Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Process Manager 32 bit using majority of CPU


  • This topic is locked This topic is locked
7 replies to this topic

#1 bsgguy

bsgguy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 18 December 2017 - 06:26 PM

A process "Windows Process Manager 32 bit" has been running in multiples and using up a majority of my cpu resulting in lowered framerate on video games and such. The FRST log would not complete until ran on safe mode. The processes are located in user/appdata/local and access is denied to the folders.

The folders are:

 

wmihstn

wmikhrz

 

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Balihaar Gill (administrator) on DESKTOP-92IB2RD (18-12-2017 16:48:46)
Running from C:\Users\Balihaar Gill\Downloads
Loaded Profiles: Balihaar Gill (Available Profiles: Balihaar Gill)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-12-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-01] (Power Software Ltd)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-3284949906-35164851-2144127762-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3284949906-35164851-2144127762-1001\...\Run: [VivePCClient] => C:\Program Files (x86)\ViveSetup\PCClient\Vive.exe [3974888 2017-09-25] (HTC)
HKU\S-1-5-21-3284949906-35164851-2144127762-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-3284949906-35164851-2144127762-1001\...\MountPoints2: {8c1c3da1-1ffd-11e7-9dab-a434d9e3816c} - "F:\LaunchU3.exe" -a
Startup: C:\Users\Balihaar Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-08-25]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{447d9083-d122-49d1-b1e2-9ef0447eda11}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{447d9083-d122-49d1-b1e2-9ef0447eda11}: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{5ec860b9-3b96-4620-b04a-77685b6b787d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{61ef5333-b7f2-4521-b5cc-4959d6c2ee8b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{677e62ee-2777-4d63-be43-fe377bd28d3c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6c28f398-54b9-4d27-a26d-3de9d3a28c46}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e377738e-db52-49ea-a39f-a744420b9df0}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e394ac9a&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e394ac9a&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3284949906-35164851-2144127762-1001 -> DefaultScope {7FFE714A-F712-4654-93E5-21A2392A9974} URL = 
SearchScopes: HKU\S-1-5-21-3284949906-35164851-2144127762-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3284949906-35164851-2144127762-1001 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e394ac9a&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-04] (Oracle Corporation)
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3284949906-35164851-2144127762-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-12-11] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default [2017-12-18]
CHR Extension: (Slides) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-03]
CHR Extension: (YouTube) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-03]
CHR Extension: (uBlock Origin) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-18]
CHR Extension: (Sheets) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-03]
CHR Extension: (Hulu) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdcdpnecfnfabhccldnddfpabcohoebi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-03]
CHR Extension: (Chrome Media Router) - C:\Users\Balihaar Gill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-12-17] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-12-17] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-09] ()
S4 HTC Account Service; C:\Program Files\HTC Account\Htc.Identity.Service.exe [71912 2017-09-07] (HTC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-11-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-11-14] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-11-14] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-11-14] (NVIDIA Corporation)
S4 ViveportDesktopService; C:\Program Files (x86)\ViveSetup\PCClient\ViveportDesktopService.exe [75496 2017-09-25] (HTC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-20] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
S4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-12-17] (AVG Technologies CZ, s.r.o.)
S1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-12-17] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-12-17] (AVG Technologies CZ, s.r.o.)
S0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-12-17] (AVG Technologies CZ, s.r.o.)
S0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-12-17] (AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-12-17] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-12-17] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-12-17] (AVG Technologies CZ, s.r.o.)
S1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-12-17] (AVG Technologies CZ, s.r.o.)
S1 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-12-17] (AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-12-17] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-12-17] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-12-17] (AVG Technologies CZ, s.r.o.)
S1 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-12-17] (AVG Technologies CZ, s.r.o.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [66136 2017-09-07] (Broadcom Corporation.)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [108608 2016-09-24] (Dokan Project)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel Corporation)
R4 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-12-18] (Malwarebytes)
S3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [9391896 2015-06-22] (Intel Corporation)
S3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7932160 2017-01-25] (Intel Corporation)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-11-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-18 16:47 - 2017-12-18 16:47 - 000252232 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-18 16:47 - 2017-12-18 16:47 - 000115536 ____N C:\WINDOWS\system32\Drivers\dumuybeh.sys
2017-12-18 16:47 - 2017-12-18 16:47 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-17 23:30 - 2017-12-17 23:44 - 000068219 _____ C:\Users\Balihaar Gill\Downloads\Addition.txt
2017-12-17 23:29 - 2017-12-18 16:48 - 000015126 _____ C:\Users\Balihaar Gill\Downloads\FRST.txt
2017-12-17 23:29 - 2017-12-18 16:48 - 000000000 ____D C:\FRST
2017-12-17 23:29 - 2017-12-17 23:29 - 002392064 _____ (Farbar) C:\Users\Balihaar Gill\Downloads\FRST64.exe
2017-12-17 23:19 - 2017-12-17 23:19 - 036195904 _____ (Adlice Software ) C:\Users\Balihaar Gill\Downloads\setup.exe
2017-12-17 23:18 - 2017-12-17 23:18 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Balihaar Gill\Downloads\rkill.exe
2017-12-17 23:18 - 2017-12-17 23:18 - 000002322 _____ C:\Users\Balihaar Gill\Desktop\Rkill.txt
2017-12-17 23:17 - 2017-12-17 23:17 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Balihaar Gill\Downloads\mbar-1.10.3.1001 (1).exe
2017-12-17 23:14 - 2017-12-17 23:14 - 008172032 _____ (Malwarebytes) C:\Users\Balihaar Gill\Downloads\AdwCleaner.exe
2017-12-17 23:03 - 2017-12-17 23:03 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys.151356979573402
2017-12-17 23:03 - 2017-12-17 23:03 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-12-17 23:03 - 2017-12-17 23:03 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-12-17 23:03 - 2017-12-17 23:03 - 000004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-17 23:03 - 2017-12-17 23:03 - 000002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2017-12-17 23:03 - 2017-12-17 23:03 - 000002113 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-12-17 23:03 - 2017-12-17 23:03 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Roaming\AVG
2017-12-17 23:01 - 2017-12-17 23:01 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-12-17 23:01 - 2017-12-17 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-12-17 22:58 - 2017-12-17 23:30 - 000000000 ____D C:\ProgramData\Avg
2017-12-17 22:58 - 2017-12-17 23:03 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\Avg
2017-12-17 22:58 - 2017-12-17 23:01 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\AvgSetupLog
2017-12-17 22:58 - 2017-12-17 23:01 - 000000000 ____D C:\Program Files (x86)\AVG
2017-12-17 22:58 - 2017-12-17 22:58 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Balihaar Gill\Downloads\AVG_Protection_Free_1606.exe
2017-12-17 22:58 - 2017-12-17 22:58 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-17 22:55 - 2017-12-17 22:55 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Balihaar Gill\Downloads\mbar-1.10.3.1001.exe
2017-12-13 15:28 - 2017-12-13 15:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3284949906-35164851-2144127762-1001
2017-12-12 23:17 - 2017-11-29 22:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-12 23:17 - 2017-11-29 22:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-12 23:17 - 2017-11-29 22:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-12 23:17 - 2017-11-29 22:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-12 23:17 - 2017-11-29 22:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-12 23:17 - 2017-11-29 22:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-12 23:17 - 2017-11-29 22:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-12 23:17 - 2017-11-29 22:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-12 23:17 - 2017-11-29 22:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-12 23:17 - 2017-11-29 21:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-12 23:17 - 2017-11-29 21:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-12 23:17 - 2017-11-29 21:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-12 23:17 - 2017-11-29 21:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-12 23:17 - 2017-11-29 21:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-12 23:17 - 2017-11-29 21:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 23:17 - 2017-11-29 21:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 23:17 - 2017-11-29 21:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 23:17 - 2017-11-29 21:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 23:17 - 2017-11-29 21:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-12 23:17 - 2017-11-29 21:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-12 23:17 - 2017-11-29 21:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-12 23:17 - 2017-11-29 21:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 23:17 - 2017-11-29 21:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-12 23:17 - 2017-11-29 21:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 23:17 - 2017-11-29 21:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-12 23:17 - 2017-11-29 21:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 23:17 - 2017-11-29 21:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-12 23:17 - 2017-11-29 21:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 23:17 - 2017-11-29 21:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 23:17 - 2017-11-29 21:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 23:17 - 2017-11-29 21:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-12 23:17 - 2017-11-29 21:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-12 23:17 - 2017-11-29 21:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-12 23:17 - 2017-11-29 21:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-12 23:17 - 2017-11-29 21:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 23:17 - 2017-11-29 21:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 23:17 - 2017-11-29 21:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 23:17 - 2017-11-29 21:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 23:17 - 2017-11-29 21:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 23:17 - 2017-11-29 21:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 23:17 - 2017-11-29 21:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 23:17 - 2017-11-29 21:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 23:17 - 2017-11-29 21:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-12 23:17 - 2017-11-29 21:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-12 23:17 - 2017-11-29 21:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-12 23:17 - 2017-11-29 21:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-12 23:17 - 2017-11-29 21:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-12 23:17 - 2017-11-29 21:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-12 23:17 - 2017-11-29 21:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-12 23:17 - 2017-11-29 21:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 23:17 - 2017-11-29 21:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-12 23:17 - 2017-11-29 21:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-12 23:17 - 2017-11-29 21:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-12 23:17 - 2017-11-29 21:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 23:17 - 2017-11-29 21:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 23:17 - 2017-11-29 21:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 23:17 - 2017-11-29 21:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-12 23:17 - 2017-11-17 04:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-12 23:17 - 2017-11-17 04:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-12 23:17 - 2017-11-17 04:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-12 23:17 - 2017-11-17 04:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-12 23:17 - 2017-11-17 04:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-12 23:17 - 2017-11-17 04:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-12 23:17 - 2017-11-17 04:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-12 23:17 - 2017-11-17 04:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-12 23:17 - 2017-11-17 04:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-12 23:17 - 2017-11-17 04:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-12 23:17 - 2017-11-17 04:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-12 23:17 - 2017-11-17 03:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-12 23:17 - 2017-11-17 03:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-09 21:55 - 2017-12-09 21:55 - 000014505 _____ C:\Users\Balihaar Gill\Desktop\yee.fig
2017-12-09 15:02 - 2017-12-09 15:12 - 005765632 _____ C:\Users\Balihaar Gill\Downloads\matlab_introduction.ppt
2017-12-08 15:37 - 2017-12-08 15:37 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\HelloNeighbor
2017-12-08 15:34 - 2017-12-08 15:34 - 000000737 _____ C:\Users\Balihaar Gill\Desktop\Hello Neighbor.lnk
2017-12-08 15:34 - 2017-12-08 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hello Neighbor
2017-12-08 15:31 - 2017-12-08 23:45 - 000000000 ____D C:\Users\Balihaar Gill\Desktop\Hello.Neighbor-CODEX
2017-12-08 15:31 - 2017-12-08 15:31 - 2451501973 _____ C:\Users\Balihaar Gill\Downloads\Hello.Neighbor-CODEX.rar
2017-12-05 23:15 - 2017-12-05 23:15 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-04 14:59 - 2017-12-04 14:59 - 000000000 ____D C:\Windows.old
2017-12-03 18:57 - 2017-12-03 18:57 - 000001106 _____ C:\Users\Balihaar Gill\Desktop\matlab - Shortcut.lnk
2017-12-03 18:53 - 2017-12-03 18:53 - 000000000 ____D C:\Users\Balihaar Gill\Documents\MATLAB
2017-12-03 18:53 - 2017-12-03 18:53 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Roaming\Subversion
2017-12-03 18:53 - 2017-12-03 18:53 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\MathWorks
2017-12-03 18:52 - 2017-12-03 18:52 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Roaming\MathWorks
2017-12-03 18:21 - 2017-12-03 18:21 - 000000000 ____D C:\Program Files\MATLAB
2017-12-03 18:18 - 2017-12-03 18:18 - 000000000 ____D C:\Users\Balihaar Gill\Desktop\MATLAB R2017a
2017-12-01 11:58 - 2017-12-01 11:58 - 000000000 ____D C:\Users\Balihaar Gill\Documents\KoeiTecmo
2017-12-01 11:58 - 2017-12-01 11:58 - 000000000 ____D C:\Users\Balihaar Gill\ansel
2017-11-30 23:46 - 2017-12-12 22:33 - 000000000 ____D C:\WINDOWS\Panther
2017-11-30 22:31 - 2017-12-17 22:53 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Roaming\PROXYGATE
2017-11-30 21:14 - 2017-11-30 21:14 - 000000077 _____ C:\wepkeys.txt
2017-11-30 17:37 - 2017-11-30 17:37 - 000002505 _____ C:\Users\Public\Desktop\inSSIDer Home.lnk
2017-11-30 17:37 - 2017-11-30 17:37 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\MetaGeek,_LLC
2017-11-30 17:37 - 2017-11-30 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
2017-11-30 17:37 - 2017-11-30 17:37 - 000000000 ____D C:\Program Files (x86)\MetaGeek
2017-11-30 11:18 - 2017-12-02 14:54 - 000000000 ____D C:\Users\Balihaar Gill\AppData\LocalLow\uTorrent
2017-11-30 11:04 - 2017-11-30 11:04 - 000000222 _____ C:\Users\Balihaar Gill\Desktop\Nioh Complete Edition.url
2017-11-25 18:34 - 2017-11-25 18:34 - 000000221 _____ C:\Users\Balihaar Gill\Desktop\Overgrowth.url
2017-11-22 11:09 - 2017-11-22 11:09 - 000000000 ____D C:\Users\Balihaar Gill\Downloads\Legend of Zelda, The - Collector's Edition (USA)
2017-11-22 10:03 - 2017-11-22 10:03 - 000000837 _____ C:\Users\Public\Desktop\Dolphin.lnk
2017-11-22 10:00 - 2017-11-22 10:11 - 000000000 ____D C:\Users\Balihaar Gill\Downloads\Legend of Zelda, The - Ocarina of Time
2017-11-22 09:49 - 2017-11-22 09:49 - 000001118 _____ C:\Users\Public\Desktop\Project64.lnk
2017-11-22 09:49 - 2017-11-22 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2017-11-22 09:49 - 2017-11-22 09:49 - 000000000 ____D C:\Program Files (x86)\Project64 2.3
2017-11-20 13:47 - 2017-11-20 13:50 - 000000000 ____D C:\Users\Balihaar Gill\Documents\Assassin's Creed Origins
2017-11-19 12:11 - 2017-11-19 12:11 - 000000222 _____ C:\Users\Balihaar Gill\Desktop\Assassin's Creed Origins.url
2017-11-18 14:12 - 2017-11-18 14:12 - 000000000 ____D C:\Users\Balihaar Gill\Downloads\The Legend of Zelda Breath of the Wild [ALZE01]
2017-11-18 13:23 - 2017-12-01 11:58 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\NVIDIA Corporation
2017-11-18 13:23 - 2017-11-18 13:59 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\NVIDIA
2017-11-18 13:23 - 2017-11-18 13:23 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-11-18 13:22 - 2017-12-18 16:44 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-18 13:22 - 2017-11-18 13:22 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-18 13:22 - 2017-11-18 13:22 - 000002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2017-11-18 13:22 - 2017-11-18 13:22 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-18 13:22 - 2017-11-14 17:48 - 001796216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-11-18 13:22 - 2017-11-14 17:48 - 001578104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-11-18 13:22 - 2017-11-14 17:48 - 000919160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-11-18 13:22 - 2017-11-14 17:48 - 000186488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-11-18 13:22 - 2017-11-14 17:48 - 000152696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-11-18 13:22 - 2017-11-14 17:48 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-11-18 13:22 - 2017-11-14 17:48 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-11-18 13:22 - 2017-11-14 14:55 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-18 13:22 - 2017-09-13 18:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-18 13:22 - 2017-09-13 18:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-18 13:22 - 2017-09-13 18:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-18 13:22 - 2017-09-13 18:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-18 13:20 - 2017-11-14 17:48 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-18 13:20 - 2017-11-14 17:48 - 000050808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-11-18 13:20 - 2017-11-14 17:48 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-11-18 13:19 - 2017-11-18 13:19 - 000000000 ____D C:\NVIDIA
2017-11-18 13:16 - 2017-11-18 13:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-18 13:16 - 2017-11-18 13:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-18 13:16 - 2017-11-18 13:22 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-18 11:32 - 2017-11-14 17:48 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438831.dll
2017-11-18 11:32 - 2017-11-14 17:48 - 001673664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438831.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 040237504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 035156600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 029272000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 023264864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 019038976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 013865256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 011780376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 010883928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 004484864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 001331016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 001321264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 001135280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 001044664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 001031288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000980928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000885496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000794576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000598648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-18 11:31 - 2017-11-14 17:48 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-18 16:47 - 2017-09-07 18:32 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\HTC_Neo
2017-12-18 16:47 - 2017-07-20 11:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-18 16:47 - 2017-07-20 11:00 - 000000000 ____D C:\Users\Balihaar Gill
2017-12-18 16:47 - 2017-03-18 06:40 - 016252928 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-18 16:47 - 2017-03-18 06:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-12-18 16:44 - 2016-09-03 21:20 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-18 15:51 - 2017-07-20 11:08 - 001644630 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-18 15:35 - 2017-09-13 21:32 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\wmihstn
2017-12-18 15:32 - 2017-07-20 11:03 - 000004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D19A3D6D-DE43-43E2-A8D8-91EDBEF2EACB}
2017-12-18 15:15 - 2017-07-20 10:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-18 11:10 - 2016-10-17 20:32 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\Adobe
2017-12-17 23:16 - 2017-11-13 15:58 - 000000000 ____D C:\AdwCleaner
2017-12-17 22:53 - 2017-09-13 21:26 - 000000000 ____D C:\Program Files (x86)\Xjz3ufiUVNFb Updater
2017-12-17 18:41 - 2016-10-02 17:01 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\CrashDumps
2017-12-14 22:42 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-13 09:13 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 08:48 - 2017-07-24 20:59 - 000003390 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3284949906-35164851-2144127762-1001
2017-12-13 08:48 - 2016-09-03 20:56 - 000002387 _____ C:\Users\Balihaar Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-13 08:48 - 2016-09-03 20:56 - 000000000 ___RD C:\Users\Balihaar Gill\OneDrive
2017-12-13 08:45 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-13 08:45 - 2016-02-13 08:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 02:16 - 2017-07-20 10:59 - 000229352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 02:16 - 2017-06-13 16:50 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-13 02:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 02:16 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-13 00:19 - 2016-09-04 11:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 00:18 - 2017-10-10 21:41 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 00:18 - 2016-09-04 11:40 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 20:01 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-12 19:59 - 2016-09-19 21:45 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\Ubisoft Game Launcher
2017-12-10 16:15 - 2016-11-07 14:17 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Local\UnrealEngine
2017-12-08 23:34 - 2016-09-03 21:07 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-08 22:00 - 2017-10-31 19:22 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-08 22:00 - 2017-10-31 19:22 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-02 14:55 - 2016-10-08 20:02 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Roaming\uTorrent
2017-12-01 21:25 - 2017-03-18 16:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 21:25 - 2017-03-18 16:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-01 11:21 - 2016-11-29 22:20 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-01 00:15 - 2016-12-01 01:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 22:43 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-22 10:03 - 2016-10-20 20:52 - 000000000 ____D C:\Program Files\Dolphin
2017-11-18 14:16 - 2017-10-01 22:29 - 000000000 ____D C:\Users\Balihaar Gill\AppData\Roaming\USB_HELPER
2017-11-18 14:12 - 2017-10-01 22:29 - 000001556 _____ C:\Users\Balihaar Gill\Desktop\WiiU_USB_Helper.lnk
2017-11-18 13:22 - 2017-09-07 18:38 - 000000000 ____D C:\temp
2017-11-18 13:22 - 2016-09-03 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2016-12-11 00:06 - 2017-06-10 08:26 - 000000329 _____ () C:\Users\Balihaar Gill\AppData\Roaming\WB.CFG
2017-06-09 20:59 - 2017-06-09 20:59 - 000000000 ___SH () C:\Users\Balihaar Gill\AppData\Local\LumaEmu
 
Some files in TEMP:
====================
2017-12-10 16:16 - 2017-12-12 23:41 - 000000000 _____ () C:\Users\Balihaar Gill\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-10 16:16 - 2017-12-12 23:41 - 000000016 _____ () C:\Users\Balihaar Gill\AppData\Local\Temp\55d7bc7137bffe009a2bf8242340c1e4.dll
2017-09-16 23:20 - 2015-03-05 07:54 - 002212008 _____ (Adobe Systems Incorporated) C:\Users\Balihaar Gill\AppData\Local\Temp\AdobeApplicationManager.exe
2017-09-13 21:24 - 2017-09-13 21:24 - 000024576 _____ (Note8 Simulator) C:\Users\Balihaar Gill\AppData\Local\Temp\instac.exe
2017-10-04 21:35 - 2017-10-04 21:35 - 000740416 _____ (Oracle Corporation) C:\Users\Balihaar Gill\AppData\Local\Temp\jre-8u144-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-11 13:04
 
==================== End of FRST.txt ============================
 
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Balihaar Gill (18-12-2017 16:49:06)
Running from C:\Users\Balihaar Gill\Downloads
Windows 10 Home Version 1703 15063.786 (X64) (2017-07-20 16:04:57)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3284949906-35164851-2144127762-500 - Administrator - Disabled)
Balihaar Gill (S-1-5-21-3284949906-35164851-2144127762-1001 - Administrator - Enabled) => C:\Users\Balihaar Gill
DefaultAccount (S-1-5-21-3284949906-35164851-2144127762-503 - Limited - Disabled)
Guest (S-1-5-21-3284949906-35164851-2144127762-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3284949906-35164851-2144127762-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
A Hat in Time (HKLM-x32\...\A Hat in Time_is1) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Clustertruck (HKLM-x32\...\1661530902_is1) (Version: 2.0.0.2 - GOG.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dishonored - Game of the Year Edition (HKLM-x32\...\Dishonored - Game of the Year Edition_is1) (Version:  - )
Dokan Driver (x64) (HKLM\...\{C550A790-4D58-4918-824A-192461614F6B}) (Version: 1.1.0.2 - HTC Corp.) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grow Home 1.0 (HKLM-x32\...\Grow Home 1.0) (Version: 1.0 - Èãðû íà Cat-A-Cat.NET)
Hello Neighbor (HKLM-x32\...\Hello Neighbor_is1) (Version:  - )
Hello.Neighbor.Alpha.3-ALI213 version 1.0 (HKLM-x32\...\{CCFEDEAB-E25A-43CB-9CBC-DF456FBE0317}}_is1) (Version: 1.0 - Ali213.net)
HTC Account (HKLM\...\{D5CD92A7-8ECC-46C9-A478-421F79ECA36F}) (Version: 1.5.1.5 - HTC Corp.) Hidden
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Wireless Bluetooth® (HKLM-x32\...\{FB766DC2-1CD7-4267-8275-E4B608BCE8C4}) (Version: 18.1.1525.1421 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Just Cause 3 XL Edition (HKLM-x32\...\Just Cause 3 XL Edition_is1) (Version:  - )
LEGO Island 2 (HKLM-x32\...\{85967580-EBC2-11D4-AEA3-0050046A88ED}) (Version:  - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MATLAB R2017a (HKLM\...\Matlab R2017a) (Version: 9.2 - MathWorks)
Max Payne 3 (HKLM-x32\...\Max Payne 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Microsoft OneDrive (HKU\S-1-5-21-3284949906-35164851-2144127762-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.1 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Portal (HKLM-x32\...\Portal) (Version:  - )
Portal 2 (HKLM-x32\...\AC7F4E43-1023-443F-9746-58A93E04D896_is1) (Version: 1.0.0.0 - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 beta r2858 - )
ROBLOX Player for Balihaar Gill (HKU\S-1-5-21-3284949906-35164851-2144127762-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Sleeping Dogs Definitive Edition version 1.0.0.0 (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: 1.0.0.0 - Mr DJ)
SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine)
Splinter Cell (HKLM-x32\...\Splinter Cell_is1) (Version:  - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surgeon Simulator 2013 Steam Edition 1.0 (HKLM-x32\...\Surgeon Simulator 2013 Steam Edition 1.0) (Version: 1.0 - Cat-A-Cat)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Vive (HKLM-x32\...\{7182c4e6-a6d3-4362-b058-33c6c1835a6a}) (Version: 1.1.3.21 - HTC Corp.) Hidden
Vive (HKLM-x32\...\{B3F88E45-7626-4BAD-9EB1-11CC5ACB2011}) (Version: 1.1.3.21 - HTC Corp.) Hidden
VIVE Software (HKLM-x32\...\VIVE Software) (Version: 1.0.1.109 - HTC)
ViveDriver (HKLM-x32\...\{8ff389b7-122a-494c-9d04-cb3165b8738d}) (Version: 1.1.0.8 - HTC Corp.)
ViveDummy (HKLM-x32\...\{1F9BDD9F-AB3D-4384-A080-80E713702ADE}) (Version: 0.9.0.4 - HTC) Hidden
VivePhoneServices (HKLM-x32\...\{51692281-D7BE-4F58-AA39-EC26FC082934}) (Version: 1.1.0.4 - HTC Corp.) Hidden
Viveport Companion (HKLM-x32\...\{aad49938-c948-4412-b4d2-959a57686c90}) (Version: 0.7.0.12 - HTC Corp.)
Viveport Companion (x86) (HKLM-x32\...\{0C5158E3-7065-4B44-83E8-D247387781CA}) (Version: 0.7.0.12 - HTC Corp.) Hidden
Viveport Diagnosis (HKLM-x32\...\{65524a09-f6cd-466c-a3d6-082080c7953b}) (Version: 1.2.0.38 - HTC Corp.)
Viveport Diagnosis (x86) (HKLM-x32\...\{672DE666-F6CF-4493-8D04-635CF75CE301}) (Version: 1.2.0.38 - HTC Corp.) Hidden
Viveport DirectX 9.0 (HKLM-x32\...\{be57836a-f280-46c1-ac84-5292ef323e92}) (Version: 1.1.0.3 - HTC Corp.)
Viveport DirectX 9.0 (x86/x64) (HKLM-x32\...\{58771A37-9B07-4B85-82D4-6189623F2255}) (Version: 1.1.0.3 - HTC Corp.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-17] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-17] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0146EE44-1053-4549-B0A2-B5376AE94A25} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-14] (NVIDIA Corporation)
Task: {14DB85B4-1E84-4263-B0B9-FEE5C9CF5198} - System32\Tasks\S-1-5-21-3284949906-35164851-2144127762-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-01] (Microsoft Corporation)
Task: {175E7450-F95D-450D-94A8-094466BC785E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {42388868-5DC8-4A6C-857D-4A1EA599D638} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-14] (NVIDIA Corporation)
Task: {43C09805-08A2-4C00-BDE2-1A6EF6603AC4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {4FC1D6E5-F9B9-448E-891F-9FB679958859} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-14] (NVIDIA Corporation)
Task: {5D6BD008-2FBC-4080-92DD-2841B0328E9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-31] (Google Inc.)
Task: {64DDF327-E105-47E4-ADF8-D692F9953A19} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-14] (NVIDIA Corporation)
Task: {6EDC0FC2-B681-4A99-8F65-62E17419C7E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7884DFC6-4265-4F3A-B2E0-847231E93094} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-14] (NVIDIA Corporation)
Task: {7B748D8F-C480-43C9-B0F6-FD4A7F8D192F} - System32\Tasks\Xjz3ufiUVNFb => xjz3ufiuvnfb.exe
Task: {A4D8FE9D-2675-41B9-924C-4396E6D47239} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {A74D78B2-5D0C-4DDF-B189-B9FAD63D797D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-14] (NVIDIA Corporation)
Task: {A8163237-9AC5-4D52-ABAE-0B1D98F2BA37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-31] (Google Inc.)
Task: {B157F882-8C27-4425-9E25-592910BBC25F} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-12-17] (AVG Technologies CZ, s.r.o.)
Task: {BCF0136F-78DC-428C-88A6-D94CD01F0C49} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-14] (NVIDIA Corporation)
Task: {D47C8D81-303B-4AB9-AAB7-F66B5741A54E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-14] (NVIDIA Corporation)
Task: {DDC4FC13-5641-44CD-B09D-681823823828} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F0EE05EA-C3B3-4000-92DC-A45B6B21C92B} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-92IB2RD-Balihaar Gill => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-25] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-31 14:11 - 2017-10-04 12:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2017-09-14 15:59 - 000001025 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3284949906-35164851-2144127762-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HTC Account Service => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: ViveportDesktopService => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
MSCONFIG\Services: ZeroConfigService => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{E4DDAAE1-E76C-4068-950E-2A0811892EB4}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{5FDF2235-29B1-4AF2-B319-814E1558CFBE}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{88FE2A81-1E4E-41B6-BC9F-4D370D272F05}C:\program files (x86)\games\portal 2\portal2.exe] => (Block) C:\program files (x86)\games\portal 2\portal2.exe
FirewallRules: [TCP Query User{0C6FA3E8-3E8B-44B1-AAC1-3D7C75BB70D6}C:\program files (x86)\games\portal 2\portal2.exe] => (Block) C:\program files (x86)\games\portal 2\portal2.exe
FirewallRules: [UDP Query User{20486FB6-A3B9-4E35-92CA-F27CAD732FD1}C:\users\balihaar gill\downloads\prey.cracked.by.baldman\prey.cracked.by.baldman\binaries\danielle\x64\release\prey.exe] => (Allow) C:\users\balihaar gill\downloads\prey.cracked.by.baldman\prey.cracked.by.baldman\binaries\danielle\x64\release\prey.exe
FirewallRules: [TCP Query User{61C82978-8407-41EC-B7CC-2DDE86FC3C92}C:\users\balihaar gill\downloads\prey.cracked.by.baldman\prey.cracked.by.baldman\binaries\danielle\x64\release\prey.exe] => (Allow) C:\users\balihaar gill\downloads\prey.cracked.by.baldman\prey.cracked.by.baldman\binaries\danielle\x64\release\prey.exe
FirewallRules: [{B9B50C8D-C479-4EB0-BF6C-EF6B33270B6A}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{56BAEE19-DD1B-4EAB-9E44-0DCEA4863522}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{3A97887A-9D08-408E-A7F1-1485C462E9C9}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{97DA56AB-0BD0-4AA7-A464-387731AF565B}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{2F289B65-56BB-45D8-BE37-00DDE1702AE9}] => (Allow) C:\Program Files (x86)\Mr DJ\Sleeping Dogs Definitive Edition\sdhdship.exe
FirewallRules: [{6DB4DF87-76F6-4185-BB8A-7D21B5C46170}] => (Allow) C:\Program Files (x86)\Mr DJ\Sleeping Dogs Definitive Edition\sdhdship.exe
FirewallRules: [{50656266-7CC2-4C7A-B501-C1299F6C8079}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{32E24F1D-D7C3-4A15-A3E9-D82EDF5EF5B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{213F34A0-157D-47DD-BD98-56CDF3FE9B8D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4435E128-E30A-4B8C-9682-1EAA67AA917D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{697D70A1-116A-43BD-A398-B3BD12D61046}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{DF349052-B422-4750-9A50-EDCA5DDC3151}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{B22D40C2-AC5D-49C6-B96F-77816AC8210D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{BD596095-3D0E-41A3-B5E4-066C506C545F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{7735E206-2CB3-409C-9807-CC21B2A53EF9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{D53D0E8F-1CE6-42EC-BDD3-167CA545C243}C:\users\balihaar gill\downloads\gang.beasts.v0.5.1\gang.beasts.v0.5.1\gang beasts.exe] => (Allow) C:\users\balihaar gill\downloads\gang.beasts.v0.5.1\gang.beasts.v0.5.1\gang beasts.exe
FirewallRules: [TCP Query User{A69E2235-2D39-41E5-ADE1-F78CDB98AC12}C:\users\balihaar gill\downloads\gang.beasts.v0.5.1\gang.beasts.v0.5.1\gang beasts.exe] => (Allow) C:\users\balihaar gill\downloads\gang.beasts.v0.5.1\gang.beasts.v0.5.1\gang beasts.exe
FirewallRules: [UDP Query User{F7A39694-FA2B-4D1F-BC54-3637C8DE1955}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [TCP Query User{788D22AD-D674-44F5-98DA-8EE5555CA431}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [{7F58900B-1E2E-47CC-BE80-B266A698DBF1}] => (Allow) D:\SteamLibrary\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{7AD4D704-E6D2-487C-8B44-FFA092FA3346}] => (Allow) D:\SteamLibrary\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{C93B93BA-6151-4821-A900-8B78EA88AC35}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{C3968278-BD98-4BB1-92DD-12607DC8F186}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [UDP Query User{1C163672-5FEF-46D3-9601-46507AC5334B}C:\users\balihaar gill\downloads\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe] => (Allow) C:\users\balihaar gill\downloads\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe
FirewallRules: [TCP Query User{2DD9E7C1-CB26-4DBC-9E59-BFF307DA5D7F}C:\users\balihaar gill\downloads\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe] => (Allow) C:\users\balihaar gill\downloads\human.fall.flat.v1.1.2\human.fall.flat.v1.1.2\human.exe
FirewallRules: [{2C891B43-2AFB-4DF9-AE2E-873CCC27A446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5ADC73AE-02BC-431E-B351-5FCC0A6A05B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{D27314E0-8472-456C-8CF4-406E1F92EDF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{92BBAE17-E82A-45DF-8812-F2DA261B713A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6A18EB4C-4C5D-42F0-98A7-635141CA483C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{B98A4A7E-FBD4-4A90-9E86-D28AAF5161BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [UDP Query User{18975A4A-5687-40F7-87F3-1AD864559A16}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{23C0FA9C-C4D1-4132-85CA-E04BD7029590}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{324C5347-F8C1-48DC-B3FF-153341F46BAB}C:\program files (x86)\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe] => (Allow) C:\program files (x86)\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{669F8CE7-FFB4-46E9-B32D-9521216A58C3}C:\program files (x86)\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe] => (Allow) C:\program files (x86)\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe
FirewallRules: [{C9240260-1ABC-4C9E-81D4-F241E24E6428}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE
FirewallRules: [{1F5BD13B-27D0-4B50-A190-DBC6438444A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE
FirewallRules: [UDP Query User{8EB1FAF8-1FCF-4935-9907-85F1776FB30F}C:\users\balihaar gill\desktop\hello.neighbor.alpha.1\hello.neighbor.alpha.1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\balihaar gill\desktop\hello.neighbor.alpha.1\hello.neighbor.alpha.1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe
FirewallRules: [TCP Query User{BBFA3AEC-8876-4BD4-9235-C25DCD9AA381}C:\users\balihaar gill\desktop\hello.neighbor.alpha.1\hello.neighbor.alpha.1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\balihaar gill\desktop\hello.neighbor.alpha.1\hello.neighbor.alpha.1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe
FirewallRules: [UDP Query User{1710B4F1-49BF-4A2E-8F84-0011349C173D}C:\users\balihaar gill\downloads\helloneighbor_pre_alpha_-_play_at_your_own_risk\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Allow) C:\users\balihaar gill\downloads\helloneighbor_pre_alpha_-_play_at_your_own_risk\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe
FirewallRules: [TCP Query User{01B7D4C6-B0F3-4C7D-9B8A-48247C9DDA71}C:\users\balihaar gill\downloads\helloneighbor_pre_alpha_-_play_at_your_own_risk\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Allow) C:\users\balihaar gill\downloads\helloneighbor_pre_alpha_-_play_at_your_own_risk\helloneighbor\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe
FirewallRules: [{A68069EC-B53A-4966-BE83-77F62959AE91}] => (Allow) LPort=1900
FirewallRules: [{0308B067-34B6-40D1-980F-AF0FC5942091}] => (Allow) LPort=2869
FirewallRules: [{38BE605B-D1DD-4436-AB7D-EA0AB0E988B6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6A3F381B-138D-41BB-9CBA-04CFA593BA17}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BFA8AB82-595C-499E-A4FB-7453D34B92A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C1FA767-ED28-467E-8AC1-2C9323692FF9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80EAB329-88CE-45BC-B185-AD289685E8EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ABF11FCC-24C3-43F3-BB9F-E37B71829C37}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{852CF095-566F-4D66-9DF6-2EAD7A5A2FD4}] => (Allow) C:\Users\Balihaar Gill\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{05FB55DE-56BF-4BA1-A69E-60873BEFED68}] => (Allow) C:\Users\Balihaar Gill\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{51429157-5BFE-41DE-A5B9-1AD2667A7BCD}] => (Allow) C:\Users\Balihaar Gill\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{73951EC9-BACE-4AE1-81FC-370BFDCFB534}] => (Allow) C:\Users\Balihaar Gill\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CF5F0DF-79AD-4503-87EC-A1EFC18E0D87}] => (Allow) C:\Users\Balihaar Gill\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0B78141-EE44-4717-A6BF-47D1362C0726}] => (Allow) C:\Users\Balihaar Gill\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7EF1E89C-D7BE-4707-B00B-1D10374F0E1E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD91A01A-1F0C-49EA-8A90-229C948DAECE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{13D7EF62-B9B3-496B-A5AA-A4A96B5FC27C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{55DF105B-9099-43BC-AB9D-99C51C743880}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{DF03EF6D-1ACB-41A7-9BCB-8FCFAE19F556}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{6F240348-7204-4420-AD09-AC571671FD35}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{9A58FC28-FDCD-4501-A3D0-B9D66DE8BB26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{15283AEF-6DAC-409E-8838-9CBE2F7D431C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{79745BB8-E824-4A15-AE4E-1239426EA9E9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{8A890E5B-429E-4D13-B79C-83C16151070B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{4A0AA31C-1ABD-4D57-91B3-F7960B35EB31}] => (Allow) D:\SteamLibrary\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{8D30E999-36AF-41B0-A794-4720B9D7395F}] => (Allow) D:\SteamLibrary\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [TCP Query User{187B28C4-6676-47AB-A40A-35802877D5FA}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{51F3A374-0223-41F6-AFED-3E3EDACF6D03}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{DC87CB21-EA69-4E47-82B4-30B1008370EF}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{DE0F62DF-9BDD-4729-8CE2-5E22F48772BA}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{2BB9CF74-4011-466B-B074-6117DED2F5A2}] => (Allow) D:\SteamLibrary\steamapps\common\Darkwood\Darkwood.exe
FirewallRules: [{5AA25170-2EA8-401C-A274-000745AE14AC}] => (Allow) D:\SteamLibrary\steamapps\common\Darkwood\Darkwood.exe
FirewallRules: [{7191CBAC-2E66-4F24-984E-A4B9B97A90FC}] => (Allow) D:\SteamLibrary\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{8EC481F4-2CCC-43A6-9830-C40554FEDBA7}] => (Allow) D:\SteamLibrary\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{4D9D4911-C3E2-4E38-A929-17FA4209BCDC}] => (Allow) D:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{C2915335-6792-47A8-BC85-A33F1D95B6B7}] => (Allow) D:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{B36AE020-23E6-47FF-A748-FC10474A0958}] => (Allow) C:\Program Files (x86)\ViveSetup\PCClient\web\apps\phone\nw.exe
FirewallRules: [{3986049E-8AC2-4358-BB5D-9E844C8A80AD}] => (Allow) C:\Program Files (x86)\ViveSetup\PCClient\web\apps\phone\vivephoneinit\VivePhoneInit.exe
FirewallRules: [{91085415-DD66-4448-B654-285B9AF01C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{4834772B-FC20-4CC1-A70C-C1AB9F0EE5F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{5C30E9DC-C8F8-4C10-B26E-5B9101EF1C99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{CC44EB6D-AFBD-4C0D-90EB-613DE9063EEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{2106AA35-F4D0-4C81-B7D3-DAA1376709F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{35CE36CA-83AD-4927-81AE-31378B7C722C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [TCP Query User{255EEF78-2735-4BF1-84AA-F231A49006CD}D:\superhot.vr.v1.0.1\superhot.vr.v1.0.1\superhotvr.exe] => (Allow) D:\superhot.vr.v1.0.1\superhot.vr.v1.0.1\superhotvr.exe
FirewallRules: [UDP Query User{4AB072E5-B51B-4221-AEEE-0115C756760A}D:\superhot.vr.v1.0.1\superhot.vr.v1.0.1\superhotvr.exe] => (Allow) D:\superhot.vr.v1.0.1\superhot.vr.v1.0.1\superhotvr.exe
FirewallRules: [TCP Query User{0CD1CAD0-EB11-42E3-92EA-22672E98C6C5}C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrdashboard.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrdashboard.exe
FirewallRules: [UDP Query User{2C5EB724-07D7-465C-8645-9F383615D0F9}C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrdashboard.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrdashboard.exe
FirewallRules: [TCP Query User{AC3E7930-B6CA-476C-8679-C3D125DD9AC9}C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrmonitor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrmonitor.exe
FirewallRules: [UDP Query User{29DD965E-7AD6-4584-8BCD-D8EA9D2BBBF5}C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrmonitor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\bin\win32\vrmonitor.exe
FirewallRules: [TCP Query User{22B75C11-A0BF-4E4D-9F6F-9FBAFBB4B005}D:\i.expect.you.to.die.steam.edition.vr\i.expect.you.to.die.steam.edition.vr\ieytd.exe] => (Allow) D:\i.expect.you.to.die.steam.edition.vr\i.expect.you.to.die.steam.edition.vr\ieytd.exe
FirewallRules: [UDP Query User{D1CA360E-FF38-46F1-94EE-76F61FE2E7D6}D:\i.expect.you.to.die.steam.edition.vr\i.expect.you.to.die.steam.edition.vr\ieytd.exe] => (Allow) D:\i.expect.you.to.die.steam.edition.vr\i.expect.you.to.die.steam.edition.vr\ieytd.exe
FirewallRules: [TCP Query User{6DA0EED5-FEBD-4C88-8A0E-D9DEB3687490}D:\hot.dogs.horseshoes.hand.grenades.update.44\hot.dogs.horseshoes.hand.grenades.update.44\h3vr.exe] => (Allow) D:\hot.dogs.horseshoes.hand.grenades.update.44\hot.dogs.horseshoes.hand.grenades.update.44\h3vr.exe
FirewallRules: [UDP Query User{38224BDE-8E2C-45EA-A13E-B70A3CDC6904}D:\hot.dogs.horseshoes.hand.grenades.update.44\hot.dogs.horseshoes.hand.grenades.update.44\h3vr.exe] => (Allow) D:\hot.dogs.horseshoes.hand.grenades.update.44\hot.dogs.horseshoes.hand.grenades.update.44\h3vr.exe
FirewallRules: [{AC488D77-E774-47BD-9C74-5B61848242AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{ED60B46E-2F8B-4A83-AD6B-C4DEE07A8986}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [TCP Query User{6CF3FCAD-E0BA-4FB9-B656-EF8CAB64CC4F}C:\users\balihaar gill\downloads\abode.vr\abode.vr\abode.exe] => (Allow) C:\users\balihaar gill\downloads\abode.vr\abode.vr\abode.exe
FirewallRules: [UDP Query User{CC6E9442-CDE3-4ADA-BA8B-E0E4FA22CD8D}C:\users\balihaar gill\downloads\abode.vr\abode.vr\abode.exe] => (Allow) C:\users\balihaar gill\downloads\abode.vr\abode.vr\abode.exe
FirewallRules: [TCP Query User{1DB63E51-7271-422C-B977-B4F0E40BD2F7}C:\users\balihaar gill\downloads\abode.vr (1)\abode.vr\abode.exe] => (Allow) C:\users\balihaar gill\downloads\abode.vr (1)\abode.vr\abode.exe
FirewallRules: [UDP Query User{F041ECA6-2880-4387-A474-7F48A4526759}C:\users\balihaar gill\downloads\abode.vr (1)\abode.vr\abode.exe] => (Allow) C:\users\balihaar gill\downloads\abode.vr (1)\abode.vr\abode.exe
FirewallRules: [{668D1BD6-53BE-4461-B7DC-B970C3A5CA6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{65317976-E80A-4D0F-B64E-5DE3AC3B19BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [TCP Query User{983F9206-4C28-445B-AE8E-8DB6A0D4E8EC}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{6952AE8C-9C15-469D-A13C-130B0F45610E}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{584E9C2A-518A-40F6-9ABB-959990973792}D:\max payne 3\maxpayne3.exe] => (Allow) D:\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{40BE8F72-67EC-48D4-9391-AB52AC4DFE8E}D:\max payne 3\maxpayne3.exe] => (Allow) D:\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{7CC37E4F-E7D6-4A11-9D7E-476871B7E6FE}C:\users\balihaar gill\downloads\wiiu_usb_helper.exe] => (Allow) C:\users\balihaar gill\downloads\wiiu_usb_helper.exe
FirewallRules: [UDP Query User{AA9C1796-8335-4597-9311-029481DB864A}C:\users\balihaar gill\downloads\wiiu_usb_helper.exe] => (Allow) C:\users\balihaar gill\downloads\wiiu_usb_helper.exe
FirewallRules: [{7B8EB221-EE49-44FC-A882-4FD90C8F846D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5F9F5E04-1C6F-4F19-8A15-F88596084891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{140497BA-AEBA-45A4-A1A9-664818BCB08B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{1BF378AC-7E14-4D79-BBAA-CA2E19B80CAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{73B28B9D-E2FF-45AD-887B-C49C5D9F7E11}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B8EC9ED8-1F79-4A02-A55E-F4BF49BD6DC2}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3CEB21C6-2057-458A-87CC-0FCA22317CF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8FEBF054-95C1-490B-82A0-2D9D3EA88ADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EDF70ADA-573D-4761-9DF1-18E8C1E14CA9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{46FB8892-0351-4951-8611-B5EA76BAD085}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{212BB2F8-0648-4EE7-820A-776BB2D7ACBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F936B7D9-6E33-4670-95BE-B13D74FDB402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe
FirewallRules: [{B6B0F2E1-FAAF-4D4A-B05D-2646AE7C6AE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe
FirewallRules: [{35C3BBE9-B67B-4108-B319-71D080ED50D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{9DBD1D8D-ED7C-41D5-A0AB-068B523353B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{775300AE-EC12-48D5-BF8D-E6770325BE77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{F55F7158-7CBA-4B9C-9520-3261A391F5F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{C6634689-A863-4412-BC0C-C5B9E1739E0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nioh\nioh_launcher.exe
FirewallRules: [{A27C0F25-D6EA-471C-87AC-2327886471A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nioh\nioh_launcher.exe
FirewallRules: [{F9F549A9-66DC-4669-B730-2C25D9C6E8F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nioh\nioh.exe
FirewallRules: [{865D3143-7E3A-4CA1-992D-B772D865EE7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nioh\nioh.exe
FirewallRules: [{DA823EA4-046D-4217-8002-B2915D432F33}] => (Allow) D:\Nioh\Nioh\nioh.exe
FirewallRules: [{2971804E-5D71-4988-B3DF-E44B53805D77}] => (Allow) D:\Nioh\Nioh\nioh.exe
FirewallRules: [{6BAF2D22-7B1C-4796-9B70-0D10F52A493C}] => (Allow) D:\Nioh\Nioh\nioh.exe
FirewallRules: [{DCA394C9-938F-400A-8519-DAF62864AB5D}] => (Allow) D:\Nioh\Nioh\nioh.exe
FirewallRules: [{C8DDD997-B4B2-4301-880F-03B758461DD5}] => (Allow) D:\Nioh\Nioh\nioh_launcher.exe
FirewallRules: [{314D65EC-0BD1-4EBB-8D8A-455DCAD6ED9E}] => (Allow) D:\Nioh\Nioh\nioh_launcher.exe
FirewallRules: [{1FD8D3C6-DE5B-4F4D-B16E-C1BFBA4DE119}] => (Allow) D:\Nioh\Nioh\nioh_launcher.exe
FirewallRules: [{268E3137-BC42-4A3C-A052-31C2EEA36D74}] => (Allow) D:\Nioh\Nioh\nioh_launcher.exe
FirewallRules: [TCP Query User{A3631C05-1CE5-454A-8E40-93E51115083E}D:\matlab\bin\win64\matlab.exe] => (Allow) D:\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{A81E389C-8DCB-4C3C-B51C-5729A3A568A7}D:\matlab\bin\win64\matlab.exe] => (Allow) D:\matlab\bin\win64\matlab.exe
FirewallRules: [TCP Query User{67EC7DC7-7F49-4A4B-8F5A-3CBC7B770404}D:\matlab\bin\win64\matlab.exe] => (Block) D:\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{0A92FDF5-C523-45F7-BF39-7BEAFADE2313}D:\matlab\bin\win64\matlab.exe] => (Block) D:\matlab\bin\win64\matlab.exe
FirewallRules: [{AA8EF1D7-50C2-4046-94F5-AE158821EB14}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3170AEC7-D53E-4202-AACF-4FB47280B69A}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BD4F8E81-4988-4CA1-8E12-6CE12EC69491}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{846CF8C3-5DC6-4832-A659-0A44E188BAD4}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{6D96D238-FEBF-4D83-BA39-88FEDD336992}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{4F2F78CE-734E-4B87-96FE-E688B7CCD56D}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FF1DCF38-2E56-4960-B4EF-6AA8B072F586}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C1A9F71F-860C-47CC-9B39-5B5E979A977E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{F7365F86-32BA-483A-B2FE-392E50642441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{CE70FBC2-1F01-4778-BF5D-DC9197892BCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EarthVR\Earth.exe
FirewallRules: [{3F6632DF-F0F2-4C46-B986-32E794A97E0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EarthVR\Earth.exe
 
==================== Restore Points =========================
 
10-12-2017 16:14:56 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/18/2017 03:42:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-92IB2RD)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/18/2017 02:58:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-92IB2RD)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (12/17/2017 11:44:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 438
 
Start Time: 01d377b8d7b00f95
 
Termination Time: 4294967295
 
Application Path: C:\Users\Balihaar Gill\Downloads\FRST64.exe
 
Report Id: f97602d1-6673-4138-9f13-beec6f8dd519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/17/2017 11:03:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/17/2017 06:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmibcro.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0x80000003
Fault offset: 0x0018f9c9
Faulting process id: 0x2e40
Faulting application start time: 0x01d3778739d8daa2
Faulting application path: C:\Users\Balihaar Gill\AppData\Local\wmihstn\wmibcro.exe
Faulting module path: C:\Users\Balihaar Gill\AppData\Local\wmihstn\libcef.dll
Report Id: 32cc1879-027a-4f1e-b2ab-a65ca9230677
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/13/2017 03:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmibcro.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0x80000003
Fault offset: 0x0018f9c9
Faulting process id: 0x1584
Faulting application start time: 0x01d3742611dd1dc8
Faulting application path: C:\Users\Balihaar Gill\AppData\Local\wmihstn\wmibcro.exe
Faulting module path: C:\Users\Balihaar Gill\AppData\Local\wmihstn\libcef.dll
Report Id: 9485d2f2-9d50-4e05-8163-b5a0bf1f2c62
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/09/2017 09:22:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-92IB2RD)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (12/06/2017 09:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000409
Fault offset: 0x00000000000ac71a
Faulting process id: 0x1f1c
Faulting application start time: 0x01d36096772da609
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4328bed8-c85f-40a6-8099-76d24a50ada9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/02/2017 12:59:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nioh.exe, version: 0.0.0.0, time stamp: 0x5a03de83
Faulting module name: nioh.exe, version: 0.0.0.0, time stamp: 0x5a03de83
Exception code: 0xc0000005
Fault offset: 0x00000000005d6db6
Faulting process id: 0x21fc
Faulting application start time: 0x01d36b974afc4601
Faulting application path: D:\Nioh\Nioh\nioh.exe
Faulting module path: D:\Nioh\Nioh\nioh.exe
Report Id: d4902773-9738-4c1b-9671-cc19dd479039
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/02/2017 12:58:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nioh.exe, version: 0.0.0.0, time stamp: 0x5a03de83
Faulting module name: nioh.exe, version: 0.0.0.0, time stamp: 0x5a03de83
Exception code: 0xc0000005
Fault offset: 0x00000000005d6de1
Faulting process id: 0x888c
Faulting application start time: 0x01d36b971d6d3728
Faulting application path: D:\Nioh\Nioh\nioh.exe
Faulting module path: D:\Nioh\Nioh\nioh.exe
Report Id: 496789a9-2920-4a14-a143-b9f72d113249
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (12/18/2017 04:49:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/18/2017 04:49:23 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/18/2017 04:49:06 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/18/2017 04:48:54 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/18/2017 04:48:47 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/18/2017 04:48:39 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/18/2017 04:48:35 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/18/2017 04:48:35 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/18/2017 04:48:35 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/18/2017 04:48:35 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-92IB2RD)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2017-11-13 14:45:24.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-13 14:45:24.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-13 13:55:54.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-13 13:55:54.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 11:48:45.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 11:48:45.965
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-11 22:23:09.225
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-11 22:23:09.224
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-10 16:43:48.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-10 16:43:48.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 7%
Total physical RAM: 16332.68 MB
Available physical RAM: 15130.32 MB
Total Virtual: 18764.68 MB
Available Virtual: 17764.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.67 GB) (Free:86.53 GB) NTFS
Drive d: (HDD) (Fixed) (Total:334.8 GB) (Free:44.59 GB) NTFS
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:3.81 GB) (Free:3.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 9F4E3956)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 335.4 GB) (Disk ID: 1549F232)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: C5DE68AB)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


Edited by hamluis, 18 December 2017 - 06:59 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 18 December 2017 - 11:16 PM

Hi bsgguy :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Open FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should appear on your desktop. Attach it in your next reply.
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 bsgguy

bsgguy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 19 December 2017 - 06:06 PM

Thank you for helping me!

 

I tried copying and pasting that text but when I hit fix frst said it required a fixlist.txt.

I then created a fixlist text and copied the text provided into that file.

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Balihaar Gill (19-12-2017 18:02:09) Run:1
Running from C:\Users\Balihaar Gill\Downloads
Loaded Profiles: Balihaar Gill (Available Profiles: Balihaar Gill)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo              F:                                         40500     FileInfo                  0     00000003  
FileInfo              C:                                         40500     FileInfo                  0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\HarddiskVolume5                    40500     FileInfo                  0     00000003  
FileInfo              D:                                         40500     FileInfo                  0     00000003  
FileInfo              G:                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000003  
WdFilter              F:                                        328010     WdFilter Instance         0     00000007  
WdFilter              C:                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\HarddiskVolume5                   328010     WdFilter Instance         0     00000007  
WdFilter              D:                                        328010     WdFilter Instance         0     00000007  
WdFilter              G:                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\Mup                               328010     WdFilter Instance         0     00000007  
Wof                   C:                                         40700     Wof Instance              0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   D:                                         40700     Wof Instance              0     00000003  
Wof                   G:                                         40700     Wof Instance              0     00000003  
luafv                 C:                                        135000     luafv                     0     00000003  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
ozpgkm                C:                                         45666     ozpgkm Instance           0     00000000  
ozpgkm                \Device\Mup                                45666     ozpgkm Instance           0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000000  
 
========= End of CMD: =========
 
 
========= dir /a:-d /o:d C:\windows\system32\drivers =========
 
 Volume in drive C has no label.
 Volume Serial Number is 86B8-7874
 
 Directory of C:\windows\system32\drivers
 
06/06/2015  07:16 AM            63,840 XtuAcpiDriver.sys
06/16/2015  06:17 PM                22 370b10230058190f00.bseq
06/16/2015  06:17 PM                22 370b12230058190f00.bseq
06/16/2015  06:37 PM           582,352 370b10060002220e00.sfi
06/22/2015  01:17 AM         9,391,896 Netwtw02.sys
01/20/2016  12:50 AM           202,032 TeeDriverW8x64.sys
03/28/2016  02:41 PM            23,040 netaapl64.sys
03/28/2016  02:41 PM            54,784 usbaapl64.sys
05/27/2016  01:26 AM                57 370b1223001e121000.bseq
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
09/03/2016  08:38 PM                 0 Msft_User_WpdFs_01_11_00.Wdf
09/09/2016  12:19 AM                57 370b1223002e221000.bseq
09/24/2016  04:24 PM           108,608 dokan1.sys
09/25/2016  08:35 PM                 0 Msft_User_WpdMtpDr_01_11_00.Wdf
10/01/2016  07:50 PM           137,280 scdemu.sys
12/12/2016  03:19 PM                57 370b12230072301000.bseq
01/13/2017  08:08 PM                57 370b12230078011100.bseq
01/13/2017  08:08 PM           600,850 370b12060002340e00.bseq
01/24/2017  08:22 PM         9,940,860 Netwfw04.dat
01/25/2017  12:25 AM         7,932,160 Netwtw04.sys
02/21/2017  10:55 AM           575,528 EasyAntiCheat.sys
03/18/2017  03:56 PM           120,224 pcmcia.sys
03/18/2017  03:56 PM            32,256 BthhfHid.sys
03/18/2017  03:56 PM            43,520 BthAvrcpTg.sys
03/18/2017  03:56 PM            49,152 circlass.sys
03/18/2017  03:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  03:56 PM           416,256 HdAudio.sys
03/18/2017  03:56 PM            46,592 hidir.sys
03/18/2017  03:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  03:56 PM            66,560 bthmodem.sys
03/18/2017  03:56 PM           134,656 USBAUDIO.sys
03/18/2017  03:56 PM           373,248 portcls.sys
03/18/2017  03:56 PM            97,280 drmk.sys
03/18/2017  03:56 PM           103,424 usbcir.sys
03/18/2017  03:56 PM            16,232 drmkaud.sys
03/18/2017  03:56 PM            27,136 usbprint.sys
03/18/2017  03:56 PM            39,424 monitor.sys
03/18/2017  03:56 PM            74,840 intelpep.sys
03/18/2017  03:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  03:56 PM            14,848 acpipmi.sys
03/18/2017  03:56 PM           533,920 bxvbda.sys
03/18/2017  03:56 PM         3,419,040 evbda.sys
03/18/2017  03:56 PM            20,480 AcpiDev.sys
03/18/2017  03:56 PM           122,880 capimg.sys
03/18/2017  03:56 PM           160,256 cdrom.sys
03/18/2017  03:56 PM           110,496 sbp2port.sys
03/18/2017  03:56 PM           238,080 1394ohci.sys
03/18/2017  03:56 PM           107,424 3ware.sys
03/18/2017  03:56 PM            27,040 amdxata.sys
03/18/2017  03:56 PM         1,135,512 adp80xx.sys
03/18/2017  03:56 PM            83,352 amdsata.sys
03/18/2017  03:56 PM           259,488 amdsbs.sys
03/18/2017  03:56 PM           132,000 arcsas.sys
03/18/2017  03:56 PM            30,720 wacompen.sys
03/18/2017  03:56 PM             9,728 bcmfn2.sys
03/18/2017  03:56 PM            64,416 HpSAMD.sys
03/18/2017  03:56 PM           123,808 lsi_sas2i.sys
03/18/2017  03:56 PM           108,960 lsi_sas.sys
03/18/2017  03:56 PM            82,848 lsi_sss.sys
03/18/2017  03:56 PM           103,328 lsi_sas3i.sys
03/18/2017  03:56 PM            64,416 MegaSas2i.sys
03/18/2017  03:56 PM            59,808 megasas.sys
03/18/2017  03:56 PM           575,904 megasr.sys
03/18/2017  03:56 PM            63,904 mvumis.sys
03/18/2017  03:56 PM            16,896 MTConfig.sys
03/18/2017  03:56 PM            58,784 percsas2i.sys
03/18/2017  03:56 PM           166,304 nvstor.sys
03/18/2017  03:56 PM           150,432 nvraid.sys
03/18/2017  03:56 PM            61,848 percsas3i.sys
03/18/2017  03:56 PM            81,824 sisraid4.sys
03/18/2017  03:56 PM            44,960 sisraid2.sys
03/18/2017  03:56 PM            31,136 stexstor.sys
03/18/2017  03:56 PM            57,856 umbus.sys
03/18/2017  03:56 PM           166,816 vsmraid.sys
03/18/2017  03:56 PM           305,568 VSTXRAID.SYS
03/18/2017  03:56 PM           102,816 cht4dx64.sys
03/18/2017  03:56 PM           347,032 cht4sx64.sys
03/18/2017  03:56 PM         2,104,224 cht4vx64.sys
03/18/2017  03:56 PM            13,824 errdev.sys
03/18/2017  03:56 PM           842,656 mlx4_bus.sys
03/18/2017  03:56 PM            32,160 winmad.sys
03/18/2017  03:56 PM           108,960 ndfltr.sys
03/18/2017  03:56 PM            64,920 winverbs.sys
03/18/2017  03:56 PM           526,240 ibbus.sys
03/18/2017  03:56 PM            32,768 fdc.sys
03/18/2017  03:56 PM            26,624 flpydisk.sys
03/18/2017  03:56 PM            18,432 sfloppy.sys
03/18/2017  03:56 PM            38,296 hidbatt.sys
03/18/2017  03:56 PM            92,064 IPMIDrv.sys
03/18/2017  03:56 PM           673,184 iaStorAV.sys
03/18/2017  03:56 PM           412,064 iaStorV.sys
03/18/2017  03:56 PM            19,352 msisadrv.sys
03/18/2017  03:56 PM            19,360 intelide.sys
03/18/2017  03:56 PM           194,464 ataport.sys
03/18/2017  03:56 PM            22,944 isapnp.sys
03/18/2017  03:56 PM            29,088 atapi.sys
03/18/2017  03:56 PM            16,800 pciide.sys
03/18/2017  03:56 PM            53,656 pciidex.sys
03/18/2017  03:56 PM            84,480 serial.sys
03/18/2017  03:56 PM            26,112 serenum.sys
03/18/2017  03:56 PM            44,960 mssmbios.sys
03/18/2017  03:56 PM            97,792 parport.sys
03/18/2017  03:56 PM            80,896 nvdimmn.sys
03/18/2017  03:56 PM           604,160 rt640x64.sys
03/18/2017  03:56 PM           101,376 pmem.sys
03/18/2017  03:56 PM            91,040 scmbus.sys
03/18/2017  03:56 PM            36,760 storufs.sys
03/18/2017  03:56 PM            78,752 uaspstor.sys
03/18/2017  03:56 PM            18,432 wmiacpi.sys
03/18/2017  03:56 PM            54,176 vdrvroot.sys
03/18/2017  03:56 PM           193,536 intelppm.sys
03/18/2017  03:56 PM            57,344 BasicDisplay.sys
03/18/2017  03:56 PM           172,544 amdppm.sys
03/18/2017  03:56 PM           176,640 amdk8.sys
03/18/2017  03:56 PM           172,032 processr.sys
03/18/2017  03:56 PM           102,816 disk.sys
03/18/2017  03:56 PM           167,328 spacedump.sys
03/18/2017  03:56 PM            83,360 volmgr.sys
03/18/2017  03:56 PM            29,600 uefi.sys
03/18/2017  03:56 PM            16,288 volume.sys
03/18/2017  03:56 PM           587,168 spaceport.sys
03/18/2017  03:56 PM            14,336 acpitime.sys
03/18/2017  03:56 PM            12,800 acpipagr.sys
03/18/2017  03:56 PM            36,256 battc.sys
03/18/2017  03:56 PM            30,208 CmBatt.sys
03/18/2017  03:56 PM           405,408 mausbhost.sys
03/18/2017  03:56 PM            31,128 SDFRd.sys
03/18/2017  03:56 PM            51,104 mausbip.sys
03/18/2017  03:56 PM           353,696 pci.sys
03/18/2017  03:56 PM            35,328 TsUsbGD.sys
03/18/2017  03:56 PM            18,336 swenum.sys
03/18/2017  03:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  03:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  03:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  03:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  03:56 PM            33,280 iagpio.sys
03/18/2017  03:56 PM            81,408 iai2c.sys
03/18/2017  03:56 PM            53,664 CAD.sys
03/18/2017  03:56 PM            13,824 vmgencounter.sys
03/18/2017  03:56 PM            47,104 dmvsc.sys
03/18/2017  03:56 PM            25,088 VMBusHID.sys
03/18/2017  03:56 PM            16,896 hyperkbd.sys
03/18/2017  03:56 PM             9,216 vms3cap.sys
03/18/2017  03:56 PM            74,656 vpci.sys
03/18/2017  03:56 PM            64,512 Synth3dVsc.sys
03/18/2017  03:56 PM            40,960 RfxVmt.sys
03/18/2017  03:56 PM            10,240 vmgid.sys
03/18/2017  03:56 PM            47,520 vmstorfl.sys
03/18/2017  03:56 PM            36,768 storvsc.sys
03/18/2017  03:56 PM           107,424 vmbus.sys
03/18/2017  03:56 PM            29,600 urschipidea.sys
03/18/2017  03:56 PM            49,056 msgpiowin32.sys
03/18/2017  03:56 PM            23,552 BtaMPM.sys
03/18/2017  03:56 PM            27,136 npsvctrig.sys
03/18/2017  03:56 PM           138,656 ufxsynopsys.sys
03/18/2017  03:56 PM            21,504 genericusbfn.sys
03/18/2017  03:56 PM            28,064 urssynopsys.sys
03/18/2017  03:56 PM            98,712 UfxChipidea.sys
03/18/2017  03:56 PM            85,504 BTHUSB.SYS
03/18/2017  03:56 PM            61,440 dc1-controller.sys
03/18/2017  03:56 PM            46,592 xinputhid.sys
03/18/2017  03:56 PM            14,336 umpass.sys
03/18/2017  03:56 PM            45,568 devauthe.sys
03/18/2017  03:56 PM           180,736 hidclass.sys
03/18/2017  03:56 PM            40,960 hidusb.sys
03/18/2017  03:56 PM            40,960 hidparse.sys
03/18/2017  03:56 PM            52,224 hidi2c.sys
03/18/2017  03:56 PM            40,448 kbdhid.sys
03/18/2017  03:56 PM            64,416 kbdclass.sys
03/18/2017  03:56 PM           115,200 i8042prt.sys
03/18/2017  03:56 PM            51,104 hidinterrupt.sys
03/18/2017  03:56 PM            33,280 mouhid.sys
03/18/2017  03:56 PM            28,672 sermouse.sys
03/18/2017  03:56 PM            60,320 mouclass.sys
03/18/2017  03:56 PM            98,200 usbehci.sys
03/18/2017  03:56 PM           466,336 usbport.sys
03/18/2017  03:56 PM            30,720 usbohci.sys
03/18/2017  03:56 PM            32,160 usbd.sys
03/18/2017  03:56 PM            35,328 usbuhci.sys
03/18/2017  03:56 PM           131,488 USBSTOR.SYS
03/18/2017  03:56 PM            90,112 winusb.sys
03/18/2017  03:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  03:56 PM            94,624 sdstor.sys
03/18/2017  03:56 PM            23,040 kdnic.sys
03/18/2017  03:56 PM            35,328 vhf.sys
03/18/2017  03:56 PM            45,568 Udecx.sys
03/18/2017  03:56 PM            98,208 sdport.sys
03/18/2017  03:56 PM            54,272 filecrypt.sys
03/18/2017  03:56 PM            28,064 cmimcext.sys
03/18/2017  03:56 PM           127,392 acpiex.sys
03/18/2017  03:56 PM           213,920 Ucx01000.sys
03/18/2017  03:56 PM            63,904 fsdepends.sys
03/18/2017  03:56 PM            61,440 TsUsbFlt.sys
03/18/2017  03:56 PM            44,632 WdBoot.sys
03/18/2017  03:56 PM           294,816 WdFilter.sys
03/18/2017  03:56 PM           121,248 WdNisDrv.sys
03/18/2017  03:56 PM            31,648 winhv.sys
03/18/2017  03:56 PM           118,688 hvsocket.sys
03/18/2017  03:56 PM            32,768 usbrpm.sys
03/18/2017  03:56 PM           101,888 bowser.sys
03/18/2017  03:57 PM            42,496 modem.sys
03/18/2017  03:57 PM            51,712 tcpipreg.sys
03/18/2017  03:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  03:57 PM            19,968 irenum.sys
03/18/2017  03:57 PM            28,672 asyncmac.sys
03/18/2017  03:57 PM            23,040 usb8023.sys
03/18/2017  03:57 PM            17,920 rasacd.sys
03/18/2017  03:57 PM           150,016 rmcast.sys
03/18/2017  03:57 PM            34,816 RNDISMP.sys
03/18/2017  03:57 PM           120,320 irda.sys
03/18/2017  03:57 PM            81,920 raspppoe.sys
03/18/2017  03:57 PM            87,040 ipfltdrv.sys
03/18/2017  03:57 PM            57,760 netbios.sys
03/18/2017  03:57 PM            50,688 mmcss.sys
03/18/2017  03:57 PM               646 gmreadme.txt
03/18/2017  03:57 PM         3,440,660 gm.dls
03/18/2017  03:57 PM            36,864 filetrace.sys
03/18/2017  03:57 PM           144,384 mrxdav.sys
03/18/2017  03:57 PM            21,504 smclib.sys
03/18/2017  03:57 PM            10,240 beep.sys
03/18/2017  03:57 PM           175,520 scsiport.sys
03/18/2017  03:57 PM            75,776 stream.sys
03/18/2017  03:57 PM            88,992 EhStorClass.sys
03/18/2017  03:57 PM            37,888 USBCAMD2.sys
03/18/2017  03:57 PM            31,232 tape.sys
03/18/2017  03:57 PM            23,552 mcd.sys
03/18/2017  03:57 PM            43,520 scfilter.sys
03/18/2017  03:57 PM            49,664 videoprt.sys
03/18/2017  03:57 PM            55,808 watchdog.sys
03/18/2017  03:57 PM           152,992 pacer.sys
03/18/2017  03:57 PM           122,368 NetAdapterCx.sys
03/18/2017  03:57 PM            40,352 tdi.sys
03/18/2017  03:57 PM           367,000 msrpc.sys
03/18/2017  03:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  03:57 PM            56,224 condrv.sys
03/18/2017  03:57 PM           105,880 mountmgr.sys
03/18/2017  03:57 PM            49,568 iorate.sys
03/18/2017  03:57 PM           391,584 Classpnp.sys
03/18/2017  03:57 PM           220,672 WUDFRd.sys
03/18/2017  03:57 PM           100,864 WUDFPf.sys
03/18/2017  03:57 PM            20,384 wmilib.sys
03/18/2017  03:57 PM            33,184 WppRecorder.sys
03/18/2017  03:57 PM             7,680 null.sys
03/18/2017  03:57 PM            69,120 npfs.sys
03/18/2017  03:57 PM         1,735,584 refs.sys
03/18/2017  03:57 PM            31,744 msfs.sys
03/18/2017  03:57 PM            61,672 WdfLdr.sys
03/18/2017  03:57 PM            93,184 cdfs.sys
03/18/2017  03:57 PM           902,376 Wdf01000.sys
03/18/2017  03:57 PM           386,464 fltMgr.sys
03/18/2017  03:57 PM            33,688 fs_rec.sys
03/18/2017  03:57 PM            20,376 ntosext.sys
03/18/2017  03:57 PM            52,640 pcw.sys
03/18/2017  03:57 PM           239,616 ahcache.sys
03/18/2017  03:57 PM            35,744 Dumpata.sys
03/18/2017  03:57 PM           373,664 volmgrx.sys
03/18/2017  03:57 PM           215,456 VerifierExt.sys
03/18/2017  03:57 PM           397,216 volsnap.sys
03/18/2017  03:57 PM           936,864 refsv1.sys
03/18/2017  03:57 PM            29,600 hwpolicy.sys
03/18/2017  03:57 PM            23,552 ws2ifsl.sys
03/18/2017  03:57 PM            80,288 SpbCx.sys
03/18/2017  03:57 PM           150,528 dfsc.sys
03/18/2017  03:57 PM           282,528 rdyboost.sys
03/18/2017  03:57 PM            50,688 ndiscap.sys
03/18/2017  03:57 PM            55,296 winhvr.sys
03/18/2017  03:57 PM            35,744 wimmount.sys
03/18/2017  03:57 PM            86,432 crashdmp.sys
03/18/2017  03:57 PM           347,136 exfat.sys
03/18/2017  03:57 PM            77,216 CEA.sys
03/18/2017  03:57 PM           324,096 udfs.sys
03/18/2017  03:57 PM            72,192 wcnfs.sys
03/18/2017  03:57 PM           164,768 wfplwfs.sys
03/18/2017  03:57 PM            86,432 fileinfo.sys
03/18/2017  03:57 PM           208,288 wof.sys
03/18/2017  03:57 PM           128,512 NdisImPlatform.sys
03/18/2017  03:57 PM            49,664 qwavedrv.sys
03/18/2017  03:57 PM           467,352 mrxsmb.sys
03/18/2017  03:57 PM           169,888 msgpioclx.sys
03/18/2017  03:57 PM           123,808 mup.sys
03/18/2017  03:57 PM            75,680 SerCx.sys
03/18/2017  03:57 PM            14,336 registry.sys
03/18/2017  03:57 PM           434,080 rdbss.sys
03/18/2017  03:57 PM            74,648 hvservice.sys
03/18/2017  03:57 PM           154,016 SerCx2.sys
03/18/2017  03:57 PM            15,360 Dmpusbstor.sys
03/18/2017  03:57 PM             8,704 mshidkmdf.sys
03/18/2017  03:57 PM            12,288 mshidumdf.sys
03/18/2017  03:57 PM            39,840 cnghwassist.sys
03/18/2017  03:57 PM            46,488 werkernel.sys
03/18/2017  03:57 PM            83,456 mslldp.sys
03/18/2017  03:57 PM            28,064 tbs.sys
03/18/2017  03:58 PM           741,376 PEAuth.sys
03/18/2017  03:58 PM            12,288 cldflt.sys
03/18/2017  03:58 PM           217,088 winnat.sys
03/18/2017  03:58 PM            66,560 lltdio.sys
03/18/2017  03:58 PM            82,432 rspndr.sys
03/18/2017  03:58 PM           877,472 ClipSp.sys
03/18/2017  03:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  03:58 PM            17,920 applockerfltr.sys
03/18/2017  03:58 PM            76,800 mpsdrv.sys
03/18/2017  03:58 PM           263,584 ufx01000.sys
03/18/2017  03:58 PM            59,288 urscx01000.sys
03/18/2017  03:58 PM            32,256 dumpsdport.sys
03/18/2017  03:58 PM            36,864 IndirectKmd.sys
03/18/2017  03:58 PM           179,200 UcmTcpciCx.sys
03/18/2017  03:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  03:58 PM            10,752 mspqm.sys
03/18/2017  03:58 PM            12,800 mstee.sys
03/18/2017  03:58 PM            10,752 mspclock.sys
03/18/2017  03:58 PM            79,872 rassstp.sys
03/18/2017  03:58 PM           107,008 rasl2tp.sys
03/18/2017  03:58 PM            97,792 raspptp.sys
03/18/2017  03:58 PM           127,488 Ndu.sys
03/18/2017  03:58 PM           192,000 ndiswan.sys
03/18/2017  03:58 PM           162,304 tunnel.sys
03/18/2017  03:58 PM             8,192 gpuenergydrv.sys
03/18/2017  03:58 PM           390,144 ks.sys
03/18/2017  03:58 PM           108,544 agilevpn.sys
03/18/2017  03:58 PM            27,136 vwifibus.sys
03/18/2017  03:58 PM            77,312 vwififlt.sys
03/18/2017  03:58 PM            62,464 ndproxy.sys
03/18/2017  03:58 PM            81,408 wanarp.sys
03/18/2017  03:58 PM            27,136 ndistapi.sys
03/18/2017  03:58 PM            65,536 ndisuio.sys
03/18/2017  03:58 PM           214,528 ipnat.sys
03/18/2017  03:58 PM           170,912 ksecpkg.sys
03/18/2017  03:58 PM            79,872 storqosflt.sys
03/18/2017  03:59 PM            30,624 WpdUpFltr.sys
03/18/2017  03:59 PM            91,152 dumpfve.sys
03/18/2017  09:31 PM           183,296 rdpdr.sys
03/18/2017  09:31 PM            30,624 rdpvideominiport.sys
03/18/2017  09:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  09:31 PM            37,280 terminpt.sys
03/18/2017  09:31 PM            27,136 rdpbus.sys
04/13/2017  04:21 PM                57 370b122300910e1100.bseq
04/13/2017  04:21 PM           588,976 370b12060002340e00.sfi
04/13/2017  07:26 PM           129,032 ibtusb.sys
07/20/2017  02:54 PM           118,784 netvsc.sys
07/20/2017  02:54 PM           730,016 vhdmp.sys
07/20/2017  02:54 PM           388,000 USBXHCI.SYS
07/20/2017  02:54 PM           277,504 xboxgip.sys
07/20/2017  02:54 PM           144,288 storahci.sys
07/20/2017  02:54 PM           219,040 tpm.sys
07/20/2017  02:54 PM           363,424 fastfat.sys
07/20/2017  02:54 PM           112,544 dam.sys
07/20/2017  02:54 PM           130,464 tm.sys
07/20/2017  02:54 PM            13,312 rootmdm.sys
07/20/2017  02:54 PM            27,136 ksthunk.sys
07/20/2017  02:57 PM           264,192 usbvideo.sys
07/20/2017  02:57 PM            86,528 hdaudbus.sys
07/20/2017  02:57 PM           142,752 wcifs.sys
07/20/2017  02:57 PM         1,106,848 http.sys
07/20/2017  02:57 PM           117,664 pdc.sys
07/20/2017  02:57 PM            32,768 mskssrv.sys
07/27/2017  11:08 PM            97,792 bthhfenum.sys
07/27/2017  11:20 PM           982,016 bthport.sys
07/27/2017  11:25 PM            97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
07/27/2017  11:25 PM           105,472 bthenum.sys
07/27/2017  11:25 PM           115,712 bridge.sys
07/27/2017  11:27 PM            51,712 UcmUcsi.sys
07/28/2017  12:20 AM           279,968 msiscsi.sys
07/28/2017  12:23 AM           723,360 acpi.sys
07/31/2017  08:41 PM           180,736 rfcomm.sys
07/31/2017  08:44 PM            83,968 vmbkmclr.sys
07/31/2017  09:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:36 PM           119,712 tdx.sys
07/31/2017  09:38 PM           382,368 clfs.sys
09/04/2017  11:11 PM           254,976 srvnet.sys
09/04/2017  11:23 PM           305,152 netbt.sys
09/04/2017  11:25 PM            43,520 nsiproxy.sys
09/04/2017  11:26 PM           130,560 bthpan.sys
09/04/2017  11:26 PM           107,008 hidbth.sys
09/04/2017  11:27 PM           104,960 UcmCx.sys
09/04/2017  11:28 PM            71,680 usbser.sys
09/04/2017  11:28 PM            39,424 buttonconverter.sys
09/05/2017  12:11 AM           610,720 afd.sys
09/05/2017  12:21 AM           189,344 dumpsd.sys
09/05/2017  12:24 AM           519,584 netio.sys
09/05/2017  12:25 AM           159,648 partmgr.sys
09/05/2017  12:30 AM           287,648 sdbus.sys
09/07/2017  03:43 PM            66,136 btwusb.sys
09/07/2017  03:43 PM            73,984 btwsecfl.sys
09/07/2017  03:43 PM           109,252 BCM20703A1_001.001.005.0214.0481.hex
09/18/2017  06:09 PM           554,400 USBHUB3.SYS
09/29/2017  02:20 AM           286,208 mrxsmb10.sys
09/29/2017  02:21 AM           722,944 srv2.sys
09/29/2017  02:21 AM           414,208 srv.sys
09/29/2017  02:29 AM           550,400 nwifi.sys
09/29/2017  02:32 AM            35,840 BasicRender.sys
09/30/2017  12:36 AM         2,672,024 tcpip.sys
09/30/2017  12:40 AM           173,976 usbccgp.sys
09/30/2017  12:40 AM           184,728 appid.sys
09/30/2017  12:41 AM           228,248 mrxsmb20.sys
09/30/2017  12:45 AM           511,896 usbhub.sys
09/30/2017  12:49 AM           135,576 ksecdd.sys
10/15/2017  09:57 AM           409,496 dxgmms1.sys
10/15/2017  09:57 AM           712,600 dxgmms2.sys
11/01/2017  11:19 PM           124,928 luafv.sys
11/01/2017  11:35 PM            25,600 Dumpstorport.sys
11/02/2017  12:12 AM            38,808 Diskdump.sys
11/02/2017  12:12 AM           714,648 fvevol.sys
11/02/2017  12:13 AM           546,712 storport.sys
11/02/2017  12:13 AM            95,640 stornvme.sys
11/02/2017  12:13 AM         2,443,672 dxgkrnl.sys
11/02/2017  12:15 AM         1,239,448 ndis.sys
11/02/2017  12:16 AM         2,327,448 ntfs.sys
11/02/2017  03:53 AM           491,088 IntcDAud.sys
11/14/2017  05:48 PM            50,808 nvvad64v.sys
11/14/2017  05:48 PM           225,208 nvhda64v.sys
11/14/2017  05:48 PM            57,976 nvvhci.sys
11/17/2017  03:56 AM           757,248 WdiWiFi.sys
11/17/2017  04:39 AM           643,200 cng.sys
11/29/2017  09:11 AM            77,432 mbae64.sys
11/29/2017  09:44 PM            42,496 vwifimp.sys
12/17/2017  11:03 PM           166,624 avgbdiska.sys
12/17/2017  11:03 PM           314,640 avgbidsdrivera.sys
12/17/2017  11:03 PM           192,584 avgbidsha.sys
12/17/2017  11:03 PM           336,896 avgbloga.sys
12/17/2017  11:03 PM            51,336 avgbuniva.sys
12/17/2017  11:03 PM         1,018,648 avgSnx.sys
12/17/2017  11:03 PM           102,792 avgRdr2.sys
12/17/2017  11:03 PM           176,000 avgArPot.sys
12/17/2017  11:03 PM            39,424 avgHwid.sys
12/17/2017  11:03 PM           140,704 avgMonFlt.sys
12/17/2017  11:03 PM            76,832 avgRvrt.sys
12/17/2017  11:03 PM           447,800 avgSP.sys.151356979573402
12/17/2017  11:03 PM           356,880 avgVmm.sys
12/17/2017  11:03 PM           196,392 avgStm.sys
12/17/2017  11:03 PM           447,800 avgSP.sys
12/18/2017  05:08 PM           115,536 dumhkoru.sys
12/18/2017  05:29 PM            55,232 hitmanpro37.sys
12/19/2017  05:21 PM            81,696 msidntfs.sys
             433 File(s)    110,403,888 bytes
               0 Dir(s)  83,926,822,912 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:02:09 ====


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 19 December 2017 - 09:24 PM

Good. For the next step, you'll need to download FRST and the fixlist.txt on a clean computer and move them on your USB Flash Drive. You cannot insert the USB in the infected computer if Windows is running. The computer needs to be shut down, or you need to be in the RE. Otherwise, the infection will mess with the files on your USB and you'll have to download them again.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 bsgguy

bsgguy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 19 December 2017 - 10:28 PM

Sweet! The process does not show up anymore on the task manager. Here is my fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by SYSTEM (19-12-2017 22:25:37) Run:2
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\ozpgkm
 
C:\Program Files (x86)\Xjz3ufiUVNFb Updater
C:\Users\Balihaar Gill\AppData\Local\igfxmtc
C:\Users\Balihaar Gill\AppData\Local\wmihstn
C:\Users\Balihaar Gill\AppData\Local\wmikhrz
C:\WINDOWS\system32\Drivers\dum*.sys
*****************
 
"HKLM\SYSTEM\ControlSet001\Services\ozpgkm" => removed successfully
C:\Program Files (x86)\Xjz3ufiUVNFb Updater => moved successfully
"C:\Users\Balihaar Gill\AppData\Local\igfxmtc" => not found.
C:\Users\Balihaar Gill\AppData\Local\wmihstn => moved successfully
C:\Users\Balihaar Gill\AppData\Local\wmikhrz => moved successfully
 
=========== "C:\WINDOWS\system32\Drivers\dum*.sys" ==========
 
C:\WINDOWS\system32\Drivers\Dumpata.sys => moved successfully
C:\WINDOWS\system32\Drivers\dumpfve.sys => moved successfully
C:\WINDOWS\system32\Drivers\dumpsd.sys => moved successfully
C:\WINDOWS\system32\Drivers\dumpsdport.sys => moved successfully
C:\WINDOWS\system32\Drivers\Dumpstorport.sys => moved successfully
C:\WINDOWS\system32\Drivers\dumruxbe.sys => moved successfully
 
========= End -> "C:\WINDOWS\system32\Drivers\dum*.sys" ========
 
 
==== End of Fixlog 22:25:57 ====


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 December 2017 - 07:40 AM

Awesome :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 23 December 2017 - 09:39 AM

Hi bsgguy,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 26 December 2017 - 11:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users