C-F7C2-4793-BC40-761A8DFE84C5}C:\program files (x86)\resident evil 6\bh6.exe] => (Block) C:\program files (x86)\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{959DACBC-F61E-49D2-B379-9D0A88718BD7}C:\program files (x86)\resident evil 6\bh6.exe] => (Block) C:\program files (x86)\resident evil 6\bh6.exe
FirewallRules: [{FFF08D5B-5C70-4B53-B817-DA679DCC0A5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{1ACCFDD8-0276-4F5D-ACC5-4CA3E6B7970B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{81E63C1F-3132-4784-AB9D-3539AC3BA97D}] => (Allow) C:\Users\edwin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0B92AAA3-621E-4042-8182-D9321F18359B}] => (Allow) C:\Users\edwin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{8C287260-14C0-4AAE-B651-30F2C970FF26}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{D3A3690D-C420-418A-8229-462858258957}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{65D46046-6FA8-4F5F-B789-F4A1483160EB}C:\program files (x86)\metro last light\metrollbenchmark.exe] => (Allow) C:\program files (x86)\metro last light\metrollbenchmark.exe
FirewallRules: [UDP Query User{5CCC7F2C-D472-4CC4-9379-BAF2C3979346}C:\program files (x86)\metro last light\metrollbenchmark.exe] => (Allow) C:\program files (x86)\metro last light\metrollbenchmark.exe
FirewallRules: [TCP Query User{307122A2-A44C-4629-BC5C-6B41A7FCBEDA}C:\games\metro last light\metrollbenchmark.exe] => (Allow) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [UDP Query User{CD793B79-BAF9-4C8B-9CF8-B89024627FCF}C:\games\metro last light\metrollbenchmark.exe] => (Allow) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [{E32D520B-6888-4AA2-85F0-7F9CBF4A348F}] => (Block) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [{498C6E52-CBF6-450C-91FE-FA640E417BCF}] => (Block) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [TCP Query User{BC4EC9DA-FB7E-4FE1-A11F-E006FEDAFE82}C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe] => (Allow) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [UDP Query User{16A4B2AB-0D58-4286-8446-2A0A8C1176B4}C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe] => (Allow) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [{36DF3E72-3765-4E11-AB10-DF5D122CBA4E}] => (Block) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [{58EBE545-F4DB-4C20-B187-494806C29892}] => (Block) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [{BA616B65-06B9-4164-A8E0-63C7B995AE9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{E13872DC-3589-4176-9887-3B42C3DC79EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AA300546-0220-4407-9479-CE45C88F0A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F8C98AA2-59B2-4904-8CF2-3B1B6FF3CCE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EF0C25E8-E913-4109-B789-A8CC8F46456E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8155B488-7F0B-40C0-ACDB-E5DAA4016528}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{682161C0-F084-4694-9EE0-AE1256926FA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{280EFA13-86C0-4E71-B6D9-4BE239984D8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B29A9E95-EC20-4769-BADB-56A93AEEB00E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [TCP Query User{6D1AA51E-6BAB-4077-B846-F01156CA43A6}C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe
FirewallRules: [UDP Query User{26D15621-2C63-4915-99ED-8FA06619BC24}C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe
FirewallRules: [TCP Query User{B7A53D71-630B-41F9-BBB7-D17DC2753EC4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{E1CF8EB6-1248-4447-AF0F-0FE91E94EF92}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{DF5385F7-3F14-4401-9806-6C0CB0BD38D6}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4B568616-ED88-4102-8F0A-9485665B4E89}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{45E45AE9-79CF-42FA-96A6-23E744D85B63}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{B547FE0E-EB39-4A0A-BA3F-CAEF040DED67}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [{302DC297-AAB3-4B68-B51A-A6325455DCFB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{82E45DD7-75B7-49E1-980A-B3DA9979841B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{765F0DAB-47D5-4664-85AF-DEAB76FAFA09}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{FB8F68BB-9811-4C07-B1B8-032FBAAB8308}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{07772657-F032-48B9-98E5-B5528851243B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base 2007\hl2.exe
FirewallRules: [{F065A759-C118-4E0E-BE9C-19332FC7567D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base 2007\hl2.exe
FirewallRules: [{78D8C443-FFB9-4E85-BE7F-650E2843AD3F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [{1A09AF68-AAAA-4513-9635-3C89DB648048}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [TCP Query User{C76F2A80-383F-4F8B-AB32-232AC2C45646}C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe] => (Block) C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{BB344DA3-20AF-4774-9A8A-83947378A3ED}C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe] => (Block) C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe
FirewallRules: [{39BF4464-3119-474B-8BE9-0BCC5F1363B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2F37AFAF-4AC9-487E-B3F6-0DA9111FC3CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{36F4A5E6-23D8-48C3-A642-CF01FBAED82B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{751DCE3A-7658-47FE-A092-2BB15FA40C91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{7EDE3034-BC45-4F9A-9951-275370B63FC9}C:\nether\nether\binaries\win64\nether.exe] => (Allow) C:\nether\nether\binaries\win64\nether.exe
FirewallRules: [UDP Query User{0454D210-BC35-4580-A9FD-2CA8F14AC655}C:\nether\nether\binaries\win64\nether.exe] => (Allow) C:\nether\nether\binaries\win64\nether.exe
FirewallRules: [{E1C84968-09E5-47F3-9B9A-9F8DEE3143E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8FE3EB02-7352-4C19-B239-4E596C3C47E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{37F1C9DB-81BF-4F80-AB75-CB5F57C5CD88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3CEFCA0-4D3D-430C-A389-83BD3527765A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{961D0DED-9A3B-4FFD-911C-40BE5CB04C8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{75DEA39A-BFAA-4993-AA9B-5C3AE8106941}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{F8E6DD0B-DB31-4E8B-B361-C820A49F487F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{440BB19A-C056-4229-8936-EB3FC7F1C0E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{45D95AC3-A7C2-4A9D-9362-1B7994C42F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6C32B511-4E1F-4D29-BBD1-63C786CFED7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D9AACF0-0910-4465-8127-E85C1BFA2440}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{E48AC255-E503-45F0-AA02-6D8F09FF409D}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{10290271-76F0-4133-A406-263652486288}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{E5599A00-D341-49A3-A84B-4BAA2B4E8FF2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{84AD9F66-4B24-4420-A010-F5F18A25422C}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{EF931F9D-9939-40A5-ADAC-F64B425C1F82}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B20CC8F8-F8CE-4623-8765-CD839822522B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7BEDE6E1-105B-430F-AB98-66C51C3D7687}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A1BA6F4B-74FC-4A18-BCF6-EC65B5F5FEBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{C2EBC56A-1666-415B-91E0-D52BACA80DFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{FF747814-6D92-41ED-9418-9768C77DAB1F}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F49C6B15-6C40-4637-92F4-C7D0832E6342}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6983B909-0614-411D-9C1A-9E9921550159}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{A21CBAA1-0807-4899-9A3B-5B597DAB8CF2}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{5CF8FEC9-CD7A-4300-ACFB-781112C88956}C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe] => (Allow) C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe
FirewallRules: [UDP Query User{856E7B01-3703-49B2-9BBD-A4DB0AE3902B}C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe] => (Allow) C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe
FirewallRules: [TCP Query User{904FE71C-7F56-4C22-BC44-18FBCBE37E44}C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe] => (Allow) C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe
FirewallRules: [UDP Query User{B8E6F8E5-91F4-4A7A-A3C8-DCAD2AF70FA1}C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe] => (Allow) C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe
FirewallRules: [TCP Query User{BA63B089-601A-4983-871B-F7893A5CDC9A}C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe] => (Allow) C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe
FirewallRules: [UDP Query User{B9A6EB82-995D-4EFB-9B89-F2B1E9546CCD}C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe] => (Allow) C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe
FirewallRules: [{FA1BF88E-7D01-4048-8A78-E2824ABC9B7F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F2BE65D9-6697-4922-9D02-728E60300B86}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DD2D06CF-F53F-4A61-BC1C-82080BA683F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FC598F01-2B72-4C7B-BFB3-6CD4DF3F36F7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10373BBE-2116-4829-87CF-8F34401AF7D8}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{907E28F1-3E37-4F0F-A13B-54AD0A3CB241}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [TCP Query User{77F6BBE5-0CCE-4398-8626-8FBB4A00D0FB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2099B44E-4648-4BF6-BBA5-49C3068EBAF7}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{8F91B086-971C-4B64-A651-BCA80AF67196}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{28CB0066-6CFE-477A-9CBD-AEC58484E87A}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [TCP Query User{D9F7F8A3-0C5B-4D69-B922-1AB65C3FC5A1}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{65BF9A68-807E-4AB4-A1BF-8244B629C72F}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [{0A87D1FB-CE99-440F-89B9-83B1830932DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB0F577E-AAAA-4FBC-A8A3-4B31103154A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5DE90A3D-0AA0-4732-91FB-C5E9457C949B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{D686B735-3A6B-4ADE-A187-15F9A316430C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [TCP Query User{6678F13A-821F-47F6-AB0A-420D04FB564D}C:\games\dying light\dyinglightgame.exe] => (Block) C:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{FC1B8544-2104-44D9-99FA-6C8EC7BCBB64}C:\games\dying light\dyinglightgame.exe] => (Block) C:\games\dying light\dyinglightgame.exe
FirewallRules: [{B0401968-F869-4A47-9144-A4E363E2378F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0D72E44D-DBB0-4414-94D8-61C0BCACF05E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70BFB4AE-F7B9-45A6-99E6-53A0EE8CECE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{08BC1C7E-888F-43CC-A6CB-B2DAA22F901E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2B3AD7B7-BEAC-431F-B855-EFD74FC8C062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{B6006AD1-CD3B-41F4-B16E-B277DFE4D055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [TCP Query User{D40EB706-FEEF-4135-8580-70B3A1BD42CE}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5C2D9593-36A3-43E9-8CB6-41E3F89F42BA}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [{380A4879-E229-42A9-B23E-7A99BFBFAFE4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C232936C-1540-4F7A-A1A5-CE986084D45E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D27F2396-DB5E-498C-8B48-CA8583CDD85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{8FD572E8-AAED-48E3-AC35-FC29EF88CBD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{92EF5D31-8ADD-446C-9BE7-67B0670E314E}C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe] => (Allow) C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe
FirewallRules: [UDP Query User{61894110-B77D-4545-B097-36D2F4702446}C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe] => (Allow) C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe
FirewallRules: [{564D66FF-0FD3-4121-BAB7-FCE1573F0FA9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E387D5D1-37C9-4873-BDA8-BDEF9DA8570D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{12152FCE-5743-497C-9127-FB2BA236151A}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4F72C589-ABEE-48AD-BE0D-BDE9068D40D5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{424FF46C-9F38-4CBE-86BE-E3EFBA6EC256}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63371809-F617-416A-B5B1-2EC268A8D7BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B974754-15DE-428D-A04C-14E4C9939B65}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC83876F-CD85-487E-AA7D-A4A5492431AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95C30089-940F-493B-A228-8F74EFC16FE8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{D97193CB-405F-49E4-ABC5-5DB7789CDA80}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{74359CCA-9F51-49B3-98A0-8A17D3239C30}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{6C59C22C-0813-45DC-9370-B301FA88DE58}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A33ED22E-7583-4059-B55B-B6CF1092EEA5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{CE1F2C60-175D-45C0-8EA4-F6AAD77DE575}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{6D9970A8-F89C-4681-A32B-DF7A04465F40}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{73CE751B-0F20-4263-90BB-757E393F161E}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{93FFA6E0-FA39-4ACB-91DA-E2D2AB7C9A78}] => (Allow) LPort=443
FirewallRules: [{ACB4CAE7-534B-48FA-8BE1-34CB304E2330}] => (Allow) LPort=8080
FirewallRules: [{5438FBDE-23A4-4468-AA05-491C7C01B7B2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{68FD7CEE-FCB4-48EE-B6AE-27082B587193}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{0BBB370B-15C3-4B6B-A7A4-DC20150AF7D5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{342A4C0F-CFAF-4888-882A-7C9FCF2A9769}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{122939B2-0DB0-463D-B1D5-4F1F02C76643}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\Squad.exe
FirewallRules: [{8FB0F365-22AF-45CB-AF71-4A48B414E649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\Squad.exe
FirewallRules: [TCP Query User{09274AC8-02C0-4EEE-B816-9E8CC3C6AFBC}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{0E2C50E1-0F38-46FC-A3A3-A798E19BDEEB}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{1AF1D724-4535-4F2A-8F06-85B016304EA1}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{55F85E2D-8763-4DAE-88ED-0F289284293A}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{DFA00983-C44E-4A16-8778-A2B432844E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [{FAFD98AB-412F-4BBD-83B5-6A0873236AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [{A0E557F8-A034-4CE2-98E8-23CFC2970174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{F66907AD-F3C2-43D7-9978-F7CCA5E72201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{74C97963-3155-4A71-8289-B2ADC7C68E76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{FA62F028-A016-43BA-9098-5B62045E67D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{C7C63E08-208F-4AFA-B0AA-11DE0E7FF086}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{1CF7D9E5-6732-4220-BB64-F45469AC2F1F}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{3DF61A53-C655-44C1-8FAA-BB1DA55B1335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{BDDE1C86-535D-4B9E-B8BF-C7C873A82A3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{D0F003D1-F9C4-4D8D-ABCF-5FBBD69D41F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{F9AB8C60-E6E4-40F2-B71D-F56DC74D9783}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{D787F7DB-70A9-4FDE-B764-21BC9EECD1C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crayon Physics Deluxe\launcher.exe
FirewallRules: [{CF187BC6-8A1E-4032-A2DC-A789D21426D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crayon Physics Deluxe\launcher.exe
FirewallRules: [{FA258D9E-72DB-4341-8F8B-87EC2D6734D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{122AD2DD-BA56-4A9F-B9E0-D433123C5252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [TCP Query User{2597F8ED-AC88-4A60-92C7-D91CBC53F1CB}C:\program files (x86)\the stanley parable\thestanleyparable.exe] => (Block) C:\program files (x86)\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{9B253214-C544-4A1F-A643-BC2951588601}C:\program files (x86)\the stanley parable\thestanleyparable.exe] => (Block) C:\program files (x86)\the stanley parable\thestanleyparable.exe
FirewallRules: [{29A9C6A3-868E-4E0D-A156-625E9D8773CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{2457DAAB-D8C7-4B0D-B286-F8E21C8517F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{C1E656E0-2BBF-406E-9D9B-111B9E23F590}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{878CD0CC-FCE6-480A-8A34-A1D2E5525BD3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{382ACBD7-9E9A-4F24-A413-E34E35325361}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{A4E07C8F-D782-4C58-8A87-A49D645361CA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{AA61885B-DC95-4452-840E-4FFF75D80C3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{47D1D35F-F18E-4FF1-AA2C-E1FEEEE86ED0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{72BB6395-95BF-4F5A-A1ED-415D2549CBB5}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{D444C3C1-3F0D-47A4-A4EF-3FBB7CAE13CC}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{18980B12-A167-4254-AD09-6CBA13F86CFB}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{E5203A29-9BFA-4F9B-9DE0-49C17AD4327C}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{740B1009-0A95-4EE6-A498-574C2419365F}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{C834F38E-4485-498B-80CE-D73DC2281186}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{FE30A258-8B3A-4E27-B411-08B21BB2088D}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{0076A97B-BCEC-4E48-9668-89FFF7B2C389}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [TCP Query User{D5D956F0-E211-474B-BE09-D84BEA856A4A}C:\users\edwin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\edwin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{036D0192-BC2E-4F62-8F79-EA178DC122F8}C:\users\edwin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\edwin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B8E97CB2-47C9-42D2-A44C-5B891B9F7855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{4B1FE93D-A5D6-44C3-8564-CE0C37B9EEAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [TCP Query User{7EF37391-833B-408D-B9C7-89CEA394E7BA}F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe] => (Allow) F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe
FirewallRules: [UDP Query User{C3F7C2C8-5475-4C0E-9320-0BB1011CDCC3}F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe] => (Allow) F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe
FirewallRules: [{3440FC5A-3033-4C53-9402-7726478E3943}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F576CADC-386D-4445-8C46-6434C5DBD14D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{75033E9D-1844-4031-9661-DE124A8302A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3C35376A-AC98-4CD1-A09E-744F69FD0146}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9ECFB03C-31DC-41E7-8EA8-EAC6F5126536}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC884569-314B-453A-B154-9BE5F3FC5D20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6C36C7D-5728-4CE8-BCE3-7A8555AFD0DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C432EB66-4F44-4924-ADF4-1487F21C96AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B5B6508-9544-4689-A3D6-99BD37675EDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88864C58-0115-44FE-9C2D-D632E2D3F792}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FCCB4885-7006-49B6-992D-FF5A898DF550}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{26C5D74F-C037-42C4-A5A2-D0D244198DA6}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{8DC73915-B1E2-46AD-B8F1-326BD677FA7B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{680E5C3D-980B-4311-8A3F-A8267866E9D4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{E8079BD2-9F3F-404D-8454-FF8BB206E8F7}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{F0D0BECF-F480-44D3-9EC7-A2E28B993616}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{9DEDF1DB-3DAA-4ED6-9B5D-39B2BB77D49F}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{37531DEE-811E-4AA2-9941-439D7F7C222A}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{C0BDC7C2-1478-4481-BBC9-5DA5AA01A785}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{9223BBAE-B000-4204-9470-BB0369E20634}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{08E74C72-85FA-4F04-8AD4-C0943B2A45C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{07C95469-D813-43C5-BBD4-CCFC82D44CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{127AD9FB-96DD-4D51-897B-BEA07040F0C2}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [TCP Query User{44811C93-EDBF-420C-93A9-EDC25D630F94}C:\users\edwin\desktop\neir\nierautomata.exe] => (Allow) C:\users\edwin\desktop\neir\nierautomata.exe
FirewallRules: [UDP Query User{AA5F98F5-7A81-423D-A802-11C915482BB1}C:\users\edwin\desktop\neir\nierautomata.exe] => (Allow) C:\users\edwin\desktop\neir\nierautomata.exe
FirewallRules: [{58561A9B-4348-4FAD-9064-E439DBCA9C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Desert Online\Black Desert Online Steam Launcher.exe
FirewallRules: [{8BEAE8E1-5156-43BE-9A1F-830F8F9C8F15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Desert Online\Black Desert Online Steam Launcher.exe

==================== Restore Points =========================

09-12-2016 19:43:59 Scheduled Checkpoint
17-12-2016 22:55:11 Scheduled Checkpoint
31-12-2016 09:38:26 Scheduled Checkpoint
12-01-2017 21:00:57 Scheduled Checkpoint
11-02-2017 10:54:10 Scheduled Checkpoint
25-02-2017 19:31:55 Scheduled Checkpoint
12-03-2017 18:54:06 Scheduled Checkpoint
19-03-2017 16:12:06 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
19-03-2017 16:12:56 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
06-04-2017 20:11:36 Scheduled Checkpoint
06-04-2017 22:17:16 Installed DirectX
06-04-2017 22:20:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
06-04-2017 22:22:42 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
06-04-2017 22:25:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
06-04-2017 22:27:53 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
07-04-2017 12:09:19 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
07-04-2017 12:49:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
07-04-2017 12:51:53 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
07-04-2017 12:54:28 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
07-04-2017 12:57:17 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
23-04-2017 20:48:58 Scheduled Checkpoint
14-05-2017 18:45:59 Scheduled Checkpoint
21-05-2017 22:36:24 Scheduled Checkpoint
28-05-2017 21:43:54 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
28-05-2017 21:44:43 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
28-05-2017 21:47:09 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
28-05-2017 21:49:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
05-06-2017 11:25:05 Scheduled Checkpoint
22-06-2017 23:47:27 Scheduled Checkpoint
30-06-2017 16:26:18 Scheduled Checkpoint
01-07-2017 21:10:35 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
01-07-2017 21:16:09 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
01-07-2017 21:19:54 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
20-07-2017 21:03:26 Scheduled Checkpoint
23-07-2017 16:52:25 Removed Steam
23-07-2017 16:54:49 Removed Steam
16-08-2017 09:20:37 Scheduled Checkpoint
29-09-2017 11:36:35 Installed Microsoft Visual C++ 2005 Redistributable (x64)
29-09-2017 11:45:11 Installed League of Legends
29-09-2017 11:46:30 Installed DirectX
21-11-2017 11:37:28 Geek Squad Restore Point
21-11-2017 14:08:53 Windows Update
21-11-2017 15:02:10 Geek Squad Restore Point

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2017 03:09:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMI_Rescue.exe, version: 7.9.411.1899, time stamp: 0x584983fd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x730d4f11
Faulting process id: 0xbb8
Faulting application start time: 0x01d36319b5ebcdcd
Faulting application path: C:\Users\edwin\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe
Faulting module path: unknown
Report Id: 17d6d8ec-cf11-11e7-8e88-8c89a5e17f47

Error: (11/21/2017 02:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam, version: 0.0.0.0, time stamp: 0x54900bd6
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002dfe4
Faulting process id: 0xa88
Faulting application start time: 0x01d3631c59868c1b
Faulting application path: C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi\Steam
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: a7bbd095-cf0f-11e7-8e88-8c89a5e17f47

Error: (11/21/2017 02:40:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/21/2017 02:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam, version: 0.0.0.0, time stamp: 0x54900bd6
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002dfe4
Faulting process id: 0x107c
Faulting application start time: 0x01d3631650f8cd0c
Faulting application path: C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi\Steam
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 4807f24f-cf0a-11e7-8de9-8c89a5e17f47

Error: (11/21/2017 01:56:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/21/2017 01:50:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/21/2017 01:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/21/2017 11:27:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname edwin-PC.local already in use; will try edwin-PC-2.local instead

Error: (11/21/2017 11:27:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 edwin-PC.local. Addr 192.168.1.113

Error: (11/21/2017 11:27:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.121:5353    4 Edwin-PC.local. Addr 192.168.1.121


System errors:
=============
Error: (11/21/2017 02:38:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
The requested resource is in use.

Error: (11/21/2017 02:37:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (11/21/2017 02:22:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OnlineStorageService service failed to start due to the following error:
The requested resource is in use.

Error: (11/21/2017 02:22:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "170" attempting to start the service OnlineStorageService with arguments "" in order to run the server:
{0D7F0A0F-4093-4397-A63E-1343A1646136}

Error: (11/21/2017 02:01:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/21/2017 01:59:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/21/2017 01:59:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The requested resource is in use.

Error: (11/21/2017 01:56:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Online Backup service failed to start due to the following error:
The requested resource is in use.

Error: (11/21/2017 01:55:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
The requested resource is in use.

Error: (11/21/2017 01:53:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OnlineStorageService service failed to start due to the following error:
The requested resource is in use.


CodeIntegrity:
===================================
  Date: 2016-10-07 13:59:07.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:52:40.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:52:14.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:24:54.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:24:39.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:19:33.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 02:11:53.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 02:11:43.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 01:46:04.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 01:43:05.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 16331.18 MB
Available physical RAM: 12326.31 MB
Total Virtual: 32660.54 MB
Available Virtual: 27725.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:180.83 GB) NTFS
Drive f: (SSD) (Fixed) (Total:223.57 GB) (Free:170.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 66F677CD)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 678D9684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 21 November 2017 - 10:07 PM

Hi geodecent :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 geodecent

geodecent
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 November 2017 - 03:11 AM

Hello, Aura!

 

Thank you so much for replying back, I used the link you gave me and went through the whole process and it fixed my issue!

 

Thank you so much!



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 22 November 2017 - 09:12 AM

Glad to see that MBAR did the trick! But we're not quite done yet, so I would appreciate if you were to stick with me until I declare you clean alright? :)

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 geodecent

geodecent
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 November 2017 - 12:46 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/22/2017
Scan Time: 9:05 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.11.22.06
Rootkit Database: v2017.10.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: edwin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333138
Time Elapsed: 39 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.GameHack, C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat, , [c9c5b84d03a7b3839384170360a1b64a],
PUP.Optional.OpenCandy, C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe, , [f29c7293bdede551577fcc1349b835cb],

Physical Sectors: 0
(No malicious items detected)


(end)



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 22 November 2017 - 12:49 PM

Good. Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 geodecent

geodecent
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 November 2017 - 01:52 PM

Here is the rogue killer report

 

RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : edwin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/22/2017 09:53:14 (Duration : 00:54:57)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 35 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SP Global -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SProtector -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{12A61307-94CD-4F8E-94BC-918E511FAA81} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\AVG Secure Search -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\WebApp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\AVG Secure Search -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\WebApp -> Found
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main | Search Bar :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main | Search Bar :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5CF8FEC9-CD7A-4300-ACFB-781112C88956}C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{856E7B01-3703-49B2-9BBD-A4DB0AE3902B}C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{904FE71C-7F56-4C22-BC44-18FBCBE37E44}C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{B8E6F8E5-91F4-4A7A-A3C8-DCAD2AF70FA1}C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{BA63B089-601A-4983-871B-F7893A5CDC9A}C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{B9A6EB82-995D-4EFB-9B89-F2B1E9546CCD}C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5CF8FEC9-CD7A-4300-ACFB-781112C88956}C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{856E7B01-3703-49B2-9BBD-A4DB0AE3902B}C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.209\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{904FE71C-7F56-4C22-BC44-18FBCBE37E44}C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{B8E6F8E5-91F4-4A7A-A3C8-DCAD2AF70FA1}C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.173\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{BA63B089-601A-4983-871B-F7893A5CDC9A}C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{B9A6EB82-995D-4EFB-9B89-F2B1E9546CCD}C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edwin\appdata\local\temp\rar$exa0.725\broforce_beta-7_april_2014\broforce_beta.exe|Name=BROFORCE_Beta|Desc=BROFORCE_Beta|Defer=User| [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Steam_x64-S-2-106-91 -- "C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi\Steam" (overbtc123.) -> Found

¤¤¤ Files : 27 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\AVG SafeGuard toolbar -> Found
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\edwin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.Gen1][Folder] C:\Users\edwin\AppData\Local\AVG SafeGuard toolbar -> Found
[PUP.Gen1][Folder] C:\Users\edwin\AppData\Local\WebPlayer -> Found
[PUP.Gen1][Folder] C:\Users\edwin\AppData\Local\YSearchUtil -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG SafeGuard toolbar -> Found
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\Grand Theft Auto V\?????5?????????????.exe -> Found
[PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\RelayDouble -> Found
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Program Files (x86)\s5 -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\ss helper -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 4 ¤¤¤
[PUM.SearchEngine][Firefox:Config] ncp2saks.default-1378432710288 : user_pref("browser.search.selectedEngine", "Yahoo! (Avast)"); -> Found
[PUM.SearchEngine][Firefox:Config] ncp2saks.default-1378432710288 : user_pref("browser.search.defaultenginename", "Yahoo! (Avast)"); -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com search] -> Found
[PUP.Gen1|PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=282369&p={searchTerms}] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: PNY CS1311 240GB SSD ATA Device +++++
--- User ---
[MBR] f8e71a7822c94adc54e1f78e54d9a399
[BSP] 73faf4bf87474fd912c4a57168b270ed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Hitachi HDS722020ALA330 ATA Device +++++
--- User ---
[MBR] 73fa2f52f060ea7556af596eda891c40
[BSP] bc14506143b9064f1f063c2174314ff4 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 



#8 geodecent

geodecent
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 November 2017 - 01:56 PM

here is the adware cleaner

 

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 22 18:56:00 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-21-2017.2
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Users\edwin\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.S5Mark, C:\Users\edwin\AppData\Local\llssoft
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Application Data\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Program Files (x86)\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics


***** [ Files ] *****

PUP.Optional.Legacy, C:\user.js
PUP.Optional.Legacy, C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\invalidprefs.js


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{45E45AE9-79CF-42FA-96A6-23E744D85B63}C:\program files (x86)\torntv.com\torntv downloader.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{B547FE0E-EB39-4A0A-BA3F-CAEF040DED67}C:\program files (x86)\torntv.com\torntv downloader.exe
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\Main | Backup.old.Start Page
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | WeatherBug.exe
PUP.Optional.WebCake, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.WebCake, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Trojan.Clicker, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.BProtect, [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing | bProtectShowTabsWelcome
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, SearchProvider found: Search - search
PUP.Optional.Legacy, SearchProvider found: Conduit - search.conduit.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [13559 B] - [2013/9/7 1:55:42]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 22 November 2017 - 04:04 PM

These are scan logs. Did you delete every threats RogueKiller and AdwCleaner found after scanning with them?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 geodecent

geodecent
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 November 2017 - 05:05 PM

yes i did.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 22 November 2017 - 06:47 PM

Good :) Now please run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 geodecent

geodecent
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 November 2017 - 06:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2017
Ran by edwin (administrator) on EDWIN-PC (22-11-2017 15:57:02)
Running from C:\Users\edwin\Downloads
Loaded Profiles: edwin (Available Profiles: edwin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Spotify Ltd) C:\Users\edwin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Spotify Ltd) C:\Users\edwin\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\edwin\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\edwin\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\edwin\AppData\Roaming\Spotify\Spotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\edwin\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-22] (AVAST Software)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\Run: [Spotify Web Helper] => C:\Users\edwin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-21] (Spotify Ltd)
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{4F7135C1-1BDC-4D0E-A7B2-89DCE834710A}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> {37F7A980-CD73-4466-9CD8-C92F205E2C7E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)

FireFox:
========
FF DefaultProfile: ncp2saks.default-1378432710288
FF ProfilePath: C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288 [2017-11-22]
FF Homepage: Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288 -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF Extension: (Avast SafePrice) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\sp@avast.com.xpi [2017-11-03]
FF Extension: (Avast Online Security) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\wrc@avast.com.xpi [2017-10-07]
FF Extension: (Adblock Plus) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-22]
FF Extension: (YouTube Flash Video Player) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-11-21]
FF Extension: (Adblock Edge) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-30] [Lagacy]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\features\{b85bd4fe-ca14-403a-a136-85a1d0f79481}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Lagacy]
FF SearchPlugin: C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\searchplugins\yahoo-avast.xml [2016-06-18]
FF SearchPlugin: C:\Users\edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ncp2saks.default-1378432710288\searchplugins\yahoo-ysp.xml [2015-11-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-21] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2519258019-2461966117-1150050435-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\edwin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2519258019-2461966117-1150050435-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-26] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-2519258019-2461966117-1150050435-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-22] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default [2017-11-22]
CHR Extension: (NikeShoeBot2) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmgjbnbjhhaakhanebecgfhokicjlef [2013-12-02]
CHR Extension: (Cite This For Me: Web Citer) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnmhgkokpalnmbeighfomegjfkklkle [2016-09-11]
CHR Extension: (SneakerBot) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmelnnjmoinpdmdlooccaanklomnbkd [2014-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-21]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-22] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-22] ()
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-29] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S4 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
S4 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
S4 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2236880 2016-11-10] (Micro-Star INT'L CO., LTD.)
S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2016-08-01] (MSI)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
S4 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-03-31] (NVIDIA Corporation)
S4 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [7908664 2012-07-12] (Trend Micro Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-22] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-22] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-17] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-20] ()
S4 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2015-02-09] (Micro-Star INT'L CO., LTD.)
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-22] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-22] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-22] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-22] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-22] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-22] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-07-30] (Creative Technology Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (Windows ® Win 7 DDK provider)
S3 ipadtst2; C:\Program Files (x86)\MSI\Super Charger\ipadtst2_64.sys [16336 2016-07-29] (MSI)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-22] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-22] (Malwarebytes)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [14136 2009-10-05] (MSI)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7752v260\NTIOLib_X64.sys [11888 2011-01-06] (MSI) [File not signed]
S3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-08] (MSI)
S3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-05-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-08-16] (Razer USA Ltd) [File not signed]
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [21504 2012-08-16] (Razer USA Ltd) [File not signed]
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [110592 2012-08-16] (Razer USA Ltd) [File not signed]
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [22528 2012-08-16] (Razer USA Ltd) [File not signed]
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-22 15:55 - 2017-11-22 15:56 - 002391552 _____ (Farbar) C:\Users\edwin\Downloads\FRST64(1).exe
2017-11-22 14:09 - 2017-11-22 14:09 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-22 11:57 - 2017-11-22 14:14 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-22 11:57 - 2017-11-22 14:13 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-22 11:57 - 2017-11-22 14:13 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-22 11:57 - 2017-11-22 11:57 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-22 11:57 - 2017-11-22 11:57 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-22 11:56 - 2017-11-22 11:56 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-22 11:56 - 2017-11-22 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-22 11:56 - 2017-11-22 11:56 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-22 11:56 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-22 11:55 - 2017-11-22 11:56 - 078346672 _____ (Malwarebytes ) C:\Users\edwin\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-22 11:13 - 2017-11-22 11:13 - 000000000 ____D C:\Users\edwin\AppData\Roaming\Yacht Club Games
2017-11-22 11:12 - 2017-11-22 11:12 - 000001687 _____ C:\Users\Public\Desktop\Shovel Knight.lnk
2017-11-22 11:12 - 2017-11-22 11:12 - 000000000 ____D C:\ProgramData\GOG.com
2017-11-22 10:55 - 2017-11-22 10:55 - 008261584 _____ (Malwarebytes) C:\Users\edwin\Downloads\AdwCleaner(2).exe
2017-11-22 10:28 - 2017-11-22 10:29 - 000000000 ____D C:\Users\edwin\Documents\LoversInADangerousSpacetime
2017-11-22 10:28 - 2017-11-22 10:28 - 000001926 _____ C:\Users\Public\Desktop\Lovers in a Dangerous Spacetime.lnk
2017-11-22 10:27 - 2017-11-22 11:07 - 000000000 ____D C:\GOG Games
2017-11-22 09:53 - 2017-11-22 09:53 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-22 09:52 - 2017-11-22 10:54 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-22 09:52 - 2017-11-22 09:52 - 000000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-22 09:52 - 2017-11-22 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-22 09:52 - 2017-11-22 09:52 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-22 09:51 - 2017-11-22 09:52 - 036141704 _____ (Adlice Software ) C:\Users\edwin\Downloads\setup.exe
2017-11-22 08:58 - 2017-11-22 08:57 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-22 08:57 - 2017-11-22 08:57 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-22 00:25 - 2017-11-22 14:15 - 000003138 _____ C:\Windows\System32\Tasks\FRAPS
2017-11-22 00:16 - 2017-11-22 13:55 - 000000000 ____D C:\Users\edwin\AppData\Roaming\Origin
2017-11-22 00:15 - 2017-11-22 00:15 - 000000997 _____ C:\Users\Public\Desktop\Origin.lnk
2017-11-22 00:15 - 2017-11-22 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-11-22 00:15 - 2017-11-22 00:15 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-22 00:13 - 2017-11-22 00:13 - 062397600 _____ (Electronic Arts) C:\Users\edwin\Downloads\OriginThinSetup(3).exe
2017-11-21 19:34 - 2017-11-22 08:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-21 19:34 - 2017-11-21 23:52 - 000000000 ____D C:\Users\edwin\Desktop\mbar
2017-11-21 19:34 - 2017-11-21 19:34 - 014161479 _____ C:\Users\edwin\Downloads\mbar-1.10.3.1001-nr.exe
2017-11-21 19:34 - 2017-11-21 19:34 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\32740651.sys
2017-11-21 15:24 - 2017-11-21 15:25 - 000101032 _____ C:\Users\edwin\Downloads\Addition.txt
2017-11-21 15:20 - 2017-11-22 15:57 - 000021976 _____ C:\Users\edwin\Downloads\FRST.txt
2017-11-21 15:19 - 2017-11-22 15:57 - 000000000 ____D C:\FRST
2017-11-21 15:19 - 2017-11-21 15:19 - 002391552 _____ (Farbar) C:\Users\edwin\Downloads\FRST64.exe
2017-11-21 14:24 - 2017-11-21 14:24 - 014178840 _____ (Malwarebytes Corp.) C:\Users\edwin\Downloads\mbar-1.10.3.1001 (1).exe
2017-11-21 13:51 - 2017-11-21 13:57 - 000000000 ____D C:\Users\edwin\AppData\LocalLow\uTorrent
2017-11-21 12:20 - 2017-11-21 12:20 - 000000000 ____D C:\Windows\SysWOW64\Adobe
2017-11-21 12:18 - 2017-11-21 12:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-21 12:18 - 2017-11-21 12:18 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-11-21 12:18 - 2017-11-21 12:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-21 11:41 - 2017-11-21 12:25 - 000000000 ____D C:\ProgramData\Geek Squad
2017-11-21 10:12 - 2017-11-21 15:11 - 000000000 ____D C:\Users\edwin\AppData\Local\LogMeIn Rescue Applet
2017-11-21 10:12 - 2017-11-21 10:14 - 000000000 ____D C:\ProgramData\WRData
2017-11-21 10:11 - 2017-11-21 10:11 - 001851432 _____ (LogMeIn, Inc.) C:\Users\edwin\Downloads\Support-LogMeInRescue.exe
2017-11-21 09:59 - 2017-11-21 09:59 - 016563352 _____ (Malwarebytes Corp.) C:\Users\edwin\Downloads\mbar-1.09.3.1001.exe
2017-11-21 09:54 - 2017-11-21 09:54 - 008261584 _____ (Malwarebytes) C:\Users\edwin\Downloads\AdwCleaner(1).exe
2017-11-21 09:52 - 2017-11-21 09:52 - 005766464 _____ (Zemana Ltd. ) C:\Users\edwin\Downloads\zemana.exe
2017-11-21 09:52 - 2017-11-21 09:52 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\edwin\Downloads\rkill.exe
2017-11-21 09:50 - 2017-11-21 09:50 - 014178840 _____ (Malwarebytes Corp.) C:\Users\edwin\Downloads\mbar-1.10.3.1001.exe
2017-11-21 09:41 - 2017-11-21 09:41 - 062397600 _____ (Electronic Arts) C:\Users\edwin\Downloads\OriginThinSetup(2).exe
2017-11-21 09:33 - 2017-11-22 11:13 - 000000000 ____D C:\Users\edwin\AppData\Local\Origin
2017-11-21 09:33 - 2017-11-21 09:33 - 062397600 _____ (Electronic Arts) C:\Users\edwin\Downloads\OriginThinSetup(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-22 15:36 - 2013-05-01 22:05 - 000000000 ____D C:\Users\edwin\AppData\Roaming\Spotify
2017-11-22 14:20 - 2009-07-13 20:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-22 14:20 - 2009-07-13 20:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-22 14:15 - 2012-09-02 23:46 - 000000000 ____D C:\Fraps
2017-11-22 14:14 - 2016-11-24 22:16 - 000000000 ____D C:\Users\edwin\AppData\LocalLow\Mozilla
2017-11-22 14:08 - 2016-06-18 21:10 - 000000278 _____ C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2017-11-22 14:08 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-22 14:04 - 2013-09-06 17:55 - 000000000 ____D C:\AdwCleaner
2017-11-22 12:00 - 2017-04-06 22:30 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-11-22 11:56 - 2013-05-09 21:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-22 11:33 - 2012-09-03 12:08 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-11-22 11:13 - 2012-09-03 12:08 - 000000000 ____D C:\ProgramData\Origin
2017-11-22 11:08 - 2014-04-07 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-11-22 10:57 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\IME
2017-11-22 10:56 - 2013-05-01 22:05 - 000000000 ____D C:\Users\edwin\AppData\Local\Spotify
2017-11-22 10:54 - 2015-04-19 09:40 - 000000000 ____D C:\Program Files (x86)\Grand Theft Auto V
2017-11-22 10:28 - 2009-07-13 21:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-22 10:17 - 2012-09-03 12:09 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-22 09:47 - 2013-07-30 17:37 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2017-11-22 09:22 - 2017-03-19 16:21 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-11-22 09:22 - 2013-01-20 22:21 - 000000000 ____D C:\ProgramData\Skype
2017-11-22 09:11 - 2016-03-21 00:39 - 000000000 ____D C:\Users\edwin\AppData\Local\CrashDumps
2017-11-22 08:58 - 2017-03-11 21:50 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-22 08:58 - 2013-05-10 23:19 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-22 08:57 - 2014-10-02 23:46 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-22 08:57 - 2014-10-02 23:46 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-22 08:57 - 2013-05-10 23:19 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151136991389003
2017-11-22 08:57 - 2013-05-10 23:19 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-22 08:57 - 2013-05-10 23:19 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-22 08:57 - 2013-05-10 23:19 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-22 08:57 - 2013-05-10 23:19 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-22 08:57 - 2013-05-10 23:16 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-22 08:56 - 2013-05-10 23:19 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-22 08:55 - 2017-03-11 21:50 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-22 08:55 - 2017-03-11 21:50 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-22 08:55 - 2017-03-11 21:50 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-22 08:55 - 2017-03-11 21:50 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-22 00:21 - 2012-11-20 11:43 - 000000000 ____D C:\Users\edwin\AppData\Local\Ubisoft Game Launcher
2017-11-22 00:18 - 2015-09-01 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Phantom Pain
2017-11-22 00:18 - 2013-05-15 15:28 - 000000000 ____D C:\Program Files (x86)\Metro Last Light
2017-11-22 00:17 - 2013-12-06 20:13 - 000000000 ____D C:\Program Files (x86)\Assassins Creed IV Black Flag
2017-11-21 23:43 - 2017-07-02 16:35 - 000000000 ____D C:\Users\edwin\AppData\Local\vykikq
2017-11-21 23:43 - 2013-12-21 16:40 - 000000000 ____D C:\Users\edwin\Desktop\New folder (3)
2017-11-21 15:06 - 2014-07-09 10:49 - 000000000 ____D C:\Users\edwin\AppData\Local\Adobe
2017-11-21 14:37 - 2012-10-09 21:41 - 000000000 ____D C:\Users\edwin\AppData\Roaming\uTorrent
2017-11-21 14:37 - 2012-10-07 23:48 - 000000000 ____D C:\Windows\pss
2017-11-21 13:56 - 2012-09-03 12:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-21 12:26 - 2012-09-04 23:06 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-21 12:20 - 2017-05-14 12:37 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-21 12:20 - 2012-09-03 12:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-21 12:18 - 2012-09-03 12:58 - 000000000 ____D C:\ProgramData\Adobe
2017-11-21 10:08 - 2012-09-06 17:28 - 000404012 _____ C:\Windows\system32\prfh0404.dat
2017-11-21 10:08 - 2012-09-06 17:28 - 000116080 _____ C:\Windows\system32\prfc0404.dat
2017-11-21 10:08 - 2012-09-06 17:19 - 000386940 _____ C:\Windows\system32\prfh0804.dat
2017-11-21 10:08 - 2012-09-06 17:19 - 000120582 _____ C:\Windows\system32\prfc0804.dat
2017-11-21 10:08 - 2012-09-06 16:19 - 000666710 _____ C:\Windows\system32\perfh01D.dat
2017-11-21 10:08 - 2012-09-06 16:19 - 000143464 _____ C:\Windows\system32\perfc01D.dat
2017-11-21 10:08 - 2012-09-06 16:11 - 000431414 _____ C:\Windows\system32\perfh012.dat
2017-11-21 10:08 - 2012-09-06 16:11 - 000121374 _____ C:\Windows\system32\perfc012.dat
2017-11-21 10:08 - 2012-09-06 16:04 - 000671830 _____ C:\Windows\system32\perfh005.dat
2017-11-21 10:08 - 2012-09-06 16:04 - 000142416 _____ C:\Windows\system32\perfc005.dat
2017-11-21 10:08 - 2012-09-06 15:49 - 000746488 _____ C:\Windows\system32\perfh013.dat
2017-11-21 10:08 - 2012-09-06 15:49 - 000154092 _____ C:\Windows\system32\perfc013.dat
2017-11-21 10:08 - 2012-09-06 15:40 - 000484492 _____ C:\Windows\system32\perfh00B.dat
2017-11-21 10:08 - 2012-09-06 15:40 - 000102510 _____ C:\Windows\system32\perfc00B.dat
2017-11-21 10:08 - 2012-09-06 15:35 - 000686744 _____ C:\Windows\system32\perfh00E.dat
2017-11-21 10:08 - 2012-09-06 15:35 - 000172264 _____ C:\Windows\system32\perfc00E.dat
2017-11-21 10:08 - 2012-09-06 15:26 - 000748446 _____ C:\Windows\system32\perfh00A.dat
2017-11-21 10:08 - 2012-09-06 15:26 - 000159464 _____ C:\Windows\system32\perfc00A.dat
2017-11-21 10:08 - 2012-09-06 15:22 - 000395334 _____ C:\Windows\system32\perfh00D.dat
2017-11-21 10:08 - 2012-09-06 15:22 - 000085748 _____ C:\Windows\system32\perfc00D.dat
2017-11-21 10:08 - 2012-09-06 15:13 - 000743036 _____ C:\Windows\system32\perfh010.dat
2017-11-21 10:08 - 2012-09-06 15:13 - 000147836 _____ C:\Windows\system32\perfc010.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000748706 _____ C:\Windows\system32\perfh00C.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000482004 _____ C:\Windows\system32\perfh001.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000150570 _____ C:\Windows\system32\perfc00C.dat
2017-11-21 10:08 - 2012-09-06 15:09 - 000095762 _____ C:\Windows\system32\perfc001.dat
2017-11-21 10:08 - 2012-09-06 14:58 - 000700198 _____ C:\Windows\system32\perfh007.dat
2017-11-21 10:08 - 2012-09-06 14:58 - 000150106 _____ C:\Windows\system32\perfc007.dat
2017-11-21 10:08 - 2009-07-13 21:13 - 010822424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-21 10:08 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-11-21 09:58 - 2017-07-02 16:36 - 000332820 _____ C:\Windows\ntbtlog.txt
2017-11-21 09:48 - 2012-09-03 12:12 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-21 09:48 - 2012-09-03 12:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-21 09:48 - 2012-09-03 12:12 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-21 09:48 - 2012-09-03 12:12 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-21 09:31 - 2012-09-03 12:08 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-11-21 09:29 - 2013-04-11 16:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-21 09:29 - 2012-09-03 12:15 - 000000000 ____D C:\Users\edwin\AppData\Roaming\Mozilla
2017-11-21 09:29 - 2012-09-03 12:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-12-23 18:58 - 2014-05-15 18:28 - 000000226 _____ () C:\Users\edwin\update-dynasty8.bat
2013-05-21 09:16 - 2013-08-14 19:32 - 000003723 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-06-23 22:22 - 2013-12-16 23:40 - 000000600 _____ () C:\Users\edwin\AppData\Roaming\winscp.rnd
2012-09-26 22:11 - 2012-09-26 22:12 - 000009345 _____ () C:\Users\edwin\AppData\Local\CleanupUninstall.txt
2017-05-17 10:32 - 2017-05-17 10:32 - 000125952 _____ () C:\Users\edwin\AppData\Local\report
2012-09-04 22:06 - 2013-10-07 21:23 - 000007601 _____ () C:\Users\edwin\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-11-22 09:52 - 2013-08-28 18:16 - 001732032 _____ (Microsoft Corporation) C:\Users\edwin\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2017-07-29 19:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by edwin (22-11-2017 15:58:06)
Running from C:\Users\edwin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2012-09-03 19:29:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2519258019-2461966117-1150050435-500 - Administrator - Disabled)
edwin (S-1-5-21-2519258019-2461966117-1150050435-1000 - Administrator - Enabled) => C:\Users\edwin
Guest (S-1-5-21-2519258019-2461966117-1150050435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2519258019-2461966117-1150050435-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20093 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{175D1C2E-CEF4-4909-901D-52AF3CD8ECD2}) (Version: 12.3.1.201 - Adobe Systems, Inc)
AIO Bot version 1.0.196.0 (HKLM-x32\...\{4A58CA26-B24E-42CE-923B-2D9700AC011C}_is1) (Version: 1.0.196.0 - ANB)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AudioGenie (HKLM-x32\...\AudioGenie_is1) (Version:  - msi, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Axife Mouse Recorder DEMO 5.01 (HKLM-x32\...\Axife Mouse Recorder DEMO_is1) (Version:  - Axife Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock (HKLM-x32\...\BioShock) (Version: 1.1 - 2K Games)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
CPU-Control (HKLM-x32\...\CPU-Control_is1) (Version:  - Koma-Code)
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EasyViewer (HKLM-x32\...\{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI) Hidden
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
Fallout 4 v.1.1.30 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Happy Cloud Client (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
iExplorer 3.7.8.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2656 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lovers in a Dangerous Spacetime (HKLM-x32\...\1441290254_is1) (Version: 2.8.0.9 - GOG.com)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.7 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth - Shadow of Mordor (HKLM-x32\...\Middle Earth - Shadow of Mordor_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.024 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.11 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.07 - MSI)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.8 - MSI)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.1 - Black Tree Gaming)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.13580 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.69 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Play withSIX (HKLM-x32\...\{E42D4F41-392F-4993-A584-23A70118E7F3}) (Version: 1.00.0088 - SIX Networks)
Play withSIX Windows client (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\PlaywithSIX) (Version: 1.67.1229.1 - SIX Networks GmbH)
PrivitizeVPN (HKLM-x32\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
Registry Repair 4.1.0.388 (HKLM-x32\...\Registry Repair) (Version: 4.1.0.388 - Glarysoft Ltd)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
Scratches Director's Cut (HKLM-x32\...\Scratches Director's Cut_is1) (Version:  - GOG.com)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 3.3 - GOG.com)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{CA0A90CB-F659-4E0B-B2A2-C8CF4B752AEC}) (Version: 1.01.26 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
ss helper 1.74 (HKLM-x32\...\SP_eea72b4f) (Version:  - ) <==== ATTENTION
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.0.15.24748 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamingGenie (HKLM-x32\...\{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1) (Version: 1.0.1.3 - MSI)
TeamSpeak 3 Client (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\teraenmasse) (Version:  - )
TexView 2 Uninstall (HKLM-x32\...\TexView 2) (Version:  - )
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.02 - Creative Technology Limited)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Trend Micro SafeSync (HKLM\...\HFRS_is1) (Version: 5.1.0.1173 - Trend Micro)
Unity Web Player (HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0.1 - Ubisoft)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.8.1.2 - Azureus Software, Inc.)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.122 - MSI)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-11] (Igor Pavlov)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-22] (AVAST Software)
ContextMenuHandlers1-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2013-04-19] (Piriform Ltd)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1-x32: [HrfsShellExtension] -> {FAC7AB1E-0E67-43FC-A7E7-1A4FF52DE01F} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-22] (AVAST Software)
ContextMenuHandlers3: [GB3ContextMenu] -> {3A488FE8-9916-4F36-BDFF-3DED559142E5} => C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll [2011-11-29] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-11] (Igor Pavlov)
ContextMenuHandlers4-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4-x32: [HrfsShellExtension] -> {FAC7AB1E-0E67-43FC-A7E7-1A4FF52DE01F} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-07-12] (Trend Micro Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-22] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2013-04-19] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033A0F0F-918C-40E6-8C6E-313B87934548} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor)
Task: {06D518EC-AB15-4E11-9899-7CF42EA44BD7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-17] (NVIDIA Corporation)
Task: {0E22255B-2DC9-4BCC-8E10-01E2427835BD} - System32\Tasks\{6E2FA656-A3BC-4F24-B712-B83151955239} => C:\Users\edwin\Desktop\New folder (3)\ProjectZomboid32.exe [2013-11-12] ()
Task: {0ED47054-F1F8-4857-84CB-1EB15D27C784} - System32\Tasks\avastBCLRestartS-1-5-21-2519258019-2461966117-1150050435-1000 => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {1769B740-62ED-4D97-B728-771F49C098FD} - System32\Tasks\{70B0832C-B580-44F4-8DCB-5735BCBDD78D} => C:\Windows\system32\pcalua.exe -a C:\Users\edwin\Desktop\pbsetup.exe -d C:\Users\edwin\Desktop
Task: {1CDAE116-7B36-4D55-8FD1-A385A6B490F5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {2E640DAF-50B0-442A-B367-12541BE4F08C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-21] (Adobe Systems Incorporated)
Task: {49DA4E1F-04A6-40DC-B317-33875F4C8793} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-15] ()
Task: {4AAEA6A1-55F1-4013-84B9-538F10A5AAA9} - System32\Tasks\{A481B2F7-B3A2-4BD7-B47C-7C3C10B13E5F} => C:\Windows\system32\pcalua.exe -a C:\Users\edwin\Desktop\pb\pbsetup.exe -d C:\Users\edwin\Desktop\pb
Task: {4F7080C4-C23B-42AC-94BF-F955EAF62AE4} - System32\Tasks\{1258CC9A-1087-4FA3-9D3E-13D10920B770} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/55230
Task: {5F50F288-6481-4BDB-856D-B678BFC11749} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {72E425AD-EBC5-4CE8-8971-5893D44740E0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-17] (NVIDIA Corporation)
Task: {772E1DEA-A4B1-459B-B421-C094EAC66467} - System32\Tasks\{28FE7292-9AD8-44A7-B600-AF3013494748} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\redist\vcredist_x86.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\redist"
Task: {784B7D57-2B9B-4B95-9D0B-8B23DE5B8D99} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2012-08-30] (Beepa P/L)
Task: {800A0EF7-F568-41D7-B8A5-061C7AFABB87} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {845525C1-C0CE-45F9-8F09-6E5277D8F5E9} - System32\Tasks\{17061570-0C9D-46FB-A449-07D7F1D1A67B} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Setup (2).exe" -d C:\Users\edwin\Desktop
Task: {8A4E2038-C9FA-4382-B5DE-08474E20E11D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {9406F434-2CF5-4A9D-8FA6-61B87D4D5587} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {99F9D672-DA71-40F6-9B44-1FCA81FDCAE3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-17] (NVIDIA Corporation)
Task: {A03F319D-9669-43CF-995E-70D4499B04C3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-17] (NVIDIA Corporation)
Task: {A18C71F1-5A6D-454C-B977-E9341C3EE269} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-17] (NVIDIA Corporation)
Task: {A732F07A-99D0-4DD6-8B22-B6DD8F281F35} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-17] (NVIDIA Corporation)
Task: {A9FA9550-4F1D-42B6-8C3F-D8C2C46FB719} - \{EC531902-0988-4176-AB15-4DB96F3B1FB6} -> No File <==== ATTENTION
Task: {C483FFC8-359E-4934-BC9D-40AD3F072277} - System32\Tasks\{A7237B2F-4632-48ED-AA17-F931C0178FF5} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Games\Setup (2).exe" -d C:\Users\edwin\Desktop\Games
Task: {CEBAFCDA-9E36-4A1A-B615-AEBD76E80C14} - System32\Tasks\{AFD2CEE6-CFE3-4F41-9AC0-D5093A984A33} => C:\Users\edwin\Desktop\New folder (3)\ProjectZomboid32.exe [2013-11-12] ()
Task: {CFEC8054-65A4-4745-851A-0EE4446D5124} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {D0C1FF2D-A5CB-456C-88EE-E717058FE37C} - System32\Tasks\SafeZone scheduled Autoupdate 1473034149 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {E124A765-3A4D-4A50-9287-892B4BFFFC6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E77B962F-AD4D-4979-8D1C-E868AAEB81C0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-22] (AVAST Software)
Task: {EAE6A80B-3661-4419-B4C5-65CB7D578CED} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-17] (NVIDIA Corporation)
Task: {EC46692D-08D9-4444-9C26-E316E6041A85} - System32\Tasks\{5FC2870E-88C5-4D15-A290-FEE9D405C43D} => C:\Windows\system32\pcalua.exe -a E:\OriginInstaller.exe -d E:\
Task: {F214BDB8-82E6-4BF3-86F1-60E318C3B614} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2014-08-20] (PcWinTech.com)
Task: {F2BB0B21-9428-4FDC-A7CB-0E2975C7503F} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {F99093B8-C30D-4250-86B5-39C673605896} - System32\Tasks\{9CC983C6-32B6-4C04-A231-BBA1F29BA883} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Games\Setup (2).exe" -d C:\Users\edwin\Desktop\Games
Task: {FEC2DBB7-0287-4354-A3DA-B251AB5D0A54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FFF04BD4-2994-4F55-A735-05DD3CB778E4} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-22 11:56 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-22 11:56 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-22 08:54 - 2017-11-22 08:54 - 005882432 _____ () C:\Program Files\AVAST Software\Avast\defs\17112202\algo.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-22 08:56 - 2017-11-22 08:56 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 008793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-06-18 21:10 - 2014-04-21 14:09 - 000150528 _____ () C:\Program Files (x86)\MSI\NetworkGenie\gep.dll
2017-11-22 08:57 - 2017-11-22 08:57 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-22 08:55 - 2017-11-22 08:55 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-11-27 23:33 - 2017-11-21 19:44 - 068211824 _____ () C:\Users\edwin\AppData\Roaming\Spotify\libcef.dll
2016-11-27 23:33 - 2017-11-21 19:43 - 003110512 _____ () C:\Users\edwin\AppData\Roaming\Spotify\libglesv2.dll
2016-11-27 23:33 - 2017-11-21 19:43 - 000087152 _____ () C:\Users\edwin\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\edwin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: CtHdaSvc => 2
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSI_FastBoot => 2
MSCONFIG\Services: MSI_LiveUpdate_Service => 2
MSCONFIG\Services: MSI_SuperCharger => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: OnlineStorageService => 3
MSCONFIG\Services: OpenVPNAccessClient => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SuperRAIDSvc => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^edwin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ControlCenterCount => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
MSCONFIG\startupreg: Fast Boot => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: NortonOnlineBackup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: Sound Blaster Recon3D PCIe Control Panel => "C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\edwin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Super Charger => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A3F108FE-A598-43CE-B209-6C2D8029BCD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3BF955FF-0676-477F-89CE-630BA9744BA3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EF5DB9C9-E2C8-42F0-A7AC-651892CAD923}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [{182F3351-C127-4B75-9278-AE1456614E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [TCP Query User{16D66DE8-7FEF-4DDA-86CC-B342C64CA76A}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [UDP Query User{F65E367C-875A-4AD2-BA32-36DF912B22AB}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [{7206F7D7-EDCB-4E9F-BE79-85210970B430}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{BF3AC48F-191F-4564-BE2D-85A361F5F636}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{ED4402F9-70ED-4F1D-82B0-EAD62E66677A}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{D849F65A-7C0A-45BC-85F8-172349E9FF52}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{69264F4C-A216-4987-8A2E-EC4700478BF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\game_launcher.exe
FirewallRules: [{901EB210-DE4A-4374-A6FE-2288716B388A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\game_launcher.exe
FirewallRules: [{12036478-D2D7-42A0-9411-B3B3E1ABD7AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird.exe
FirewallRules: [{89A7ACA5-56B2-4B62-8A8D-8BCB5DBD3FFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird.exe
FirewallRules: [{D9E6EE9F-C5E0-4BF6-973F-00A3D01EF426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{5595D49B-0913-4E97-A113-BCA0FD091FF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{EB64CDA6-354C-45E7-A0E3-F46715B11A22}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{21BA857F-AE55-401B-BEC2-B1FBE9F25DF2}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{987BC7A8-3D4B-4501-9344-431F8B186B55}] => (Allow) C:\Program Files (x86)\WB Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [TCP Query User{2776102F-C4E2-4389-9D94-4615E81616AE}C:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Block) C:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
FirewallRules: [{0931AB62-910C-458D-BF1B-9CA7586B1E0D}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{40194AEE-3C20-455C-B8DB-4AB8E6684B9C}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{8F543849-4BB1-4F05-8370-B18237FDCDCC}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{1154CA3A-0512-4418-B30C-87BA7340DAD5}] => (Allow) C:\Program Files (x86)\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [TCP Query User{9F27E046-8138-4BF4-9A01-5DDEB420C12E}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{853B1AF6-8D72-45AF-BB2D-D7D063C14891}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{27EFA6BC-E2D8-45CC-9B63-B3D1C46D8639}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{48EBBDED-7109-4F45-9CC4-B5A8F0F6AD01}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [TCP Query User{45B95BD9-3DFE-4997-BFF9-0CBA9D140442}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [UDP Query User{5109048B-6491-498A-B582-30EDFD844ED8}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [{15E65AC0-13F2-4336-A251-7F661A234019}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
FirewallRules: [{0E3CDE64-7D45-41EB-88D0-23029CBF52B8}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe
FirewallRules: [{FF199244-4B80-43BE-9AB1-090BAFF0965D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
FirewallRules: [{BA68B6ED-3CB5-481E-899E-7D324A2A9C40}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe
FirewallRules: [{770290D8-F338-42AF-AFD0-0726A4C07220}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
FirewallRules: [{BD4A3289-0B18-4F3A-B7D7-C7D6E863B3BB}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
FirewallRules: [{F88E694B-174F-4377-98BE-F62795C84937}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B506FF02-1269-4002-A9FE-A1E547090267}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{2118337A-2D3C-4E72-A0FD-42073759AC05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{5FE5FCC2-B46A-4B9B-A378-6F7801260675}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{4DC458FB-DAAB-4F50-86E1-CA801C7EE502}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A9B5FCE0-D02E-4C21-BF99-30B96D00C775}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{8DE501FA-B6EF-4C56-8B77-A2BDADF92D08}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{518F12E1-3CB1-49CD-9050-E4240908E518}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{40EB950E-F202-441D-BC00-57101CB083C0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D3424250-8E3C-4883-9E14-BF810504E159}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8C01F6B0-3AE3-4D65-B08D-F68A3D476BDF}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{64C11D91-37D9-4459-A880-4F27048DBF49}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{424F508C-25C9-45A8-9744-5977AA3B4788}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{FB84573E-18A7-4AAC-97B8-BB9743153DB6}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{E32B5BE9-C894-40B3-991B-37318A13299E}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{1078BC69-B218-4DF0-A725-5272F60C1B9F}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{859BC727-9AF4-487F-ABA7-EED34F8298DC}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{B7FA307D-48F3-4A10-B50C-CEFDC8EC368F}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{AC24100A-7FB0-4A87-A2A4-8A84E0E7A1C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{848875D7-7C5B-4A5D-9605-2DD8C80DDB6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{AB2A1285-295F-4B75-9D13-A23559448553}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{978298E1-3EF3-449B-B648-FE0AD9A05BFD}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E35DCB36-DF0A-4503-B10E-22FF3F90AC22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{5D18AA50-73C8-4154-8E87-D3B35C97AEC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{CC228901-3E27-434E-807E-A80754AD5452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B1C52CC7-FA01-4448-BB99-21A0F61C3BDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{42E1B928-7A11-4B97-9A9C-3D58233752F0}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{88ACCDF9-DA8A-4D04-8DBC-F7FA02497D55}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{379DAA7F-0CB2-468D-B78A-50F2F56300E3}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{8FE87AA3-ABE7-496B-9355-EABBCAA67E5E}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{A6D858AD-B395-42CC-9D1C-5E6B160A6DDC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D29BF9D5-904D-4218-98B8-78050382123D}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [UDP Query User{FD469613-6C96-40D1-817D-D615BBC11C12}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [{832F7453-8AC6-48FB-BB3F-67FF93B9CD45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{E1C0FB80-A331-45A7-B6E7-E979B2F6E38C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{6293464D-D04D-4E00-90DC-075F6131FACB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{632FE4FD-8464-4530-84C3-881F83AAE11A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BFA71FF3-2B10-457F-AAAA-3AB1E8C4F4A1}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3 MP Open Beta\bin32\Crysis 3 MP Open Beta.exe
FirewallRules: [{D56DAE5B-5F66-4A13-87D6-B0DD772C196C}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3 MP Open Beta\bin32\Crysis 3 MP Open Beta.exe
FirewallRules: [{03F2BB9C-C02F-451E-B39F-2DD98C65EF6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{67D51227-28FA-47DA-9458-E5AAEEFB40C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{612F950A-E254-4FF0-92B9-49353848C1C1}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{B52F7C52-F42D-4266-B6DD-C41789829133}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{5CB2026D-87FD-49CF-9F61-E2986EB753DD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{5E9D08E1-D81C-46C9-A237-7D9D6F8082F1}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DC673619-00F8-4883-AB33-CB1D1B7D8116}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{6320051F-9974-4AD5-8128-0A4807067C1F}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{652D1B3D-54AA-4032-9C00-BB95CDBE4C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2E85A229-9561-4999-848B-BAA44F1FD406}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{3B865986-E4B1-4BBC-BF26-2ED08DAFE73F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D41BE06-3C6C-4C26-A82D-B3A6F5234E2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A4FC97EB-AE0D-46CF-9DA7-F7BCCCC46342}C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe
FirewallRules: [UDP Query User{D067E93A-4434-491E-8F8D-275B8F18D733}C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.10.03a.exe
FirewallRules: [{FB6E2F9C-4C18-4CD1-A964-0D0EF07A810B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{52F196BD-D073-477C-8037-F6A7D7A6201B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{2672A3DE-8FA5-4770-97B1-AA405A490C7A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{5A19C369-14DF-43BA-92FF-71A72E19262D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{D42F87F4-4F06-4D6E-B46C-3EB53302CCBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{E2A46252-FFD4-4996-BBA6-67B03C4C4ADC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{8B5B0252-067A-47F3-A87B-D029CE6445AF}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{761760F2-1607-4283-BABB-D0D122FF8446}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [TCP Query User{29391FD0-3E0A-4D73-BAD5-D69308E75E6F}C:\users\edwin\downloads\tinyumbrella-6.12.00.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.12.00.exe
FirewallRules: [UDP Query User{4D686A0F-79A2-403D-ABBA-652E0E7F320D}C:\users\edwin\downloads\tinyumbrella-6.12.00.exe] => (Allow) C:\users\edwin\downloads\tinyumbrella-6.12.00.exe
FirewallRules: [TCP Query User{2A3A166C-F7C2-4793-BC40-761A8DFE84C5}C:\program files (x86)\resident evil 6\bh6.exe] => (Block) C:\program files (x86)\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{959DACBC-F61E-49D2-B379-9D0A88718BD7}C:\program files (x86)\resident evil 6\bh6.exe] => (Block) C:\program files (x86)\resident evil 6\bh6.exe
FirewallRules: [{FFF08D5B-5C70-4B53-B817-DA679DCC0A5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{1ACCFDD8-0276-4F5D-ACC5-4CA3E6B7970B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{81E63C1F-3132-4784-AB9D-3539AC3BA97D}] => (Allow) C:\Users\edwin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0B92AAA3-621E-4042-8182-D9321F18359B}] => (Allow) C:\Users\edwin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{8C287260-14C0-4AAE-B651-30F2C970FF26}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{D3A3690D-C420-418A-8229-462858258957}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{65D46046-6FA8-4F5F-B789-F4A1483160EB}C:\program files (x86)\metro last light\metrollbenchmark.exe] => (Allow) C:\program files (x86)\metro last light\metrollbenchmark.exe
FirewallRules: [UDP Query User{5CCC7F2C-D472-4CC4-9379-BAF2C3979346}C:\program files (x86)\metro last light\metrollbenchmark.exe] => (Allow) C:\program files (x86)\metro last light\metrollbenchmark.exe
FirewallRules: [TCP Query User{307122A2-A44C-4629-BC5C-6B41A7FCBEDA}C:\games\metro last light\metrollbenchmark.exe] => (Allow) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [UDP Query User{CD793B79-BAF9-4C8B-9CF8-B89024627FCF}C:\games\metro last light\metrollbenchmark.exe] => (Allow) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [{E32D520B-6888-4AA2-85F0-7F9CBF4A348F}] => (Block) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [{498C6E52-CBF6-450C-91FE-FA640E417BCF}] => (Block) C:\games\metro last light\metrollbenchmark.exe
FirewallRules: [TCP Query User{BC4EC9DA-FB7E-4FE1-A11F-E006FEDAFE82}C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe] => (Allow) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [UDP Query User{16A4B2AB-0D58-4286-8446-2A0A8C1176B4}C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe] => (Allow) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [{36DF3E72-3765-4E11-AB10-DF5D122CBA4E}] => (Block) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [{58EBE545-F4DB-4C20-B187-494806C29892}] => (Block) C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe
FirewallRules: [{BA616B65-06B9-4164-A8E0-63C7B995AE9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{E13872DC-3589-4176-9887-3B42C3DC79EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AA300546-0220-4407-9479-CE45C88F0A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F8C98AA2-59B2-4904-8CF2-3B1B6FF3CCE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EF0C25E8-E913-4109-B789-A8CC8F46456E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8155B488-7F0B-40C0-ACDB-E5DAA4016528}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{682161C0-F084-4694-9EE0-AE1256926FA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{280EFA13-86C0-4E71-B6D9-4BE239984D8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B29A9E95-EC20-4769-BADB-56A93AEEB00E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [TCP Query User{6D1AA51E-6BAB-4077-B846-F01156CA43A6}C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe
FirewallRules: [UDP Query User{26D15621-2C63-4915-99ED-8FA06619BC24}C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base\hl2.exe
FirewallRules: [TCP Query User{B7A53D71-630B-41F9-BBB7-D17DC2753EC4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{E1CF8EB6-1248-4447-AF0F-0FE91E94EF92}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{DF5385F7-3F14-4401-9806-6C0CB0BD38D6}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4B568616-ED88-4102-8F0A-9485665B4E89}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{302DC297-AAB3-4B68-B51A-A6325455DCFB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{82E45DD7-75B7-49E1-980A-B3DA9979841B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{765F0DAB-47D5-4664-85AF-DEAB76FAFA09}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{FB8F68BB-9811-4C07-B1B8-032FBAAB8308}] => (Allow) C:\Program Files (x86)\Steam\bin\steamservice.exe
FirewallRules: [{07772657-F032-48B9-98E5-B5528851243B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base 2007\hl2.exe
FirewallRules: [{F065A759-C118-4E0E-BE9C-19332FC7567D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\geodecent1\source sdk base 2007\hl2.exe
FirewallRules: [{78D8C443-FFB9-4E85-BE7F-650E2843AD3F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [{1A09AF68-AAAA-4513-9635-3C89DB648048}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [TCP Query User{C76F2A80-383F-4F8B-AB32-232AC2C45646}C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe] => (Block) C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{BB344DA3-20AF-4774-9A8A-83947378A3ED}C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe] => (Block) C:\users\edwin\appdata\local\temp\rar$exa0.596\the stanley parable\stanley.exe
FirewallRules: [{39BF4464-3119-474B-8BE9-0BCC5F1363B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2F37AFAF-4AC9-487E-B3F6-0DA9111FC3CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{36F4A5E6-23D8-48C3-A642-CF01FBAED82B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{751DCE3A-7658-47FE-A092-2BB15FA40C91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{7EDE3034-BC45-4F9A-9951-275370B63FC9}C:\nether\nether\binaries\win64\nether.exe] => (Allow) C:\nether\nether\binaries\win64\nether.exe
FirewallRules: [UDP Query User{0454D210-BC35-4580-A9FD-2CA8F14AC655}C:\nether\nether\binaries\win64\nether.exe] => (Allow) C:\nether\nether\binaries\win64\nether.exe
FirewallRules: [{E1C84968-09E5-47F3-9B9A-9F8DEE3143E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8FE3EB02-7352-4C19-B239-4E596C3C47E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{37F1C9DB-81BF-4F80-AB75-CB5F57C5CD88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3CEFCA0-4D3D-430C-A389-83BD3527765A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{961D0DED-9A3B-4FFD-911C-40BE5CB04C8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{75DEA39A-BFAA-4993-AA9B-5C3AE8106941}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{F8E6DD0B-DB31-4E8B-B361-C820A49F487F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{440BB19A-C056-4229-8936-EB3FC7F1C0E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{45D95AC3-A7C2-4A9D-9362-1B7994C42F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6C32B511-4E1F-4D29-BBD1-63C786CFED7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D9AACF0-0910-4465-8127-E85C1BFA2440}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{E48AC255-E503-45F0-AA02-6D8F09FF409D}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{10290271-76F0-4133-A406-263652486288}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{E5599A00-D341-49A3-A84B-4BAA2B4E8FF2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{84AD9F66-4B24-4420-A010-F5F18A25422C}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{EF931F9D-9939-40A5-ADAC-F64B425C1F82}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B20CC8F8-F8CE-4623-8765-CD839822522B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7BEDE6E1-105B-430F-AB98-66C51C3D7687}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A1BA6F4B-74FC-4A18-BCF6-EC65B5F5FEBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{C2EBC56A-1666-415B-91E0-D52BACA80DFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{FF747814-6D92-41ED-9418-9768C77DAB1F}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F49C6B15-6C40-4637-92F4-C7D0832E6342}] => (Allow) C:\Users\edwin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6983B909-0614-411D-9C1A-9E9921550159}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{A21CBAA1-0807-4899-9A3B-5B597DAB8CF2}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{FA1BF88E-7D01-4048-8A78-E2824ABC9B7F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F2BE65D9-6697-4922-9D02-728E60300B86}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DD2D06CF-F53F-4A61-BC1C-82080BA683F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FC598F01-2B72-4C7B-BFB3-6CD4DF3F36F7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10373BBE-2116-4829-87CF-8F34401AF7D8}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{907E28F1-3E37-4F0F-A13B-54AD0A3CB241}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [TCP Query User{77F6BBE5-0CCE-4398-8626-8FBB4A00D0FB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2099B44E-4648-4BF6-BBA5-49C3068EBAF7}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{8F91B086-971C-4B64-A651-BCA80AF67196}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{28CB0066-6CFE-477A-9CBD-AEC58484E87A}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [TCP Query User{D9F7F8A3-0C5B-4D69-B922-1AB65C3FC5A1}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{65BF9A68-807E-4AB4-A1BF-8244B629C72F}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [{0A87D1FB-CE99-440F-89B9-83B1830932DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB0F577E-AAAA-4FBC-A8A3-4B31103154A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5DE90A3D-0AA0-4732-91FB-C5E9457C949B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{D686B735-3A6B-4ADE-A187-15F9A316430C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [TCP Query User{6678F13A-821F-47F6-AB0A-420D04FB564D}C:\games\dying light\dyinglightgame.exe] => (Block) C:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{FC1B8544-2104-44D9-99FA-6C8EC7BCBB64}C:\games\dying light\dyinglightgame.exe] => (Block) C:\games\dying light\dyinglightgame.exe
FirewallRules: [{B0401968-F869-4A47-9144-A4E363E2378F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0D72E44D-DBB0-4414-94D8-61C0BCACF05E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70BFB4AE-F7B9-45A6-99E6-53A0EE8CECE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{08BC1C7E-888F-43CC-A6CB-B2DAA22F901E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2B3AD7B7-BEAC-431F-B855-EFD74FC8C062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{B6006AD1-CD3B-41F4-B16E-B277DFE4D055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [TCP Query User{D40EB706-FEEF-4135-8580-70B3A1BD42CE}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5C2D9593-36A3-43E9-8CB6-41E3F89F42BA}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [{380A4879-E229-42A9-B23E-7A99BFBFAFE4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C232936C-1540-4F7A-A1A5-CE986084D45E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D27F2396-DB5E-498C-8B48-CA8583CDD85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{8FD572E8-AAED-48E3-AC35-FC29EF88CBD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{92EF5D31-8ADD-446C-9BE7-67B0670E314E}C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe] => (Allow) C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe
FirewallRules: [UDP Query User{61894110-B77D-4545-B097-36D2F4702446}C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe] => (Allow) C:\users\edwin\appdata\local\playwithsix\app-1.67.1229.1\play.exe
FirewallRules: [{564D66FF-0FD3-4121-BAB7-FCE1573F0FA9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E387D5D1-37C9-4873-BDA8-BDEF9DA8570D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{12152FCE-5743-497C-9127-FB2BA236151A}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4F72C589-ABEE-48AD-BE0D-BDE9068D40D5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{424FF46C-9F38-4CBE-86BE-E3EFBA6EC256}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63371809-F617-416A-B5B1-2EC268A8D7BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B974754-15DE-428D-A04C-14E4C9939B65}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC83876F-CD85-487E-AA7D-A4A5492431AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95C30089-940F-493B-A228-8F74EFC16FE8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{D97193CB-405F-49E4-ABC5-5DB7789CDA80}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{74359CCA-9F51-49B3-98A0-8A17D3239C30}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{6C59C22C-0813-45DC-9370-B301FA88DE58}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A33ED22E-7583-4059-B55B-B6CF1092EEA5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{CE1F2C60-175D-45C0-8EA4-F6AAD77DE575}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{6D9970A8-F89C-4681-A32B-DF7A04465F40}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{73CE751B-0F20-4263-90BB-757E393F161E}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{93FFA6E0-FA39-4ACB-91DA-E2D2AB7C9A78}] => (Allow) LPort=443
FirewallRules: [{ACB4CAE7-534B-48FA-8BE1-34CB304E2330}] => (Allow) LPort=8080
FirewallRules: [{5438FBDE-23A4-4468-AA05-491C7C01B7B2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{68FD7CEE-FCB4-48EE-B6AE-27082B587193}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{0BBB370B-15C3-4B6B-A7A4-DC20150AF7D5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{342A4C0F-CFAF-4888-882A-7C9FCF2A9769}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{122939B2-0DB0-463D-B1D5-4F1F02C76643}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\Squad.exe
FirewallRules: [{8FB0F365-22AF-45CB-AF71-4A48B414E649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\Squad.exe
FirewallRules: [TCP Query User{09274AC8-02C0-4EEE-B816-9E8CC3C6AFBC}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{0E2C50E1-0F38-46FC-A3A3-A798E19BDEEB}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{1AF1D724-4535-4F2A-8F06-85B016304EA1}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{55F85E2D-8763-4DAE-88ED-0F289284293A}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{DFA00983-C44E-4A16-8778-A2B432844E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [{FAFD98AB-412F-4BBD-83B5-6A0873236AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [{A0E557F8-A034-4CE2-98E8-23CFC2970174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{F66907AD-F3C2-43D7-9978-F7CCA5E72201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{74C97963-3155-4A71-8289-B2ADC7C68E76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{FA62F028-A016-43BA-9098-5B62045E67D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{C7C63E08-208F-4AFA-B0AA-11DE0E7FF086}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{1CF7D9E5-6732-4220-BB64-F45469AC2F1F}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{3DF61A53-C655-44C1-8FAA-BB1DA55B1335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{BDDE1C86-535D-4B9E-B8BF-C7C873A82A3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{D0F003D1-F9C4-4D8D-ABCF-5FBBD69D41F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{F9AB8C60-E6E4-40F2-B71D-F56DC74D9783}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{D787F7DB-70A9-4FDE-B764-21BC9EECD1C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crayon Physics Deluxe\launcher.exe
FirewallRules: [{CF187BC6-8A1E-4032-A2DC-A789D21426D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crayon Physics Deluxe\launcher.exe
FirewallRules: [{FA258D9E-72DB-4341-8F8B-87EC2D6734D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{122AD2DD-BA56-4A9F-B9E0-D433123C5252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [TCP Query User{2597F8ED-AC88-4A60-92C7-D91CBC53F1CB}C:\program files (x86)\the stanley parable\thestanleyparable.exe] => (Block) C:\program files (x86)\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{9B253214-C544-4A1F-A643-BC2951588601}C:\program files (x86)\the stanley parable\thestanleyparable.exe] => (Block) C:\program files (x86)\the stanley parable\thestanleyparable.exe
FirewallRules: [{29A9C6A3-868E-4E0D-A156-625E9D8773CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{2457DAAB-D8C7-4B0D-B286-F8E21C8517F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{C1E656E0-2BBF-406E-9D9B-111B9E23F590}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{878CD0CC-FCE6-480A-8A34-A1D2E5525BD3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{382ACBD7-9E9A-4F24-A413-E34E35325361}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{A4E07C8F-D782-4C58-8A87-A49D645361CA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{AA61885B-DC95-4452-840E-4FFF75D80C3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{47D1D35F-F18E-4FF1-AA2C-E1FEEEE86ED0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{72BB6395-95BF-4F5A-A1ED-415D2549CBB5}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{D444C3C1-3F0D-47A4-A4EF-3FBB7CAE13CC}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{18980B12-A167-4254-AD09-6CBA13F86CFB}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{E5203A29-9BFA-4F9B-9DE0-49C17AD4327C}] => (Allow) F:\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{740B1009-0A95-4EE6-A498-574C2419365F}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{C834F38E-4485-498B-80CE-D73DC2281186}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{FE30A258-8B3A-4E27-B411-08B21BB2088D}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{0076A97B-BCEC-4E48-9668-89FFF7B2C389}] => (Allow) F:\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [TCP Query User{D5D956F0-E211-474B-BE09-D84BEA856A4A}C:\users\edwin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\edwin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{036D0192-BC2E-4F62-8F79-EA178DC122F8}C:\users\edwin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\edwin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B8E97CB2-47C9-42D2-A44C-5B891B9F7855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{4B1FE93D-A5D6-44C3-8564-CE0C37B9EEAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [TCP Query User{7EF37391-833B-408D-B9C7-89CEA394E7BA}F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe] => (Allow) F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe
FirewallRules: [UDP Query User{C3F7C2C8-5475-4C0E-9320-0BB1011CDCC3}F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe] => (Allow) F:\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsixgame.exe
FirewallRules: [{3440FC5A-3033-4C53-9402-7726478E3943}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F576CADC-386D-4445-8C46-6434C5DBD14D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{75033E9D-1844-4031-9661-DE124A8302A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3C35376A-AC98-4CD1-A09E-744F69FD0146}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9ECFB03C-31DC-41E7-8EA8-EAC6F5126536}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC884569-314B-453A-B154-9BE5F3FC5D20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6C36C7D-5728-4CE8-BCE3-7A8555AFD0DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C432EB66-4F44-4924-ADF4-1487F21C96AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B5B6508-9544-4689-A3D6-99BD37675EDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88864C58-0115-44FE-9C2D-D632E2D3F792}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E8079BD2-9F3F-404D-8454-FF8BB206E8F7}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{F0D0BECF-F480-44D3-9EC7-A2E28B993616}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{9DEDF1DB-3DAA-4ED6-9B5D-39B2BB77D49F}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{37531DEE-811E-4AA2-9941-439D7F7C222A}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{C0BDC7C2-1478-4481-BBC9-5DA5AA01A785}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{9223BBAE-B000-4204-9470-BB0369E20634}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{08E74C72-85FA-4F04-8AD4-C0943B2A45C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{07C95469-D813-43C5-BBD4-CCFC82D44CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{127AD9FB-96DD-4D51-897B-BEA07040F0C2}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [TCP Query User{44811C93-EDBF-420C-93A9-EDC25D630F94}C:\users\edwin\desktop\neir\nierautomata.exe] => (Allow) C:\users\edwin\desktop\neir\nierautomata.exe
FirewallRules: [UDP Query User{AA5F98F5-7A81-423D-A802-11C915482BB1}C:\users\edwin\desktop\neir\nierautomata.exe] => (Allow) C:\users\edwin\desktop\neir\nierautomata.exe
FirewallRules: [{58561A9B-4348-4FAD-9064-E439DBCA9C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Desert Online\Black Desert Online Steam Launcher.exe
FirewallRules: [{8BEAE8E1-5156-43BE-9A1F-830F8F9C8F15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Desert Online\Black Desert Online Steam Launcher.exe
FirewallRules: [{AF861715-9A14-413E-8A39-E8BA3A168334}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{A981133C-8E08-464B-A98D-815F2BA42441}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{3BC461A7-3534-4892-A37B-939A36D08043}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{FE88FB12-3ACC-4777-A1A9-F753F63E4F6C}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe

==================== Restore Points =========================

25-02-2017 19:31:55 Scheduled Checkpoint
12-03-2017 18:54:06 Scheduled Checkpoint
19-03-2017 16:12:06 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
19-03-2017 16:12:56 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
06-04-2017 20:11:36 Scheduled Checkpoint
06-04-2017 22:17:16 Installed DirectX
06-04-2017 22:20:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
06-04-2017 22:22:42 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
06-04-2017 22:25:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
06-04-2017 22:27:53 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
07-04-2017 12:09:19 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
07-04-2017 12:49:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
07-04-2017 12:51:53 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
07-04-2017 12:54:28 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
07-04-2017 12:57:17 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
23-04-2017 20:48:58 Scheduled Checkpoint
14-05-2017 18:45:59 Scheduled Checkpoint
21-05-2017 22:36:24 Scheduled Checkpoint
28-05-2017 21:43:54 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
28-05-2017 21:44:43 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
28-05-2017 21:47:09 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
28-05-2017 21:49:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
05-06-2017 11:25:05 Scheduled Checkpoint
22-06-2017 23:47:27 Scheduled Checkpoint
30-06-2017 16:26:18 Scheduled Checkpoint
01-07-2017 21:10:35 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
01-07-2017 21:16:09 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
01-07-2017 21:19:54 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
20-07-2017 21:03:26 Scheduled Checkpoint
23-07-2017 16:52:25 Removed Steam
23-07-2017 16:54:49 Removed Steam
16-08-2017 09:20:37 Scheduled Checkpoint
29-09-2017 11:36:35 Installed Microsoft Visual C++ 2005 Redistributable (x64)
29-09-2017 11:45:11 Installed League of Legends
29-09-2017 11:46:30 Installed DirectX
21-11-2017 11:37:28 Geek Squad Restore Point
21-11-2017 14:08:53 Windows Update
21-11-2017 15:02:10 Geek Squad Restore Point
21-11-2017 23:27:38 Malwarebytes Anti-Rootkit Restore Point
22-11-2017 11:10:07 Installed DirectX
22-11-2017 11:55:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
22-11-2017 11:57:06 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2017 02:09:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/22/2017 11:54:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17c0

Start Time: 01d363caef13e343

Termination Time: 1

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: bc769edf-cfbe-11e7-932f-8c89a5e17f47

Error: (11/22/2017 11:48:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10c4

Start Time: 01d363c9817bcdba

Termination Time: 2

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 2475df59-cfbe-11e7-932f-8c89a5e17f47

Error: (11/22/2017 11:38:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4dc

Start Time: 01d363c90dc54a4c

Termination Time: 2

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: b3982f7c-cfbc-11e7-932f-8c89a5e17f47

Error: (11/22/2017 10:59:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/22/2017 09:11:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam, version: 0.0.0.0, time stamp: 0x54900bd6
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002dfe4
Faulting process id: 0x4dc
Faulting application start time: 0x01d363b4d472bacb
Faulting application path: C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi\Steam
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 2581485e-cfa8-11e7-8253-8c89a5e17f47

Error: (11/22/2017 09:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7d8

Start Time: 01d363b33fde3899

Termination Time: 827

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 03fc9c14-cfa7-11e7-8253-8c89a5e17f47

Error: (11/22/2017 08:58:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 978

Start Time: 01d363b30271cc27

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 69f868b9-cfa6-11e7-8253-8c89a5e17f47

Error: (11/22/2017 08:57:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 790

Start Time: 01d363b2a7867cf0

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 2f6ff25c-cfa6-11e7-8253-8c89a5e17f47

Error: (11/22/2017 08:52:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/22/2017 02:11:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (11/22/2017 02:08:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/22/2017 02:08:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (11/22/2017 02:08:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/22/2017 02:04:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/22/2017 02:04:00 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/22/2017 12:29:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (11/22/2017 11:49:32 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (11/22/2017 11:49:32 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (11/22/2017 11:49:32 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.


CodeIntegrity:
===================================
  Date: 2016-10-07 13:59:07.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:52:40.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:52:14.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:24:54.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:24:39.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 10:19:33.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 02:11:53.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 02:11:43.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 01:46:04.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 01:43:05.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16331.18 MB
Available physical RAM: 11941.43 MB
Total Virtual: 32660.54 MB
Available Virtual: 26568.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:240.1 GB) NTFS
Drive f: (SSD) (Fixed) (Total:223.57 GB) (Free:170.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 66F677CD)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 678D9684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 22 November 2017 - 07:09 PM

Uninstall PrivitizeVPN and ss helper 1.74.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 geodecent

geodecent
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 November 2017 - 08:11 PM

Hello, everything is going good now, its a lot faster than before! Thanks so much!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by edwin (22-11-2017 16:48:19) Run:1
Running from C:\Users\edwin\Desktop
Loaded Profiles: edwin (Available Profiles: edwin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2519258019-2461966117-1150050435-1000 -> {37F7A980-CD73-4466-9CD8-C92F205E2C7E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION

Task: {1769B740-62ED-4D97-B728-771F49C098FD} - System32\Tasks\{70B0832C-B580-44F4-8DCB-5735BCBDD78D} => C:\Windows\system32\pcalua.exe -a C:\Users\edwin\Desktop\pbsetup.exe -d C:\Users\edwin\Desktop
Task: {4AAEA6A1-55F1-4013-84B9-538F10A5AAA9} - System32\Tasks\{A481B2F7-B3A2-4BD7-B47C-7C3C10B13E5F} => C:\Windows\system32\pcalua.exe -a C:\Users\edwin\Desktop\pb\pbsetup.exe -d C:\Users\edwin\Desktop\pb
Task: {4F7080C4-C23B-42AC-94BF-F955EAF62AE4} - System32\Tasks\{1258CC9A-1087-4FA3-9D3E-13D10920B770} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/55230
Task: {73AAFCE5-47B7-4A85-87C0-342A9F13C264} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi\Steam" [Argument = overbtc123.] <==== ATTENTION
Task: {772E1DEA-A4B1-459B-B421-C094EAC66467} - System32\Tasks\{28FE7292-9AD8-44A7-B600-AF3013494748} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\redist\vcredist_x86.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\redist"
Task: {845525C1-C0CE-45F9-8F09-6E5277D8F5E9} - System32\Tasks\{17061570-0C9D-46FB-A449-07D7F1D1A67B} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Setup (2).exe" -d C:\Users\edwin\Desktop
Task: {A9FA9550-4F1D-42B6-8C3F-D8C2C46FB719} - \{EC531902-0988-4176-AB15-4DB96F3B1FB6} -> No File <==== ATTENTION
Task: {C483FFC8-359E-4934-BC9D-40AD3F072277} - System32\Tasks\{A7237B2F-4632-48ED-AA17-F931C0178FF5} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Games\Setup (2).exe" -d C:\Users\edwin\Desktop\Games
Task: {F2BB0B21-9428-4FDC-A7CB-0E2975C7503F} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {F99093B8-C30D-4250-86B5-39C673605896} - System32\Tasks\{9CC983C6-32B6-4C04-A231-BBA1F29BA883} => C:\Windows\system32\pcalua.exe -a "C:\Users\edwin\Desktop\Games\Setup (2).exe" -d C:\Users\edwin\Desktop\Games

C:\Users\edwin\AppData\Local\ejmlz
C:\Users\edwin\AppData\Local\ntuserlitelist
C:\Users\edwin\AppData\Local\report
C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi
C:\windows\system32\tprdpw64.exe
C:\Windows\system32\Drivers\32740651.sys



EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully
HKU\S-1-5-21-2519258019-2461966117-1150050435-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37F7A980-CD73-4466-9CD8-C92F205E2C7E} => key removed successfully
HKLM\Software\Classes\CLSID\{37F7A980-CD73-4466-9CD8-C92F205E2C7E} => key not found.

=========================  bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1769B740-62ED-4D97-B728-771F49C098FD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1769B740-62ED-4D97-B728-771F49C098FD} => key removed successfully
C:\Windows\System32\Tasks\{70B0832C-B580-44F4-8DCB-5735BCBDD78D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{70B0832C-B580-44F4-8DCB-5735BCBDD78D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AAEA6A1-55F1-4013-84B9-538F10A5AAA9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AAEA6A1-55F1-4013-84B9-538F10A5AAA9} => key removed successfully
C:\Windows\System32\Tasks\{A481B2F7-B3A2-4BD7-B47C-7C3C10B13E5F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A481B2F7-B3A2-4BD7-B47C-7C3C10B13E5F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F7080C4-C23B-42AC-94BF-F955EAF62AE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F7080C4-C23B-42AC-94BF-F955EAF62AE4} => key removed successfully
C:\Windows\System32\Tasks\{1258CC9A-1087-4FA3-9D3E-13D10920B770} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1258CC9A-1087-4FA3-9D3E-13D10920B770} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73AAFCE5-47B7-4A85-87C0-342A9F13C264} => key not found.
C:\Windows\System32\Tasks\Steam_x64-S-2-106-91 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{772E1DEA-A4B1-459B-B421-C094EAC66467} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{772E1DEA-A4B1-459B-B421-C094EAC66467} => key removed successfully
C:\Windows\System32\Tasks\{28FE7292-9AD8-44A7-B600-AF3013494748} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28FE7292-9AD8-44A7-B600-AF3013494748} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{845525C1-C0CE-45F9-8F09-6E5277D8F5E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{845525C1-C0CE-45F9-8F09-6E5277D8F5E9} => key removed successfully
C:\Windows\System32\Tasks\{17061570-0C9D-46FB-A449-07D7F1D1A67B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{17061570-0C9D-46FB-A449-07D7F1D1A67B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9FA9550-4F1D-42B6-8C3F-D8C2C46FB719} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9FA9550-4F1D-42B6-8C3F-D8C2C46FB719} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC531902-0988-4176-AB15-4DB96F3B1FB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C483FFC8-359E-4934-BC9D-40AD3F072277} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C483FFC8-359E-4934-BC9D-40AD3F072277} => key removed successfully
C:\Windows\System32\Tasks\{A7237B2F-4632-48ED-AA17-F931C0178FF5} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A7237B2F-4632-48ED-AA17-F931C0178FF5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2BB0B21-9428-4FDC-A7CB-0E2975C7503F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2BB0B21-9428-4FDC-A7CB-0E2975C7503F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F99093B8-C30D-4250-86B5-39C673605896} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F99093B8-C30D-4250-86B5-39C673605896} => key removed successfully
C:\Windows\System32\Tasks\{9CC983C6-32B6-4C04-A231-BBA1F29BA883} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9CC983C6-32B6-4C04-A231-BBA1F29BA883} => key removed successfully
C:\Users\edwin\AppData\Local\ejmlz => moved successfully
"C:\Users\edwin\AppData\Local\ntuserlitelist" => not found.
C:\Users\edwin\AppData\Local\report => moved successfully
C:\Users\edwin\AppData\Roaming\NVIDIA\CODEXi => moved successfully
"C:\windows\system32\tprdpw64.exe" => not found.
C:\Windows\system32\Drivers\32740651.sys => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 120422996 B
Java, Flash, Steam htmlcache => 644793989 B
Windows/system/drivers => 103492100 B
Edge => 0 B
Chrome => 454357430 B
Firefox => 458536226 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 78362419 B
systemprofile32 => 66660 B
LocalService => 66228 B
NetworkService => 1565728 B
edwin => 1309241703 B

RecycleBin => 181240804 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:53:08 ====



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 22 November 2017 - 10:11 PM

No problem geodecent, you're welcome!


Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users