Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VMXClient? Large frame drops, internet cuts! More viruses?


  • This topic is locked This topic is locked
52 replies to this topic

#1 NikL725

NikL725

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 24 November 2017 - 12:17 PM

I will receive very large frame drops every now and then, and my internet will cut out sometimes. I used to get tab popups in chrome, but I think an anti virus caught that. There are certain programs that simply won't open, like Razer Synapse, and Netflix will provide an error that never happened before this. There is one, sometimes two, programs in the Task Manager in Applications that are simply named "client", that will disappear every now and then. It looks like this:

 

KdfHxk2.jpg

 

FRST.txt file contents:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017
Ran by Timo (administrator) on TIMO-PC (24-11-2017 11:08:09)
Running from C:\Users\Timo\Desktop
Loaded Profiles: Timo (Available Profiles: Timo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\lmspehnsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Discord Inc.) C:\Users\Timo\AppData\Local\Discord\app-0.0.298\Discord.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Discord Inc.) C:\Users\Timo\AppData\Local\Discord\app-0.0.298\Discord.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Discord Inc.) C:\Users\Timo\AppData\Local\Discord\app-0.0.298\Discord.exe
() C:\Users\Timo\AppData\Local\cgckhpi\cgckhpi.exe
() C:\Users\Timo\AppData\Local\igfxmtc\igfxmtc.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Timo\AppData\Local\cgckhpi\vdreoci.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() Q:\SteamLibrary\Steam\SteamApps\common\Team Fortress 2\bin\hlmv.exe
(ZeqMacaw) C:\Users\Timo\AppData\Local\Temp\Rar$EXa0.531\Crowbar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) Q:\SteamLibrary\Steam\Steam.exe
(Valve Corporation) Q:\SteamLibrary\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) Q:\SteamLibrary\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Timo\AppData\Local\cgckhpi\vdreoci.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Valve Corporation) Q:\SteamLibrary\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5906\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Blizzard App\Battle.net.exe
() C:\Program Files (x86)\Blizzard App\Battle.net.9601\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Blizzard App\Battle.net.9601\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Valve Corporation) Q:\SteamLibrary\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Timo\AppData\Local\cgckhpi\vdreoci.exe
() C:\Users\Timo\AppData\Local\cgckhpi\vdreoci.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
"Path" (C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;%VPROJECT%\..\bin;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;%VPROJECT%\..\bin;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\) <==== Repaired successfully
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\Run: [Google Update] => C:\Users\Timo\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\Run: [Discord] => C:\Users\Timo\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\MountPoints2: G - G:\arun.exe
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\MountPoints2: {3fbb0f3d-8556-11e3-b22f-806e6f6e6963} - "D:\Adobe CS5\Set-up.exe"
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\MountPoints2: {9a2291d5-c792-11e3-be6e-d4d818c37d7f} - G:\arun.exe
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\MountPoints2: {bbcd9a36-8548-11e3-98f7-fe260b5d3c55} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\MountPoints2: {bbcd9a3d-8548-11e3-98f7-fe260b5d3c55} - E:\HTC_Sync_Manager_PC.exe
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5ED5A0F3-EF27-4602-BE1A-73607E4C6690}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7EC5CB14-2835-46AA-8B3F-C00598B5A4DF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7EC5CB14-2835-46AA-8B3F-C00598B5A4DF}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C2158B66-43B4-40B9-B041-E3DBA545B651}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C2158B66-43B4-40B9-B041-E3DBA545B651}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{C6B679A9-44C8-4B8F-BE8C-F22761AA6DBE}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EE165D7D-32C4-443C-8B3B-97648754428D}: [NameServer] 8.8.8.8
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-426254898-1232359064-3194617754-1000 -> {66A0268A-9190-4848-88F8-A2ED26CA64EF} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-15] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Timo\AppData\Roaming\Mozilla\AdAwareBrowser\Profiles\s8riawl3.default [2017-02-25]
FF Homepage: Mozilla\AdAwareBrowser\Profiles\s8riawl3.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10341__170226__yamz
FF NewTab: Mozilla\AdAwareBrowser\Profiles\s8riawl3.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10341__170226__yamz
FF SearchPlugin: C:\Users\Timo\AppData\Roaming\Mozilla\AdAwareBrowser\Profiles\s8riawl3.default\searchplugins\yahoo-lavasoft.xml [2017-02-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29] [Lagacy]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> Q:\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-426254898-1232359064-3194617754-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Timo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-426254898-1232359064-3194617754-1000: @talk.google.com/O1DPlugin -> C:\Users\Timo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-426254898-1232359064-3194617754-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-426254898-1232359064-3194617754-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-426254898-1232359064-3194617754-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\Timo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Timo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.search.ask.com/?gct=hp
CHR Profile: C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default [2017-11-24]
CHR Extension: (Slides) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-23]
CHR Extension: (Docs) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-23]
CHR Extension: (Google Drive) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-25]
CHR Extension: (YouTube) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-07]
CHR Extension: (Google Search) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-13]
CHR Extension: (Bing) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-23]
CHR Extension: (Sheets) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-25]
CHR Extension: (Yahoo Partner) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2017-11-23]
CHR Extension: (Skype) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-23]
CHR Extension: (Gmail) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-23]
CHR Profile: C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-24]
CHR Extension: (Slides) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-13]
CHR Extension: (Sheets) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Yahoo Partner) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2017-08-13]
CHR Extension: (Outpost for Chrome™) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgjefdmgcpfghakbmjiliecjdcgcfjdn [2017-03-05]
CHR Extension: (Skype) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - Q:\DManager\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-426254898-1232359064-3194617754-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [227104 2016-10-06] (EasyAntiCheat Ltd)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-29] (Microsoft Corporation)
S4 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S4 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S4 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-25] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-04-25] (NVIDIA Corporation)
S4 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-19] (Razer Inc.)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S2 UGCC-WWW; Q:\Brainless\EzUGCC-WWW.exe [45056 2015-05-02] (Brainless Technologies Ltd.) [File not signed]
S2 UGCCMon; Q:\Brainless\monitor\ugccmonsvc.exe [663552 2017-04-16] (Brainless Technologies Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S4 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]
S3 Origin Client Service; Q:\Origin\OriginClientService.exe [X]
S4 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM" [X]
S3 VSStandardCollectorService150; "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe" [X]
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [82936 2016-10-16] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-04-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-09-29] (Arainia Solutions LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-11-21] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-11-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-11-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-11-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-11-22] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-11-21] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-04-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-27] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-03-27] (NVIDIA Corporation)
S4 rjaty; C:\Windows\System32\drivers\imofugc.sys [79064 2017-11-21] (Malwarebytes Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation )
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51736 2016-06-22] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-11-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-21] (Zemana Ltd.)
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
U4 secdrv; no ImagePath
R3 udiskMgr; system32\drivers\losvyc.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-24 11:08 - 2017-11-24 11:08 - 000028874 _____ C:\Users\Timo\Desktop\FRST.txt
2017-11-24 11:07 - 2017-11-24 11:07 - 002393088 _____ (Farbar) C:\Users\Timo\Downloads\FRST64 (2).exe
2017-11-24 11:06 - 2017-11-24 11:08 - 000000000 ____D C:\FRST
2017-11-24 11:06 - 2017-11-24 11:06 - 002393088 _____ (Farbar) C:\Users\Timo\Downloads\FRST64 (1).exe
2017-11-24 11:06 - 2017-11-24 11:06 - 002393088 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2017-11-24 11:05 - 2017-11-24 11:05 - 001789440 _____ (Farbar) C:\Users\Timo\Downloads\FRST.exe
2017-11-22 22:37 - 2017-11-22 22:37 - 001071500 _____ C:\Users\Timo\Downloads\3DS - Pokemon Sun Moon - 792 Lunala.zip
2017-11-22 12:31 - 2017-11-22 12:31 - 000140112 ____N C:\Windows\system32\Drivers\snnruxbe.sys
2017-11-22 11:51 - 2017-11-22 11:51 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1234740D.sys
2017-11-22 11:49 - 2017-11-22 11:49 - 014161479 _____ C:\Users\Timo\Downloads\mbar-1.10.3.1001-nr.exe
2017-11-22 11:49 - 2017-11-22 11:49 - 014161479 _____ C:\Users\Timo\Downloads\mbar-1.10.3.1001-nr (1).exe
2017-11-21 23:42 - 2017-11-21 23:42 - 007916104 _____ (Tim Kosse) C:\Users\Timo\Downloads\FileZilla_3.29.0_win64-setup.exe
2017-11-21 23:42 - 2017-11-21 23:42 - 007905536 _____ (Tim Kosse) C:\Users\Timo\Downloads\FileZilla_3.28.0_win64-setup.exe
2017-11-21 23:40 - 2017-11-21 23:40 - 000009912 _____ C:\Users\Timo\Downloads\halloween_2014.sp
2017-11-21 23:37 - 2017-11-21 23:37 - 000009633 _____ C:\Users\Timo\Downloads\staticprop.sp
2017-11-21 23:32 - 2017-11-21 23:32 - 000407619 _____ C:\Users\Timo\Downloads\Crowbar_2017-11-19_0.51.7z
2017-11-21 23:25 - 2017-11-21 23:25 - 000000198 _____ C:\Users\Timo\Desktop\killsvmxexe.bat
2017-11-21 23:24 - 2017-11-21 23:25 - 000000198 _____ C:\Users\Timo\Desktop\killsvmxexe.txt
2017-11-21 23:20 - 2017-11-21 23:20 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-11-21 23:16 - 2017-11-21 23:16 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-21 22:51 - 2017-11-21 22:51 - 000079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\imofugc.sys
2017-11-21 22:40 - 2017-11-22 12:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-21 22:36 - 2017-11-22 12:25 - 000000000 ____D C:\Users\Timo\Desktop\mbar
2017-11-21 22:33 - 2017-11-21 22:33 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Timo\Downloads\mbar-1.09.3.1001.exe
2017-11-21 18:54 - 2017-11-24 11:06 - 000130121 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-11-21 18:54 - 2017-11-24 10:30 - 000107770 _____ C:\Windows\ZAM.krnl.trace
2017-11-21 18:54 - 2017-11-21 18:54 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-11-21 18:54 - 2017-11-21 18:54 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-11-21 18:54 - 2017-11-21 18:54 - 000001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-11-21 18:54 - 2017-11-21 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-11-21 18:54 - 2017-11-21 18:54 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-21 18:53 - 2017-11-21 18:53 - 000000000 ____D C:\Users\Timo\AppData\Local\Zemana
2017-11-21 18:52 - 2017-11-21 18:52 - 006625600 _____ (Zemana Ltd. ) C:\Users\Timo\Downloads\Zemana.AntiMalware.Setup.exe
2017-11-21 18:34 - 2017-11-21 23:18 - 000002802 _____ C:\Windows\system32\.crusader
2017-11-21 18:27 - 2017-11-21 18:34 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-21 18:25 - 2017-11-21 18:27 - 011584088 _____ (SurfRight B.V.) C:\Users\Timo\Downloads\hitmanpro_x64.exe
2017-11-21 18:25 - 2017-11-21 18:25 - 000013308 _____ C:\Users\Timo\Desktop\JRT.txt
2017-11-21 18:20 - 2017-11-21 18:20 - 001790024 _____ (Malwarebytes) C:\Users\Timo\Downloads\JRT.exe
2017-11-21 18:17 - 2017-11-21 23:14 - 000000000 ____D C:\AdwCleaner
2017-11-21 18:17 - 2017-11-21 18:17 - 008261584 _____ (Malwarebytes) C:\Users\Timo\Downloads\adwcleaner_7.0.4.0.exe
2017-11-21 18:03 - 2017-11-21 22:56 - 000002124 _____ C:\Users\Timo\Desktop\Rkill.txt
2017-11-21 17:44 - 2017-11-21 17:44 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Timo\Downloads\rkill.exe
2017-11-21 17:44 - 2017-11-21 17:44 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Timo\Desktop\banan.exe
2017-11-21 16:47 - 2017-11-21 22:17 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-11-21 16:46 - 2017-11-22 12:32 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-21 16:46 - 2017-11-22 12:32 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-21 16:46 - 2017-11-21 17:47 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-21 16:46 - 2017-11-21 17:36 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-21 16:46 - 2017-11-21 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-21 16:46 - 2017-11-21 16:46 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-21 16:46 - 2017-11-21 16:46 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-21 16:46 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-21 16:45 - 2017-11-23 23:20 - 000000000 ____D C:\Users\Timo\AppData\Local\zadsboh
2017-11-21 16:42 - 2017-11-24 11:08 - 000000000 ____D C:\Users\Timo\AppData\Local\cgckhpi
2017-11-21 16:42 - 2017-11-21 16:44 - 000000000 ____D C:\Users\Timo\AppData\Local\igfxmtc
2017-11-21 16:41 - 2017-11-22 12:31 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\lmspehnsvc.exe
2017-11-21 16:41 - 2017-11-21 16:56 - 000000000 ____D C:\Users\Timo\AppData\Local\lvste
2017-11-21 16:41 - 2017-11-21 16:41 - 000000000 ____D C:\Windows\SysWOW64\niietpm
2017-11-21 16:41 - 2017-11-21 16:41 - 000000000 ____D C:\Windows\system32\niietpm
2017-11-21 16:41 - 2017-11-21 16:41 - 000000000 ____D C:\Users\Timo\AppData\Roaming\et
2017-11-21 07:59 - 2017-11-21 07:59 - 000051624 _____ C:\Windows\uninstaller.dat
2017-11-17 22:06 - 2017-11-17 22:07 - 000000000 ____D C:\Users\Timo\Documents\Tembo The Badass Elephant
2017-11-13 21:16 - 2017-11-21 22:19 - 001210106 _____ C:\Windows\ntbtlog.txt
2017-11-10 20:30 - 2017-11-10 20:30 - 000003224 _____ C:\Windows\System32\Tasks\{F628A63E-1DE5-42A0-9CE1-41E2F19C6175}
2017-11-10 20:04 - 2015-05-27 22:15 - 000937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-11-10 20:04 - 2015-05-27 21:52 - 000571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-11-10 18:49 - 2017-11-12 20:49 - 000000000 ____D C:\Program Files\paint.net
2017-11-10 18:49 - 2017-11-10 18:49 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-11-10 18:49 - 2017-11-10 18:49 - 000001176 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-11-10 18:49 - 2017-11-10 18:49 - 000000000 ____D C:\Users\Timo\AppData\Local\paint.net
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-24 11:08 - 2009-07-13 20:34 - 019660800 _____ C:\Windows\system32\config\HARDWARE
2017-11-24 11:01 - 2017-10-11 20:13 - 000000000 ____D C:\Users\Timo\AppData\Local\Battle.net
2017-11-24 10:35 - 2009-07-13 22:45 - 000020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-24 10:35 - 2009-07-13 22:45 - 000020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-24 10:34 - 2016-12-16 21:54 - 000000258 _____ C:\Windows\Tasks\{28F86AC9-31C9-49E9-BF45-546EC8E83758}.job
2017-11-24 10:20 - 2016-06-20 18:34 - 000000000 ____D C:\Users\Timo\AppData\Local\Akamai
2017-11-23 22:16 - 2017-08-01 22:18 - 000002052 ____H C:\Users\Timo\Documents\Default.rdp
2017-11-23 22:16 - 2015-03-23 14:04 - 000000000 ____D C:\Users\Timo\AppData\Roaming\FileZilla
2017-11-23 20:55 - 2017-10-11 20:12 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-11-23 19:34 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\tracing
2017-11-23 17:47 - 2017-08-14 14:42 - 000002268 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-23 17:22 - 2014-12-24 15:20 - 000003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-23 12:25 - 2014-01-24 18:22 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-23 10:21 - 2016-07-16 17:12 - 000000600 _____ C:\Users\Timo\AppData\Local\PUTTY.RND
2017-11-22 20:54 - 2017-06-09 13:55 - 000000000 ____D C:\Users\Timo\AppData\Roaming\vlc
2017-11-22 20:33 - 2015-05-22 19:46 - 000000000 ____D C:\Users\Timo\AppData\Roaming\Audacity
2017-11-22 15:25 - 2015-04-12 11:14 - 000000000 ____D C:\Users\Timo\AppData\Local\CrashDumps
2017-11-22 12:49 - 2014-01-24 15:23 - 000000000 ____D C:\Users\Timo
2017-11-22 12:38 - 2009-07-13 23:13 - 000799374 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-22 12:38 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-11-22 12:32 - 2017-04-26 15:42 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-11-22 12:32 - 2014-12-26 14:54 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-11-22 12:32 - 2014-01-24 17:26 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-11-22 12:32 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-21 23:14 - 2015-07-15 20:24 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-11-21 23:09 - 2016-12-13 20:44 - 000000000 ____D C:\Users\Timo\AppData\Roaming\discord
2017-11-21 22:51 - 2009-07-13 23:32 - 000000000 ____D C:\Windows\addins
2017-11-21 22:40 - 2014-12-26 14:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-21 18:27 - 2016-07-15 11:59 - 000000000 ____D C:\Users\Timo\Desktop\Texture Stuff
2017-11-21 18:24 - 2017-02-25 21:22 - 000000000 ____D C:\Users\Timo\AppData\Roaming\Lavasoft
2017-11-21 18:24 - 2017-02-25 21:21 - 000000000 ____D C:\ProgramData\Lavasoft
2017-11-21 18:24 - 2017-02-25 21:21 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-11-21 17:28 - 2014-07-08 12:58 - 000000000 ____D C:\Windows\Minidump
2017-11-21 16:52 - 2017-08-14 14:42 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-21 16:51 - 2009-07-13 21:20 - 000000000 ____D C:\Program Files\Color Chat
2017-11-21 16:46 - 2014-12-26 14:54 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-20 21:23 - 2017-02-04 18:30 - 000000000 ____D C:\Users\Timo\Desktop\Blender MODELS
2017-11-18 12:47 - 2017-03-13 13:52 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-14 19:03 - 2014-03-03 19:51 - 000003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-426254898-1232359064-3194617754-1000UA
2017-11-14 19:03 - 2014-03-03 19:51 - 000003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-426254898-1232359064-3194617754-1000Core
2017-11-14 14:21 - 2014-01-25 16:04 - 000000000 ____D C:\Windows\system32\MRT
2017-11-14 14:17 - 2017-10-12 02:00 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-14 14:17 - 2014-01-25 16:04 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-13 21:15 - 2017-08-14 14:41 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 21:15 - 2017-08-14 14:41 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-10 20:04 - 2017-04-09 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-10 20:04 - 2014-01-24 18:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-10 20:04 - 2014-01-24 17:07 - 000000000 ____D C:\Temp
2017-11-10 20:03 - 2014-01-24 18:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-10 20:03 - 2014-01-24 18:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-09 18:19 - 2009-07-13 23:08 - 000032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-03 21:48 - 2016-07-15 11:58 - 000000000 ____D C:\Users\Timo\Desktop\Maps  and Map VMF
2017-11-03 21:46 - 2017-03-30 13:57 - 000000000 ____D C:\Users\Timo\Desktop\hardcore survival scripts
2017-10-28 10:19 - 2017-03-21 11:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer
 
==================== Files in the root of some directories =======
 
2017-01-25 14:55 - 2017-01-25 14:55 - 000000600 _____ () C:\Users\Timo\AppData\Roaming\PUTTY.RND
2014-12-25 09:22 - 2015-01-19 10:04 - 000000134 _____ () C:\Users\Timo\AppData\Roaming\WB.CFG
2015-01-16 21:04 - 2015-01-16 21:04 - 000000001 _____ () C:\Users\Timo\AppData\Local\DSI.DAT
2016-07-16 17:12 - 2017-11-23 10:21 - 000000600 _____ () C:\Users\Timo\AppData\Local\PUTTY.RND
2017-09-21 14:05 - 2017-09-21 14:05 - 000002943 _____ () C:\Users\Timo\AppData\Local\recently-used.xbel
2016-07-30 20:11 - 2016-07-30 20:12 - 000000000 _____ () C:\Users\Timo\AppData\Local\{1C93C62B-E9BD-470B-AAA5-332D99EE2797}
2016-08-02 16:53 - 2016-08-02 16:53 - 000000000 _____ () C:\Users\Timo\AppData\Local\{26A56B50-F8EF-4B95-9CD0-8AF2EC4F0DA3}
2016-07-25 17:16 - 2016-07-25 17:16 - 000000000 _____ () C:\Users\Timo\AppData\Local\{56DB064C-6D41-4A97-8A74-2443CC7FB9DB}
2016-08-06 19:10 - 2016-08-06 19:10 - 000000000 _____ () C:\Users\Timo\AppData\Local\{5C315AF6-A433-42FD-B3D1-40414ED4E531}
2016-08-01 12:36 - 2016-08-01 12:36 - 000000000 _____ () C:\Users\Timo\AppData\Local\{6F36E8AF-C646-4DDE-AD76-B8E155BA12BC}
2016-08-05 15:55 - 2016-08-05 15:55 - 000000000 _____ () C:\Users\Timo\AppData\Local\{7FC4F1E1-5BD2-4B97-94CA-75B0E4F55312}
2016-07-31 21:21 - 2016-07-31 21:21 - 000000000 _____ () C:\Users\Timo\AppData\Local\{9A22AFBB-3E6C-486D-B72B-0009F230CE7E}
2016-08-01 13:23 - 2016-08-01 13:24 - 000000000 _____ () C:\Users\Timo\AppData\Local\{A285E90D-AD69-43CD-A94A-7127E0C573B3}
2016-10-18 13:51 - 2016-10-18 13:51 - 000000000 _____ () C:\Users\Timo\AppData\Local\{C378494E-498F-423E-B370-B651D8652454}
2016-07-30 20:39 - 2016-07-30 20:40 - 000000000 _____ () C:\Users\Timo\AppData\Local\{C98BDA3B-8D14-40FE-9ED9-822BD2F1D398}
2016-07-30 22:23 - 2016-07-30 22:23 - 000000000 _____ () C:\Users\Timo\AppData\Local\{D13C00B3-EAE1-4BB7-8C34-9B9B841306F3}
 
Files to move or delete:
====================
C:\Windows\Tasks\{28F86AC9-31C9-49E9-BF45-546EC8E83758}.job
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\snnruxbe.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-09-30 02:30
 
==================== End of FRST.txt ============================
 
 
Addition.txt contents:
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2017
Ran by Timo (24-11-2017 11:08:42)
Running from C:\Users\Timo\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-24 21:23:38)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-426254898-1232359064-3194617754-500 - Administrator - Disabled)
Guest (S-1-5-21-426254898-1232359064-3194617754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-426254898-1232359064-3194617754-1002 - Limited - Enabled)
Timo (S-1-5-21-426254898-1232359064-3194617754-1000 - Administrator - Enabled) => C:\Users\Timo
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Core SDK 1.0.4 (x64) (HKLM\...\{11ACCE3C-C179-472C-A8CA-0F467702B2DA}) (Version: 4.1.5012 - Microsoft Corporation) Hidden
.NET Core SDK 1.0.4 (x64) (HKLM-x32\...\{c56e80af-58a4-490b-a1cd-5718290133b9}) (Version: 1.0.4 - Microsoft Corporation)
3D Ripper DX v1.8.2 (HKLM-x32\...\3D Ripper DX_is1) (Version:  - Roman Lut)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Ad-Aware Browser (HKLM-x32\...\{8eeaf887-0023-4465-838c-9803df830008}) (Version: 45.1.0.30 - Lavasoft)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Autodesk License Service (x64) - 4.1 (HKLM\...\{B827D6B7-7731-43BA-92EC-916C89C88964}) (Version: 4.1.1.0 - Autodesk)
Autodesk Maya 2017 (HKLM\...\{847DE41D-1C5A-4A52-ADD4-AE708757EDBD}) (Version: 17.0.1720.0 - Autodesk) Hidden
Autodesk Maya 2017 (HKLM\...\Autodesk Maya 2017) (Version: 17.0.1720.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BMDview2 (HKLM-x32\...\{FD1CF181-42A8-44E1-8225-BA813B67B73F}) (Version: 2.3.0 - yaz0 Project)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
ClickRepair 3.9.3 and ClickRepairRT 1.3.2 (HKLM-x32\...\ClickRepair_is1) (Version:  - Caloundra Audio Restoration)
CopyFilenames 3.1 (HKLM\...\CopyFilenames_is1) (Version: 3.1 - ExtraBit Software)
Crafty 1.0.2 (HKLM-x32\...\Crafty_is1) (Version:  - Ryan Gregg)
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
GCFScape 1.8.6 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
GIGABYTE OC_GURU II (HKLM-x32\...\{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Happy Cloud Client (HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LEGO Universe (HKLM-x32\...\NetDevil_LEGO_Universe_is1) (Version:  - LEGO Software)
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version:  - Lexmark International, Inc.)
LogMeIn Hamachi (HKLM-x32\...\{380ED03E-FBF6-4927-9F0D-82F34C949E93}) (Version: 2.2.0.420 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.420 - LogMeIn, Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30637.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MtoA for Maya 2017 (HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\MtoA2017) (Version: 1.3.0.0 - Solid Angle)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.5.0.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.76 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.91.22.0 - Overwolf Ltd.)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.4.4 (HKLM-x32\...\{50F37472-CBAB-47C6-A318-4C2BAE04D8EB}) (Version: 3.4.16789 - Python Software Foundation)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.6.1 - ShareX Team)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Steam Customizer (HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\Steam Customizer) (Version: 1.00.00.00 - Blumont)
Team Fortress 2 Server (HKLM-x32\...\Team Fortress 2 Server) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{9E1EF6F7-ED70-4BD8-A1AE-83C5DEF0DA91}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{9d195149-5472-4c95-a051-3fd77af32a14}) (Version: 2.3.1479.2868 - Lavasoft)
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-426254898-1232359064-3194617754-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Timo\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-21] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-07] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ContextMenuHandlers1: [CopyPathShExt] -> {ED044D9D-66C2-4092-BAFC-1EFCA87F17D4} => C:\Program Files\CopyFilenames\CopyFilenames64.ocx [2010-07-15] (ExtraBit Software)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [SciTE] -> {C4ACBD3E-6114-4618-904C-B206ABA9DEB0} => C:\Program Files (x86)\SciTE\wscitecm64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] ()
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Timo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-05-27] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-21] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ContextMenuHandlers6: [CopyPathShExt] -> {ED044D9D-66C2-4092-BAFC-1EFCA87F17D4} => C:\Program Files\CopyFilenames\CopyFilenames64.ocx [2010-07-15] (ExtraBit Software)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {010FA010-24A1-4F88-B032-F2EB18A4B247} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-426254898-1232359064-3194617754-1000UA => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {069241C0-F3FF-47FE-9F0B-56C67B3B4DF6} - System32\Tasks\Open Chrome => c:\program files (x86)\Google\Chrome\Application\chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&lang=en
Task: {07751DBF-87C9-4365-B1B7-FA713C81926E} - System32\Tasks\{BC159976-CAB8-4990-AB5C-E57ECA7F11A1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {088BD097-CCCB-4ABB-B9E7-A29C1FB9FF4A} - System32\Tasks\SafeZone scheduled Autoupdate 1464353283 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {11485C75-E8EC-49FE-800B-27C0D23A6468} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-25] (NVIDIA Corporation)
Task: {12E584F1-D170-4555-966B-37E7F08BB4B5} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {155FBFC3-1099-47FC-BBDF-671499B39F89} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
Task: {19903B90-BC00-4441-BBB1-FFD5B03B80AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2A2E1D20-E173-45DA-90C3-8B03D33A1598} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {354F1AB2-8C89-452B-89E2-75654BFB63D5} - \PastaLeads -> No File <==== ATTENTION
Task: {43618792-05B2-47B4-9FD8-E37C9CDA820D} - System32\Tasks\{D376C906-73DE-4C05-8600-D21DD62ED2C8} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.23.85.105/en/abandoninstall?page=tsProgressBar
Task: {447DD2BA-1FE1-4911-96BD-0C2E930306A9} - System32\Tasks\{BB2CEC33-FB18-402A-8E0C-332552CC8F24} => C:\Windows\system32\pcalua.exe -a "C:\Users\Timo\Desktop\Steam Tools\putty.exe" -d "C:\Users\Timo\Desktop\Steam Tools"
Task: {4A5E488B-A1ED-4C11-9C10-2475D2EF1CAA} - System32\Tasks\{F824AEBF-AB35-4B30-9346-F7FC9950C5C1} => C:\Windows\system32\pcalua.exe -a C:\Users\Timo\Desktop\vcredist_x86.exe -d C:\Users\Timo\Desktop
Task: {4DBD5B59-279B-4C34-8511-400E8707114C} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => Q:\Omit\Gizmo Drive\gizmo.exe
Task: {5CE08602-9F07-41C2-8DA8-0343AB8CFDCE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-426254898-1232359064-3194617754-1000
Task: {5D6C6EA8-694C-49DB-931F-255BAB13DBB0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-426254898-1232359064-3194617754-1000Core => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {64BB4554-8834-46EE-A124-A5E950A4CBC0} - System32\Tasks\Microsoft\72287b00db547a778111b330374755ad => C:\Users\Timo\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {68444067-E997-4385-B8FB-BCB24DC1DEF4} - System32\Tasks\{1E8A400F-D4F7-446E-A8AD-64008D55564C} => C:\Windows\system32\pcalua.exe -a "Q:\SteamLibrary\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "Q:\SteamLibrary\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {6B72D749-24F4-4D54-A328-55C9D940E03A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {6CCB3A57-B3C9-4842-B2C3-D031EED26476} - System32\Tasks\{CA385929-CFC2-4CC0-B5D2-49E66A145C43} => C:\Windows\system32\pcalua.exe -a Q:\Brainless\EzUGCC.exe -d Q:\Brainless
Task: {7ABFDFB7-B71C-439F-A6D8-F2A403F3F6BF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-25] (NVIDIA Corporation)
Task: {7B4E50CB-A9C3-438D-86CA-4FCEC50029A3} - System32\Tasks\{554149FF-0EF2-425D-94B4-7F0E43E29030} => C:\Windows\system32\pcalua.exe -a C:\Users\Timo\Desktop\forge-1.8-11.14.3.1450-installer-win.exe -d C:\Users\Timo\Desktop
Task: {7F9A81CE-AAD7-464C-8081-48EA7920636D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-05] (AVAST Software)
Task: {8A513281-1534-4CE6-A83B-6C76ADC2C1A4} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {9904368A-48A0-4C56-A412-EF399CA78F4B} - System32\Tasks\{C49BDC02-3216-4A6D-A42B-C429877146D0} => C:\Windows\system32\pcalua.exe -a C:\Users\Timo\Desktop\1964_099-895.exe -d C:\Users\Timo\Desktop
Task: {9BA31AFB-F1DE-4707-9E57-40D346AF7A67} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-25] (NVIDIA Corporation)
Task: {9C43B698-50D7-4A30-9C8B-756436D191EB} - System32\Tasks\{A4D49DD4-73A9-4C60-AEFE-0F211791770B} => C:\Windows\system32\pcalua.exe -a C:\Users\Timo\Desktop\BruteforceSaveData\BruteforceSaveData\Msvbvm50.exe -d C:\Users\Timo\Desktop\BruteforceSaveData\BruteforceSaveData
Task: {9E821960-EC4E-4A24-974C-F296275DCFE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-14] (Google Inc.)
Task: {A7C1F94D-1542-4318-9388-9748D43B417D} - \ProfessionalPCCleaner_Popup -> No File <==== ATTENTION
Task: {A8F1B650-3AF7-4CF2-8F37-30BEFF239FB3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {AAF32C34-C1AC-415D-8807-9A282FD6DFF7} - System32\Tasks\{28F86AC9-31C9-49E9-BF45-546EC8E83758} => C:\Users\Timo\AppData\Local\{CBDEF~1\Sync.exe <==== ATTENTION
Task: {B2E624AB-34CB-4C08-90F3-0D71995488E7} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {C2B4CB30-E451-4205-A8EE-7085832D68DF} - System32\Tasks\AdobeAAMUpdater-1.0-Timo-PC-Timo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {C40961DE-8CC2-4288-B6BA-1CE6CBC853AF} - System32\Tasks\Google Updater and Installer => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C537B866-A4D9-4E59-A8BE-A39925C50F4C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12] (Oracle Corporation)
Task: {CC78A15B-9CFB-49DD-B2C8-56770A75A14F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-25] (NVIDIA Corporation)
Task: {D134BBD2-3066-49A1-B380-C179C0F9564D} - System32\Tasks\{F628A63E-1DE5-42A0-9CE1-41E2F19C6175} => C:\Windows\system32\pcalua.exe -a "C:\Users\Timo\Downloads\[Guru3D.com]-DDU\Display Driver Uninstaller.exe" -d C:\Users\Timo\Downloads\[Guru3D.com]-DDU
Task: {D59FD4A4-BD86-4530-A8EE-539A71C19AAA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-04-25] (NVIDIA Corporation)
Task: {D651B9DA-E4F8-4771-A396-6197DB1F88CB} - System32\Tasks\{979B4CE4-8008-42ED-AD50-9DBD53B348F1} => C:\Windows\system32\pcalua.exe -a C:\Users\Timo\Downloads\vcredist_x86.exe -d C:\Users\Timo\Downloads
Task: {DBB25C62-E74A-44A9-BDDD-7029A7435B65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-14] (Google Inc.)
Task: {EC68E101-814A-4CF6-8490-0BCCFAC8C922} - System32\Tasks\{188C1256-7862-4F7D-902D-661483CBDD04} => C:\Windows\system32\pcalua.exe -a Q:\BMDViewer\bmdview2.exe -d Q:\BMDViewer
Task: {F06C2199-D873-4C45-9DB8-4D42F4F02C4C} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {F933BF13-09C1-49B1-8EDA-038885DDCEDB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-04-25] (NVIDIA Corporation)
Task: {FD6C92DC-9D90-4BBF-ABCE-9021B966F1DC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-04-25] (NVIDIA Corporation)
Task: {FD6CE77D-F86D-4A9B-A294-D2BDA55ABDC2} - \ProfessionalPCCleaner_Start -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window hxxp:/toolbar.avg.com/
Task: C:\Windows\Tasks\{28F86AC9-31C9-49E9-BF45-546EC8E83758}.job => C:\Users\Timo\AppData\Local\{CBDEF~1\Sync.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Agent X - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-06 10:27 - 2015-05-27 22:15 - 000116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-19 10:18 - 2017-07-19 10:18 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-08-30 20:02 - 2015-02-27 13:38 - 000721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2017-03-07 20:42 - 2017-03-07 20:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-11-21 18:54 - 2017-11-21 18:54 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2014-07-01 07:21 - 2009-11-04 06:17 - 000189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2017-04-09 21:12 - 2017-04-25 23:40 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2009-05-18 11:32 - 2009-05-18 11:32 - 001416192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxecptpc.dll
2009-11-04 11:19 - 2009-11-04 11:19 - 000198656 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxecdrui.dll
2009-11-09 06:36 - 2009-11-09 06:36 - 000142336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxecPRPR.DLL
2017-04-05 14:16 - 2017-04-05 14:16 - 009162920 _____ () C:\Program Files\AVAST Software\Avast\AvastUI.exe
2014-12-25 09:58 - 2017-11-17 16:34 - 000502784 _____ () Q:\SteamLibrary\Steam\SteamApps\common\Team Fortress 2\bin\hlmv.exe
2017-11-23 20:49 - 2017-11-23 20:49 - 002350056 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9601\Battle.net Helper.exe
2017-05-16 17:09 - 2017-06-15 08:16 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2017-05-16 17:09 - 2017-06-15 08:15 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2017-04-09 21:12 - 2017-04-25 23:40 - 000900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-05 14:15 - 2017-04-05 14:15 - 000170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-04 16:21 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\Timo\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-05-16 17:09 - 2017-04-04 13:11 - 000052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2017-05-16 17:09 - 2017-04-04 13:11 - 000742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2017-05-16 17:09 - 2017-04-04 13:11 - 000195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2017-05-16 17:09 - 2017-04-04 13:11 - 000043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2017-05-16 17:09 - 2017-06-15 07:49 - 000279976 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
2017-05-16 17:09 - 2017-02-14 00:39 - 040640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2017-10-04 16:21 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\Timo\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-10-04 16:21 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\Timo\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-05-16 17:09 - 2017-02-14 00:39 - 000912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2017-05-16 17:09 - 2017-02-14 00:39 - 000134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2017-05-16 17:09 - 2017-02-14 00:39 - 000950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
2017-08-14 19:12 - 2017-10-06 12:47 - 009722360 _____ () \\?\C:\Users\Timo\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-14 19:12 - 2017-11-22 12:32 - 001494520 _____ () \\?\C:\Users\Timo\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-22 12:33 - 2017-11-22 12:33 - 000148992 _____ () \\?\C:\Users\Timo\AppData\Local\Temp\671B.tmp.node
2017-08-14 19:12 - 2017-08-14 19:12 - 002658296 _____ () \\?\C:\Users\Timo\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-14 19:13 - 2017-08-14 19:13 - 002673656 _____ () \\?\C:\Users\Timo\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-11-21 18:03 - 2017-11-21 18:03 - 001505272 _____ () \\?\C:\Users\Timo\AppData\Roaming\discord\0.0.298\modules\discord_game_utils\discord_game_utils.node
2017-04-09 21:13 - 2017-04-25 23:03 - 002442360 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-04-09 21:13 - 2017-04-25 23:03 - 000361920 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-04-09 21:13 - 2017-04-25 23:03 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-04-09 21:13 - 2017-04-25 23:03 - 000384120 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-04-09 21:13 - 2017-04-25 23:03 - 000467392 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-04-09 21:13 - 2017-04-25 23:03 - 000572024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2014-12-25 09:58 - 2017-11-17 16:34 - 000317216 _____ () Q:\SteamLibrary\Steam\SteamApps\common\Team Fortress 2\bin\tier0.dll
2014-12-25 11:36 - 2017-11-17 16:35 - 000215328 _____ () Q:\SteamLibrary\Steam\SteamApps\common\Team Fortress 2\bin\vstdlib.dll
2014-12-25 09:58 - 2017-11-21 17:03 - 000707360 _____ () Q:\SteamLibrary\Steam\SteamApps\common\Team Fortress 2\bin\filesystem_stdio.dll
2014-12-25 09:58 - 2017-11-17 16:34 - 001314080 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\materialsystem.dll
2014-12-25 09:58 - 2017-11-17 16:34 - 000529696 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\studiorender.dll
2014-12-25 09:58 - 2017-11-17 16:34 - 000916768 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\vphysics.dll
2014-12-25 11:36 - 2017-11-17 16:34 - 000295200 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\datacache.dll
2014-12-25 11:36 - 2017-11-17 16:35 - 000189216 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\soundemittersystem.dll
2014-12-25 11:37 - 2017-11-17 16:35 - 000185120 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\soundsystem.dll
2014-12-25 09:58 - 2017-11-17 16:34 - 000971552 _____ () Q:\SteamLibrary\Steam\SteamApps\common\Team Fortress 2\bin\shaderapidx9.dll
2014-12-25 09:58 - 2017-11-17 16:34 - 002308896 _____ () Q:\SteamLibrary\Steam\SteamApps\common\Team Fortress 2\bin\FileSystemOpenDialog.dll
2014-12-25 11:37 - 2017-11-17 16:35 - 000179488 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\stdshader_dbg.dll
2014-12-25 11:36 - 2017-11-17 16:35 - 000258848 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\stdshader_dx6.dll
2014-12-25 11:36 - 2017-11-17 16:35 - 000190240 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\stdshader_dx7.dll
2014-12-25 09:58 - 2017-11-17 16:34 - 000373536 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\stdshader_dx8.dll
2014-12-25 09:58 - 2017-11-17 16:34 - 000589088 _____ () q:\steamlibrary\steam\steamapps\common\team fortress 2\bin\stdshader_dx9.dll
2014-01-24 16:26 - 2017-09-09 13:25 - 000688416 _____ () Q:\SteamLibrary\Steam\SDL2.dll
2015-01-21 15:27 - 2016-08-31 19:02 - 004969248 _____ () Q:\SteamLibrary\Steam\v8.dll
2015-01-21 15:27 - 2016-08-31 19:02 - 001563936 _____ () Q:\SteamLibrary\Steam\icui18n.dll
2015-01-21 15:27 - 2016-08-31 19:02 - 001195296 _____ () Q:\SteamLibrary\Steam\icuuc.dll
2014-05-22 14:04 - 2017-10-30 21:22 - 002546976 _____ () Q:\SteamLibrary\Steam\video.dll
2014-08-28 14:40 - 2016-01-27 01:49 - 002549760 _____ () Q:\SteamLibrary\Steam\libavcodec-56.dll
2014-08-28 14:40 - 2016-01-27 01:49 - 000442880 _____ () Q:\SteamLibrary\Steam\libavutil-54.dll
2014-08-28 14:40 - 2016-01-27 01:49 - 000491008 _____ () Q:\SteamLibrary\Steam\libavformat-56.dll
2014-08-28 14:40 - 2016-01-27 01:49 - 000332800 _____ () Q:\SteamLibrary\Steam\libavresample-2.dll
2014-08-28 14:40 - 2016-01-27 01:49 - 000485888 _____ () Q:\SteamLibrary\Steam\libswscale-3.dll
2014-01-24 16:26 - 2017-10-30 21:22 - 000901408 _____ () Q:\SteamLibrary\Steam\bin\chromehtml.DLL
2016-03-09 12:19 - 2016-07-04 16:17 - 000266560 _____ () Q:\SteamLibrary\Steam\openvr_api.dll
2016-12-12 14:57 - 2017-08-16 16:28 - 073130272 _____ () Q:\SteamLibrary\Steam\bin\cef\cef.win7\libcef.dll
2017-06-15 07:40 - 2017-09-06 20:04 - 000678400 _____ () Q:\SteamLibrary\Steam\bin\cef\cef.win7\SDL2.dll
2015-01-21 15:27 - 2015-09-24 17:52 - 000119208 _____ () Q:\SteamLibrary\Steam\winh264.dll
2017-07-12 15:48 - 2017-08-16 16:29 - 001936672 _____ () Q:\SteamLibrary\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-12 15:48 - 2017-08-16 16:29 - 000113952 _____ () Q:\SteamLibrary\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2017-11-23 20:50 - 2017-11-23 20:50 - 000540336 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9601\ortp.dll
2017-11-23 20:49 - 2017-11-23 20:50 - 055782888 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9601\libcef.dll
2017-11-23 20:50 - 2017-11-23 20:50 - 000133632 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9601\libEGL.dll
2017-11-23 20:50 - 2017-11-23 20:50 - 003384832 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9601\libGLESv2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:AE184BA0BDBB682B [50]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-426254898-1232359064-3194617754-1000\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-12-26 15:08 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-426254898-1232359064-3194617754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: lxecCATSCustConnectService => 2
MSCONFIG\Services: lxec_device => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Razer Chroma SDK Service => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzSurroundVADStreamingService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk => C:\Windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\Timo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Discord => C:\Users\Timo\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
MSCONFIG\startupreg: Google Update => C:\Users\Timo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_AD54CFC87F4151BEE93C17CC93ABA7D3 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: lxecmon.exe => "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{0055A6CB-D527-464C-B29F-FCBCA94D4EC1}Q:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) Q:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{4E829B07-6BB1-43E8-82B9-16AA7297C9C2}Q:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) Q:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{49876928-9300-4DCD-ABDE-331426DE1476}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{DDD6167E-A3EB-4284-A907-375D7870A22E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D661A383-8440-4CA9-8F54-1DBE6F379653}] => (Allow) LPort=25565
FirewallRules: [{63E0312F-DB85-45D2-8A41-64CECDCA9534}] => (Allow) LPort=25565
FirewallRules: [{718CC0D7-1174-4968-8980-F138EE5B0BA8}] => (Allow) Q:\SteamLibrary\Steam\Steam.exe
FirewallRules: [{965E34F8-7ADB-43CB-96C6-5FFFDD1B7397}] => (Allow) Q:\SteamLibrary\Steam\Steam.exe
FirewallRules: [TCP Query User{2A0F2C03-EEAA-430E-BDBF-9EB213D0A879}Q:\steamlibrary\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) Q:\steamlibrary\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{95BAF28E-6DBA-40B3-BD8E-D937449F1657}Q:\steamlibrary\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) Q:\steamlibrary\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{30E596C4-95D8-4C1A-9431-13E5A5EBF3F9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BD305116-0DE2-443F-AC0B-6FF96267D4F9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1613768A-AC77-4AE0-AF56-053C604A3205}] => (Allow) LPort=25565
FirewallRules: [{46D7A55D-4A0A-4B9E-8255-B8BC5A92C9DF}] => (Allow) LPort=25565
FirewallRules: [{98935185-0F8F-4941-88F4-E58AA8A982A7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{7A72A65B-18F1-4027-BA18-11063207035A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E65F6334-6F03-41D2-A645-C9E96023E7D8}] => (Allow) C:\USERS\TIMO\APPDATA\ROAMING\THEFILEFOX\FILEFOXDM.EXE
FirewallRules: [{DBDCF5E0-F6FB-4DCC-9B73-88B34E38B000}] => (Allow) C:\USERS\TIMO\APPDATA\ROAMING\THEFILEFOX\FILEFOXDM.EXE
FirewallRules: [{53E6FA7A-3BE5-4879-9FE3-E3FBB13760F3}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{062E4337-43A8-4152-A0FC-ECDE008CE57A}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{3A81C1A6-99D5-40AA-895A-DFE69C85EE88}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{6FEB1A9F-5094-41F5-BDFE-1C4B9F35FD7A}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{2C6BC471-1250-4ABD-9781-99B9E2B6A361}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{C1054F36-481A-4D29-83FE-11A6C6E7AB34}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{B771D731-5A3A-4E6C-93C6-581CF08A4A7E}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{C37470A7-BB12-439F-BC8D-971626A6ABD5}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [TCP Query User{61D84909-40ED-4DE6-925C-36F58E0C7576}Q:\tf\srcds.exe] => (Allow) Q:\tf\srcds.exe
FirewallRules: [UDP Query User{8D831CF9-AAE3-4B96-85AF-354A64E2A317}Q:\tf\srcds.exe] => (Allow) Q:\tf\srcds.exe
FirewallRules: [TCP Query User{6DE09F78-EB98-4B07-8ABA-3B58B7FC8660}C:\users\timo\desktop\tf2server\srcds.exe] => (Allow) C:\users\timo\desktop\tf2server\srcds.exe
FirewallRules: [UDP Query User{75FEC50C-ACAB-4969-85AB-2C0DFFAC295F}C:\users\timo\desktop\tf2server\srcds.exe] => (Allow) C:\users\timo\desktop\tf2server\srcds.exe
FirewallRules: [{9215F235-EE39-4B9D-B6F9-08C4EE585491}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FC9D5E86-9834-4C94-A5DF-1A51FF2FBEF7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{8E555F9C-55E3-414C-A8D8-298785719F50}Q:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FB98447E-9D19-45A5-AE05-BEBD5762FD44}Q:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B04BE82C-F2D1-487F-A07E-937EC7920A1A}C:\users\timo\desktop\luni server release\luni server release\luni server.exe] => (Allow) C:\users\timo\desktop\luni server release\luni server release\luni server.exe
FirewallRules: [UDP Query User{FDD39806-0631-4D8F-8297-2A3BB78DB0C3}C:\users\timo\desktop\luni server release\luni server release\luni server.exe] => (Allow) C:\users\timo\desktop\luni server release\luni server release\luni server.exe
FirewallRules: [{4E3E6A25-37DC-40F0-8F2C-5AAE270DEAF3}] => (Allow) Q:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{B0CAA333-B3DE-4ED3-A4E1-D36A8434AFEE}] => (Allow) Q:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{FAF17AA2-D1A2-495A-AA6B-95E98FEFABC8}] => (Allow) Q:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{0321A6D9-3D33-4C90-973A-665A63D62954}] => (Allow) Q:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{D0FD3246-C79C-4165-B059-65756AE560F9}] => (Allow) Q:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{9B088009-C0AB-468C-93D7-B4523E24D2E5}] => (Allow) Q:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [TCP Query User{52E09997-7719-445B-A4E8-7D3A24F0A24E}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{A280CAFD-A637-4424-A2CB-2F0C81DAF44B}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{F9B84A35-311A-4DC4-8B6D-8604ABB965E9}] => (Allow) C:\Windows\system32\LXECcoms.exe
FirewallRules: [{2976673A-E0DE-4C2A-BB52-5F8AC3887D30}] => (Allow) C:\Windows\system32\LXECcoms.exe
FirewallRules: [{9E7B90CD-06EF-48F1-AFA8-92019AA1F55C}] => (Allow) C:\Windows\system32\LXECcoms.exe
FirewallRules: [{94F917EB-138B-4213-A389-11B8350D90A8}] => (Allow) C:\Windows\system32\LXECcoms.exe
FirewallRules: [{1873B3EE-E31C-4ACD-98B6-DB38B5E38503}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{AD6AD7BB-7DFE-4690-8674-C15D11BED778}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{34544DE7-0D87-483F-9C3B-F4EA2EC2E21F}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{16F05804-8A79-4DE6-B955-ED2D601FB6FB}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{2C984BB0-0C36-49DC-8BFF-76EB4B417BB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E36F6254-0A4E-4533-A823-F2869CE3D8C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1F2B465-E86A-4F9D-BB2F-948B1E268205}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E248E3F-755A-405B-B2D0-F3A02EE2C170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9F851ECF-D4CF-4F07-99E6-B34B9C1D32C7}C:\program files (x86)\team fortress 2 - dedicated server\server\srcds.exe] => (Allow) C:\program files (x86)\team fortress 2 - dedicated server\server\srcds.exe
FirewallRules: [UDP Query User{37BE665E-FFB9-45EA-9B7C-F449F85957F3}C:\program files (x86)\team fortress 2 - dedicated server\server\srcds.exe] => (Allow) C:\program files (x86)\team fortress 2 - dedicated server\server\srcds.exe
FirewallRules: [{D1E91D88-7EAD-4D71-BEDC-776286E3A3D1}] => (Allow) Q:\SteamLibrary\Steam\bin\steamwebhelper.exe
FirewallRules: [{055E633E-1DCE-48B1-83B4-4D85E895176F}] => (Allow) Q:\SteamLibrary\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{D9F8765E-B77E-43D3-ACD8-93DACABC7CBC}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{935F163D-DB0D-4830-890B-63E42B0EE10A}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{7A269B70-C438-4DDF-85A1-D0277170CFE8}Q:\games\overwatch\overwatch.exe] => (Allow) Q:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{96CD4982-19FE-4BD3-B73B-E38D0CFEB13B}Q:\games\overwatch\overwatch.exe] => (Allow) Q:\games\overwatch\overwatch.exe
FirewallRules: [{E22A517B-15B1-4A72-AC61-F1DFB29122CC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{298110C1-F91A-435A-93D9-F1257ED2B04D}Q:\unity\editor\unity.exe] => (Allow) Q:\unity\editor\unity.exe
FirewallRules: [UDP Query User{1D310258-0611-425E-91DF-826D9C9DA07C}Q:\unity\editor\unity.exe] => (Allow) Q:\unity\editor\unity.exe
FirewallRules: [TCP Query User{EFFBB6F6-0853-4BF4-8658-1DEBE0A9EE49}C:\users\timo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\timo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{768A9DBB-9E7E-4464-8AF4-A3F1932FC982}C:\users\timo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\timo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{6700F872-51DF-4949-AC00-2182B52807FC}Q:\games\overwatch test\overwatch.exe] => (Allow) Q:\games\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{958D15CC-E2E1-4026-A651-07194EEA897B}Q:\games\overwatch test\overwatch.exe] => (Allow) Q:\games\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A1DEA68C-9A7E-4EA2-990B-82BABE08D585}C:\users\timo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\timo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{61C534CC-0421-49F9-B3F3-47213CF729F7}C:\users\timo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\timo\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7DA49EDF-1D46-432E-8AF3-EEBF0189C107}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2836206B-F8CE-47BC-830E-991E685BD6B6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F3452C5F-3EBE-4139-863E-2E4F59283A8F}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{4AA1E099-FD4C-4072-ACD1-D5A7B7444ACF}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{2BCF608C-3F08-4FF8-8018-CF983E3E0563}Q:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Block) Q:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F95B37D6-B0CD-4B21-A90B-E3552E740E30}Q:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Block) Q:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0E028FC4-40B0-4630-827C-A46C758ABE04}Q:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{67150FEF-4BD8-4E1A-B4C2-BF6FE23D4A99}Q:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{34C2D693-F078-423F-B576-6D818F75B7E2}] => (Allow) Q:\SteamLibrary\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9F66EF45-2A02-4546-AF8D-D5343321DB5D}] => (Allow) Q:\SteamLibrary\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2F2C10B2-EEA6-4DE5-A553-7026BBF2CFD4}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{944AE94A-8C88-4C88-82FA-166FBA9E1CF4}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [TCP Query User{1B0BAF4F-89CC-4717-A263-17FDABF049F1}C:\program files (x86)\yareel\yareel.exe] => (Block) C:\program files (x86)\yareel\yareel.exe
FirewallRules: [UDP Query User{4AD6E94C-DCBF-4D5A-8336-3B6E18058D6F}C:\program files (x86)\yareel\yareel.exe] => (Block) C:\program files (x86)\yareel\yareel.exe
FirewallRules: [TCP Query User{67258A7C-F741-4D86-91F9-B11296D2D0E2}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe] => (Allow) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe
FirewallRules: [UDP Query User{A77F03C5-290E-4EE9-A2C9-7B46F761AF7D}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe] => (Allow) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe
FirewallRules: [{06AE7C22-E331-4730-9D1C-D474A779B3F0}] => (Block) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe
FirewallRules: [{398428DC-6DE3-4CC5-ADCA-42B4B9705594}] => (Block) C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe
FirewallRules: [{9CFDB2EC-144F-4DD1-A748-D278B92A1DD1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{AB816FDA-D3E1-49FC-B1B0-73FA4101EBA0}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8B4BF601-0227-41DB-821C-6063318585DB}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{91BC1BED-4230-4C95-B3FD-0E8309333C69}Q:\steamlibrary\steam\steamapps\common\alien swarm\swarm.exe] => (Block) Q:\steamlibrary\steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{D3D59A27-6B27-4E7B-A008-8A4D9448137A}Q:\steamlibrary\steam\steamapps\common\alien swarm\swarm.exe] => (Block) Q:\steamlibrary\steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{6884747B-FD96-46B5-AFD4-B85A6065B09B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{58E57C93-EA47-43B0-93FC-01A411EC91F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B857EAF9-5F12-481A-8D4B-0BB09D5A2B57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{28E17FF3-7E96-44F8-9DB4-35ADD1B7DE55}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{80728535-974F-4670-A1D6-FBA1341999BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E543D877-E4BA-4210-AF5F-902E93E63225}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{BC850886-1BC5-4B32-8FA9-E967B4F0E6F4}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{DC49EE9A-50E6-4A1C-8F1C-7F68D38E3BA5}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{75969354-33B1-4696-A771-AD5D5F261907}Q:\steamlibrary\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) Q:\steamlibrary\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{ABA34C8F-A278-4EDB-9AFA-E7F957D6359F}Q:\steamlibrary\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) Q:\steamlibrary\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{4C12CCF9-05BB-4D3A-A8C6-216CDE8573E7}] => (Block) Q:\steamlibrary\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{116F66D1-47B9-453D-A617-892E625BBB9F}] => (Block) Q:\steamlibrary\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{DEF36B1C-EDA1-43F5-9FFC-30767A1B131B}Q:\games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AE006521-A45D-49E7-ACDE-55899338729F}Q:\games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{E3277193-9F04-4F25-A392-95EFA7880267}] => (Block) Q:\games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{251C6D55-4593-4458-9318-94AC67F2CD85}] => (Block) Q:\games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{86C8E8BF-F23E-4DB5-B79A-AF3239E6C389}Q:\games\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{9493A109-F625-4805-B67F-9FEF1F65F47D}Q:\games\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) Q:\games\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{5E1B6448-94D5-4E24-82FB-F56CBA4CEE26}] => (Block) Q:\games\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{11C8F992-BD43-4803-A15E-75793D3A20C7}] => (Block) Q:\games\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{72FF3BA5-4ABE-4298-8080-5163E6275679}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF130D1D-706F-4D6B-946A-8FD4678F5621}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DCC87895-1743-4C47-B3B3-D0013BC30D4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1608DF29-23E0-4C14-9A58-C38442F7CAEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C2594A10-B0D2-4391-BFC1-FF32204C8F92}C:\users\timo\downloads\megadownloader_v1.7.exe] => (Allow) C:\users\timo\downloads\megadownloader_v1.7.exe
FirewallRules: [UDP Query User{F1492580-0C44-412B-9BE4-2FC8105F5ED8}C:\users\timo\downloads\megadownloader_v1.7.exe] => (Allow) C:\users\timo\downloads\megadownloader_v1.7.exe
FirewallRules: [{D4AEF1CF-41FD-482F-B5BC-DA74D707F5C3}] => (Block) C:\users\timo\downloads\megadownloader_v1.7.exe
FirewallRules: [{4621C14B-083E-4683-855A-A939E820BCBD}] => (Block) C:\users\timo\downloads\megadownloader_v1.7.exe
FirewallRules: [TCP Query User{FDB6445A-3C7C-400A-A307-FF370B59069F}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [UDP Query User{A6F5F885-F1B2-4937-B984-30179B214CB6}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [{2C7992AA-F2B0-47CA-A177-1F66D97118D5}] => (Block) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [{1DDBD023-31A9-4669-8E05-7F8AAD0507BA}] => (Block) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [{D4826202-3E46-4518-84AC-C9128345FCA2}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{8527D08F-2B40-474C-AD89-8D429B971E8D}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{50448FC6-8874-4AEB-B77C-C4E01FE0C904}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{2273ADF4-EE8A-4D44-9564-745BE858E09A}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{DF532991-DADA-4566-A4DC-C40598F39830}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A1BDBCF6-03E3-47D0-A0C2-56AEE238813C}] => (Allow) N:\SteamLibrary\steamapps\common\Tembo The Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{51030244-BD9D-4B0F-8BB7-E4EBD40197F0}] => (Allow) N:\SteamLibrary\steamapps\common\Tembo The Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{40A8F89D-5720-42CB-B7FB-20B02C89EE3E}] => (Allow) N:\SteamLibrary\steamapps\common\Mini Ninjas\ninja.exe
FirewallRules: [{2E9752C9-5F46-49FE-A99C-BD70315F450B}] => (Allow) N:\SteamLibrary\steamapps\common\Mini Ninjas\ninja.exe
FirewallRules: [{B0052A98-0BD5-442C-8332-5D381DA3C410}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{44283691-2A95-4BAF-AFD6-9B5CE9AF8F9B}] => (Allow) Q:\SteamLibrary\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{E4C0E7D4-81D5-4632-AC52-A245D811180F}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{F279EA7F-84FD-4355-9F0C-9D2FD3344405}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B4481289-91C2-4CDF-91C1-F10F08CD4E09}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{298132C4-A87F-4F0B-A55B-1B79211934BE}] => (Allow) N:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0B73ECEC-E83A-4DE6-A633-1A45403DADF6}] => (Allow) N:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{AD5785C1-C928-4559-BAB7-515E169987E5}] => (Allow) N:\SteamLibrary\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{30E86E61-8D12-4BCE-8DF3-06376F601B4A}] => (Allow) N:\SteamLibrary\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/24/2017 10:40:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000005
Fault offset: 0x0000000000027ef6
Faulting process id: 0x1db8
Faulting application start time: 0x01d36542ec9ed9e7
Faulting application path: C:\Program Files\Windows Media Player\wmpnetwk.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 2abbeb26-d136-11e7-95a1-940d6c09157a
 
Error: (11/24/2017 10:20:54 AM) (Source: MsiInstaller) (EventID: 11310) (User: Timo-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Timo\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (11/24/2017 10:20:32 AM) (Source: MsiInstaller) (EventID: 11310) (User: Timo-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Timo\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (11/24/2017 10:20:24 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Media Player Network Sharing Service because of this error.
 
Program: Windows Media Player Network Sharing Service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: E9F678AC
Disk type: 0
 
Error: (11/24/2017 10:20:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: drmv2clt.dll, version: 11.0.7601.23471, time stamp: 0x57603c31
Exception code: 0xc000001d
Fault offset: 0x00000000000778ac
Faulting process id: 0x154c
Faulting application start time: 0x01d365402074e177
Faulting application path: C:\Program Files\Windows Media Player\wmpnetwk.exe
Faulting module path: C:\Windows\system32\drmv2clt.dll
Report Id: 5f4edcda-d133-11e7-95a1-940d6c09157a
 
Error: (11/23/2017 10:40:14 PM) (Source: MsiInstaller) (EventID: 11310) (User: Timo-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Timo\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (11/23/2017 10:39:46 PM) (Source: MsiInstaller) (EventID: 11310) (User: Timo-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Timo\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (11/23/2017 09:54:43 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Media Player Network Sharing Service because of this error.
 
Program: Windows Media Player Network Sharing Service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: E87078AC
Disk type: 0
 
Error: (11/23/2017 09:54:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: drmv2clt.dll, version: 11.0.7601.23471, time stamp: 0x57603c31
Exception code: 0xc000001d
Fault offset: 0x00000000000778ac
Faulting process id: 0x22c8
Faulting application start time: 0x01d364d7f53b96f5
Faulting application path: C:\Program Files\Windows Media Player\wmpnetwk.exe
Faulting module path: C:\Windows\system32\drmv2clt.dll
Report Id: 33b6a814-d0cb-11e7-95a1-940d6c09157a
 
Error: (11/23/2017 09:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b9c
 
Start Time: 01d364d05bf2ef0b
 
Termination Time: 18
 
Application Path: Q:\SteamLibrary\Steam\steamapps\common\Team Fortress 2\hl2.exe
 
Report Id: d0797a70-d0c3-11e7-95a1-940d6c09157a
 
 
System errors:
=============
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (11/24/2017 10:45:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-17 12:37:26.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-17 12:37:26.431
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 89%
Total physical RAM: 8174.69 MB
Available physical RAM: 828.61 MB
Total Virtual: 16347.56 MB
Available Virtual: 6247.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:18.04 GB) NTFS
Drive d: (CS5 Design Prem1) (CDROM) (Total:3.98 GB) (Free:0 GB) CDFS
Drive n: (The Bigger One) (Fixed) (Total:931.51 GB) (Free:903.16 GB) NTFS
Drive q: (TheBigOne) (Fixed) (Total:298.09 GB) (Free:64.69 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 1D913583)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 32314053)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AFCC13AD)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 24 November 2017 - 12:30 PM

Hi NikL725 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 NikL725

NikL725
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 25 November 2017 - 12:51 AM

Thank you! 

Alright, so it ran successfully, but did not find anything it seems.. I also ran a Malwarebytes scan too, and that didn't detect a single threat.

 

mbar-log :

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.11.24.06
  rootkit: v2017.10.14.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18697
Timo :: TIMO-PC [administrator]
 
11/24/2017 11:34:52 PM
mbar-log-2017-11-24 (23-34-52).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 359348
Time elapsed: 9 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 25 November 2017 - 10:15 AM

Alright. Do you have a USB Flash Drive? If so, how big is it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 NikL725

NikL725
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 25 November 2017 - 06:08 PM

I do. It can only hold 8 GB though



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 26 November 2017 - 09:56 AM

It'll be enough. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • A textfile called fixlog.txt will be on your desktop. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 NikL725

NikL725
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 26 November 2017 - 12:25 PM

It will not let me download fixlist. It claims I have Insufficient permissions. Can you just copy and paste the contents here so I can just make the txt file? Thanks and sorry



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 26 November 2017 - 05:19 PM

Insufficient permissions? Is that an error message from the forum? If so, I'll get an Admin to fix this as it isn't normal.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 NikL725

NikL725
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 26 November 2017 - 05:24 PM

Nope. It's a download error. Here is what it looks like:

 

YMbO2Dz.jpg

 

Probably caused from the virus too. Can't you just send me the contents of the txt so I can just make my own file? That would probably be a little bit faster



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 26 November 2017 - 05:33 PM

... This is weird.

And yes, I can. Copy/paste this in a .txt file and name it "fixlist.txt".
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 NikL725

NikL725
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 26 November 2017 - 06:14 PM

Well. This isn't good. When I try to rename the file to fixlist.txt, I am prompted with this..

 

V37JuSg.jpg

 

Which isn't a problem, except when I press Continue this shows..

 

VghzZIL.jpg

 

Not good :(



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 26 November 2017 - 08:28 PM

Are you able to download FRST and the fixlist.txt on another computer, put them on a USB Flash Drive, plug it in your infected computer and run the fix from there?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 NikL725

NikL725
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 26 November 2017 - 09:12 PM

Great! That worked!

Here are the contents of Fixlog.txt :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017 01
Ran by Timo (26-11-2017 20:10:17) Run:1
Running from C:\Users\Timo\Desktop
Loaded Profiles: Timo (Available Profiles: Timo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
                                                                                                                                                                    
*****************
 
 
==== End of Fixlog 20:10:17 ====
 
 
 
 
Did I do something wrong?


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 26 November 2017 - 09:16 PM

Well, the fixlist.txt is empty. Did you download this one?

https://www.bleepingcomputer.com/forums/index.php?app=core&module=attach&section=attach&attach_id=199964

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 NikL725

NikL725
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 26 November 2017 - 09:29 PM

I just copy and pasted the text you pasted above into a text document, named it fixlist.txt, sent it over to this computer with a flash drive, and went ahead and scanned






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users